your auntifa liza 🇵🇷 🦛 🦦1d ago

RE: https://mastodon.social/@Sarahp/116257026173745763

GOOGLE STALKING YOU WITH YOUR BIOMETRICS IS THE SCAM

giving up my biometric "data" as the price of sideloading, makes android ransomware at best. at its worst, it’s a new form of indentured servitude for the privilege of using an android phone controlled by Google.

YOUR BIOMETRICS MAKE YOU A HOSTAGE OF THE COMPANY DEMANDING THEM

do you see now why the USMIL’s Total Information Awareness project doesn't exist anymore? instead we got corporate “social media” doing the dirty work.

Show threadCan Acar1d ago

@blogdiva biometric enrollment and authentication happens in the device. The biometric information never leaves the device [*]. As far as I can tell, this proposal does not change this behavior.

They ask for biometric auth to make sure the user enabling the feature is the person who enrolled their biometrics earlier, and is present physically, and not someone who managed to steal/guess your password or pin.

The delay is to reduce the possibility of a malicious app or site tricking the user into authenticating themselves one time and immediately installing a malicious app or something.

This does not mean I fully agree with what they are doing, but I am pretty sure they are not doing this to collect biometrics [**].

[*] This is a bar/promise set by iPhone when they first introduced biometric authentication years ago. A lot of effort goes into making sure biometric auth happens confidentially on the device. There are many other biometric authentication systems out there where the matching happens in the cloud. Phones do it all on device.

[**] They can collect biometrics from Google photos if they wanted to, like Facebook/Meta has apparently been doing for years on Facebook photos.

Show threadyour auntifa liza 🇵🇷 🦛 🦦1d ago

you really believe they have no access to that info whatsoever? the whole OS as it was designed to interact with GApps ―particularly, the calendar and contacts― is stalkerware.

there is no reason at all to use biometrics on a device, none whatsoever UNLESS YOU WANT TO CIRCUMVENT CONSTITUTIONAL LAW & THE NEED TO USE WARRANTS FOR SURVEILLANCE.

you need to stop mansplaining Google tech as if it were not tethered to the reality of laws, regulations and political economy.

@canacar

Show threadCan Acar

@blogdiva yes, it is literally my job to make sure.

Google components like KeyMint interface with biometrics components from device and SoC vendors, but the OS, including the kernel is not involved in biometrics process at all. It cannot interfere with what sensors capture or how matching is done. It cannot read the biometric templates stored on the device either.

Individual device manufacturers may end up building less secure solutions, but the whole design assumes Google components do not have access to biometrics. Just the matching results.

Mar 19 at 7:38pmWeb
Show threadCan Acar1d ago

@blogdiva otherwise, I agree that biometrics have drawbacks. For instance, users can be made to unlock their devices through biometrics, but usually cannot be made to disclose passwords they know (in theory). This is a different, but valid threat model. Not the one they seem to be worried about.

I think it should still be fine to disable biometric auth once you enable side loading though. It may also be possible to enroll other parts of your (or others') bodies during the process to make it more fun.

Show threadyour auntifa liza 🇵🇷 🦛 🦦1d ago

biometrics aren't covered under privacy laws, so why would use them?

the phone doesn’t even work as a personal identity server since the user doesn get to control the phone fully. without root access, it’s just a node in a meshed cloud.

so what is the point of the biometrics if not to collect them?

i walked away from a job at one company exactly because this was the “secret” selling point execs were admitting to behind cloded doors.

your job is to make it look legal.

@canacar

Show threadCan Acar1d ago

@blogdiva It is for detecting physical presence. Biometrics tell the phone you are present and unlocking the device and not someone else who shoulder surfed your PIN.

This can be a bug or a feature depending on one's threat model. My daughter can unlock my phone while I am sleeping to play games, or LE can point it to my face to get into it (this is also why lockdown mode was invented).

It still helps a significant percentage of users, who would otherwise use 1234 for their pins, to be more secure.

Show threadCan Acar1d ago

@blogdiva I also would walk away if I feel I am being used to launder secret deals. Did not have to, so far.

If it turned out that biometrics data was leaking from one of our SoCs (to the OS or cloud), that would be a high severity security issue that we would scramble to fix.

There is still the caveat that we only build chips and not end devices, so you also need to worry about the device manufacturers' secret deals, I suppose.