Now at @[email protected]Apr 20, 2023

So Google is now preventing people from removing location data from photos taken with Pixel phones.

Remember when Google's corporate motto was "don't be evil?"

Obviously, accurate location data on photos is more useful to a data mining operation like Google.

From Google: "Important: You can only update or remove estimated locations. If the location of a photo or video was automatically added by your camera, you can't edit or remove the location."

It's enshitification in action.

Source: https://support.google.com/photos/answer/6153599?hl=en&sjid=8103501961576262529-AP

#technology #tech @technology #business #enshitification #Android #Google @pluralistic #infosec

Show threadRassilonian LegateApr 20, 2023

@ajsadauskas

@technology @pluralistic

And with that I continue to inch closer and closer to giving up and getting a linux phone...

Show threadNow at @[email protected]Apr 20, 2023

@RassilonianLegate @technology @pluralistic I have to say, Plasma Mobile is certainly looking increasingly tempting...

https://plasma-mobile.org/

#KDE #PlasmaMobile #Linux #Android

Plasma Mobile

Privacy-respecting, open source and secure phone ecosystem

Plasma Mobile
Show threadRassilonian LegateApr 20, 2023

@ajsadauskas @technology @pluralistic

My plan currently is to switch to a Linux phone after my (unrootable) Samsung starts dying, but if Samsung follows suit here (as they are known to do with plenty of other things) I might just have to start looking for something a bit sooner than I expected

Show threadaardvarkApr 20, 2023
@RassilonianLegate unrootable? how?
Show threadRassilonian LegateApr 20, 2023
@aardvark
Okay I'm not sure that could be out of date, when I last checked my phone (SM-N986U1) there was no way to root it, I'm not up to checking rn but if there is I might just switch to a custom android until this phone dies (at which point I will switch to a linux phone like I planned)
Show threadaardvarkApr 21, 2023
@RassilonianLegate “No way to root it” means no vulnerabilities to exploit to gain code execution. That’s what I’m curious about. It’s Turing complete, it must have defects, so the claim seems extraordinary.
Show threadAndrew Certain Apr 22, 2023

@aardvark @RassilonianLegate Having just worked on a contract to root a bunch of Android phones, I believe what it means it's that there's no way to officially unlock the bootloader. If you look on phone forums about rooting phones to install your own OS, or other high-access packages, that's always what they mean - they aren't finding exploits.

Many phone/carrier combinations offer official ways to do so, many do not. Lots of Samsung phones in particular do not offer a way to unlock the bootloader.

Show threadaardvarkApr 22, 2023
@tacertain @RassilonianLegate I see. So, to translate, some phone vendors don’t offer root kits for some phones. Pwning those phones is left as an exercise for the reader (or NSO and its ilk) (or you).
Show threadAndrew Certain Apr 22, 2023

@aardvark @RassilonianLegate In a word, yes.

In a few more words, unlocking the bootloader is built into Android and is enabled by phone/carrier combinations. Once unlocked in this manner, the phone displays a warning on power up that it has been unlocked. If you can find an exploit, all bets are off, of course. Though Samsung images are encrypted, so they do make it harder for somebody to permanently modify the phone, even if exploited.

Show threadaardvarkApr 22, 2023
@tacertain I posit that the existence of vendor-support unlocking of boot loaders leads to a false sense of security. Secure devices without vendor backdoors get pwned because they have vulnerabilities (because they're complex and made by flawed humans) and motivated threat actors are
motivated.
Show threadDianne HackbornApr 24, 2023

@aardvark This isn't an exploit. The user of the phone needs to enable this capability and confirm their identity when doing so -- https://www.lifewire.com/how-to-unlock-bootloader-android-phone-4689186 -- then when you do the unlock to flash a new image the entire device will be wiped as part of that process.

If there was no way to do this, nobody could do Android OS development without buying special development devices. And again this is NOT AN EXPLOIT OR BACKDOOR in any definition of those words.

Easily Unlock Your Android Bootloader With Fastboot

Unlocking Android's bootloader is the first step towards rooting your device. One tool, Fastboot, makes the process simple and straightforward.

Lifewire
Show threadaardvarkApr 24, 2023
@hackbod I didn't claim that the vendor-supplied feature is an exploit, or even a vulnerability.
I posited that by offering unlock, it may leave a wrong impression with the public that, as the OP suggested (and bears witness to), their devices are "unrootable".
Locked or unlocked, if they have software defects (and they do; all complex software products do), and those add up to enough vulnerabilities, sufficiently committed researchers can (and do) create exploit chains to fully pwn those "unrootable" devices.
Show threadDianne HackbornApr 24, 2023

@aardvark I don't think this matches what people associate with "unrootable", either, which would be that if someone else gets ahold of their phone they can get access to the data on it.

And like nobody should be claiming anything is unrootable because, as you say, there are always going to be defects.

Are you saying this particular functionality adds a significant number of new defects due to its existence? Because I don't think we have yet had an exploit related to it.

Show threadaardvarkApr 24, 2023

@hackbod no, I'm not saying anything about the "unlock" technical implementation.

Rather, it's the existence of the feature that led at least one poster to misapprehend the security of their device.

They claimed that, because it's a certain make and doesn't offer unlocking, it's unrootable.

My supposition is that Android's feature may allow for misunderstanding of its security. An attribution of security characteristics not actually imbued by the feature (or lack thereof).

Show threadaardvark
@hackbod since we're on the topic, I haven't heard back from a friend about this, so I'm curious what you might think about the post that started this thread
https://aus.social/@ajsadauskas/110231285083374549
AJ Sadauskas (@[email protected])

Attached: 1 image So Google is now preventing people from removing location data from photos taken with Pixel phones. Remember when Google's corporate motto was "don't be evil?" Obviously, accurate location data on photos is more useful to a data mining operation like Google. From Google: "Important: You can only update or remove estimated locations. If the location of a photo or video was automatically added by your camera, you can't edit or remove the location." It's enshitification in action. Source: https://support.google.com/photos/answer/6153599?hl=en&sjid=8103501961576262529-AP #technology #tech @[email protected] #business #enshitification #Android #Google @[email protected] #infosec

Aus.Social
Apr 24, 2023 at 11:44pmWeb
Show threadDianne HackbornApr 24, 2023

@aardvark I don't work on Photos, so really can't comment on it. (Nor is this something I would ever consider saying anything specific about due to the sensitivity.)

I very much doubt there is anything ulterior going on. Pretty much all of the changes I am aware of around location are tightening it down.

There tend to be these extremes of "everything Apple does is users over Apple" and "everything Google does is Google over users" when truth on both sides is more in the middle.

Show threadaardvarkApr 25, 2023
@hackbod fair enough. I see nothing that provides a basis for assuming anything about intent, one way or the other. However, it’s clear (to me, at least) that this posture/policy/misfeature undermines privacy and likely will lead to harm. I sure hope Google either explains or simply changes the policy.