your auntifa liza 🇵🇷 🦛 🦦1d ago

RE: https://mastodon.social/@Sarahp/116257026173745763

GOOGLE STALKING YOU WITH YOUR BIOMETRICS IS THE SCAM

giving up my biometric "data" as the price of sideloading, makes android ransomware at best. at its worst, it’s a new form of indentured servitude for the privilege of using an android phone controlled by Google.

YOUR BIOMETRICS MAKE YOU A HOSTAGE OF THE COMPANY DEMANDING THEM

do you see now why the USMIL’s Total Information Awareness project doesn't exist anymore? instead we got corporate “social media” doing the dirty work.

Show threadCan Acar1d ago

@blogdiva biometric enrollment and authentication happens in the device. The biometric information never leaves the device [*]. As far as I can tell, this proposal does not change this behavior.

They ask for biometric auth to make sure the user enabling the feature is the person who enrolled their biometrics earlier, and is present physically, and not someone who managed to steal/guess your password or pin.

The delay is to reduce the possibility of a malicious app or site tricking the user into authenticating themselves one time and immediately installing a malicious app or something.

This does not mean I fully agree with what they are doing, but I am pretty sure they are not doing this to collect biometrics [**].

[*] This is a bar/promise set by iPhone when they first introduced biometric authentication years ago. A lot of effort goes into making sure biometric auth happens confidentially on the device. There are many other biometric authentication systems out there where the matching happens in the cloud. Phones do it all on device.

[**] They can collect biometrics from Google photos if they wanted to, like Facebook/Meta has apparently been doing for years on Facebook photos.

Show thread🍄slow learner, ❤️‍🔥deep feeler

@canacar
That is some cute, wide-eyed innocence. Too bad we don't live in that world.

@blogdiva

Mar 19 at 7:34pmWeb
Show threadCan Acar1d ago

@vervain too bad I know what I am talking about, as this is part of my job at Qualcomm. I am not saying Google is not trying to track you or fingerprint you or determine your identity. What I am saying is that "this particular change" is not meant for that.

There is a side effect which may lead to more side-loading people enabling biometrics on their devices. I do not think this is the motivation behind this change, and you may call me naive for that.

Here is what I think what happened:
Google had many, mostly business, reasons, to disable side loading. I do believe, however, that there were a significant number of cases where people were tricked into sideloading malware or spyware [*], and this was one of the reasons why, when they walked back, their security folks asked for these changes to reduce misuse.

@blogdiva

[*] I don't have numbers but I can try to find out.