I’ve been checking out the localhost tracking vulnerability and there’s something I can’t work out: it’s not even a terribly obscure or convoluted exploit, especially Yandex’s implementation that’s been chugging for more than 8 years over basic HTTP. It’s just a glaring sandboxing workaround that’s been exclusive to this OS for more than a decade.
No matter how many ways I look at it, I haven’t come up with a reasonable explanation for how it was ignored, by demonstrably capable engineers, unless Google itself had use for it in the first place. And that fits a pattern of selective competence in information security that they just can’t seem to quit.
In short it’s the data collection backdoors they leave themselves that defeat the otherwise top-tier security of their consumer offerings, and it’s why I’ll probably never trust anything they’ve touched until I’ve taken it apart and put it back together again.
So no, you probably shouldn’t use it. Trusting the privacy or security claims of any adtech company will always be a mistake.
If you ever had IG natively installed on a device, is it possible for that meta pixel script to still be used on your device?
Don’t have an IG account anymore, but makes me wonder what “services” are running in the background on my mobile.
If you uninstalled the app or disabled it, then it can’t run in the background.
makes me wonder what “services” are running in the background on my mobile.
A lot unless it’s a degoogled ROM, especially on non-Pixel phones like Samsung, they add a massive amount of background processes.
pornhub probably
and since Advanced Protection blocks unknown apps, you won’t be able to side-load
Ah, there it is. It’s a good decision while they’re being repeatedly investigated for being anti-competitive.
‘Advanced Protection also prevents you from disabling … Google Play Protect’, I feel safer already.
Google Play is the part of Android that is most threatening. On many devices, you can’t disable it without ADB trickery. And it delegates permissions to apps in total subversion of the permission system we were allegedly being kept “safe” by.
Most features here let Google scan and evaluate what you do on the web, messages, and apps.
They say it helps security, but of course it assures those features are on letting them suck in more data about the person.
A company like Google doesn’t do something out of the kindness of their hearts, they do it for profit
As every other company.
Some smaller ones can take a hit for doing good. Weird, how greedier you get the more assets you have.
It’s not weird. When a small company does something like this they lose users and it could damage them. Google doesn’t care because they know people will use them no matter what.
I meant that literally every other company is after the money, not only Google or big ones.
Depends on the form of the company. German space, we have GmbH, there’s nonprofit too. And some “normal” ones with a social vein.
But as soon as they get trade market, they get money only, usually.
If it’s made by google, I’m going to go with “probably not.”
Not if you’re a journalist investigating Sundar Pichai and his anti-competitive and monopolist behaviors
