evacideJul 9
Google continues the industry-wide trend of jamming AI down users' throats, making it difficult or impossible to opt out, and potentially endangering the privacy of communications: https://www.neowin.net/guides/google-can-now-read-your-whatsapp-messages-heres-how-to-stop-it/
Google can now read your WhatsApp messages, here's how to stop it

Google has released a feature that allows Gemini to access third-party apps, such as WhatsApp, even if you've turned off Gemini Apps Activity. Here's how to prevent that from happening.

Neowin
Show threadπŸ‘ŠπŸ‡ΊπŸ‡ΈπŸ”₯Jul 9

@evacide I've already removed Gemini via adb once. I'll do it again if it comes back after this forced opt-in.

I am not going to tell anyone that the Gemini app package is actually called com.google.android.apps.bard. I am also not advising anyone to follow these instructions:

1. Download and install ADB on your computer from the Android SDK Platform-Tools package

2. Enable Developer Options on your Android device:

3. Go to Settings > About phone > Software information

4. Tap "Build Number" seven times

5. Go to Settings > Developer options > USB debugging

6. Connect your Android device to your computer using a USB cable

7. Open Command Prompt or Terminal in the folder where ADB is installed

8. Verify the connection via command prompt or terminal by running the command: adb devices

9. Then run one of the two following commands:

adb uninstall com.google.android.apps.bard

Or

adb shell pm uninstall --user 0 com.google.android.apps.bard

10. Then verify the package has been removed by running: adb shell pm list packages | grep bard

Show threadPeter SIMONJul 9
@Avitus @evacide there is an easier option: replace your android by /eOS/ @gael
Show threadπŸ‘ŠπŸ‡ΊπŸ‡ΈπŸ”₯Jul 10
@Tradusk @evacide @gael Replacing the OS is definitely not easier.
Show threadPeter SIMONJul 10
@Avitus @evacide @gael sure, but replacing your Android phone by an /eOS/ powered phone is a piece of cake
Show threadπŸ‘ŠπŸ‡ΊπŸ‡ΈπŸ”₯Jul 12
@Tradusk @evacide @gael If you trust buying a phone with a custom OS on it, I certainly don't. I wouldn't even buy a phone with GrapheneOS already installed. There's no telling what else someone could've installed before shipping.
Show threadLazy B0y

@Avitus
If you install it yourself, did you review every line of code?

Sounds a bit sarcastic, but i think it's a real interesting question how much more security/privacy is achieved by "self installing" if you havent checked the code, and don't know if someone else has done it.

(Thanks for the uninstallation hints anyway?)

@Tradusk @evacide @gael

Jul 27 at 12:38pmMastodon for Android
Show threadπŸ‘ŠπŸ‡ΊπŸ‡ΈπŸ”₯Jul 28

@lazyb0y @Tradusk @evacide @gael I've not reviewed the code, but the simple fact that the code can be reviewed by anyone makes it more secure than most software. Security through obscurity is how you end up with Pegasus malware hacking phones via WhatsApp.

As for installing Graphene myself: I bought a brand-new Pixel sealed, in-box, directly from Google, and put Graphene on it myself using Graphene's web installer from their official website, and then verified the install's authenticity. I have controlled every step of the process, therefore I can be absolutely sure of the integrity.

By inserting a random third-party selling Pixels with Graphene pre-installed, there is no control over the integrity. You have to trust that the third-party has not done something malicious to the hardware or the software. Maybe you run the auditor that's supposed to come pre-installed with Graphene, or maybe you don't, and if you run it and it says there's a problem, then what do you do? Hopefully the third-party is reputable and not some random pop-up shop in China that is either unresponsive or disappeared completely.

Show threadLazy B0yJul 29

@Avitus
Erm i heavily disagree.

The perceived *possibility* of a code review without any real execution doesn't make anything more secure. That's magical thinking.

There could be a thousands bugs, unreviewable binary stuff etc.

To be clear, i talk about the general meaning of these phrases, I'm not criticizing Graphene in this aspect, in fact i am pretty sure at least someone does such reviews. I was just interested if there are actual records of such reviews.

@Tradusk @evacide @gael

Show threadLazy B0yJul 29

@Avitus

and by the way i totally get and agree about the self install part… when adling i didn’t consider it’s removing one hop where a middleperson could tamper with the phone, OS etc.!

@Tradusk @evacide @gael

Show threadπŸ‘ŠπŸ‡ΊπŸ‡ΈπŸ”₯Jul 29
@lazyb0y @Tradusk @evacide @gael Graphene is based on Android, so the code is being constantly reviewed. Graphene has a feedback loop with Google i.e. Google releases security updates, Graphene incorporates them, or Graphene identifies vulnerabilities, reports them to Google, they get fixed in Android proper, and then that filters down to Graphene. So there is constant code review, just no point-in-time third-party audit specifically of Graphene's code. A formal audit might be valuable for the first week after being published anyway.
Show threadLazy B0yJul 29

@Avitus
thanks, thats the direction i meant with my original question

@Tradusk @evacide @gael