What fresh hell is this? - eviltoast
  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    89
    ·
    edit-2
    4 months ago

    I can’t even imagine what data there is to collect for an application this simple.

    That privacy policy better be really short.

    On the bright side, a simple calculator ought to have plenty of free and open source alternatives that don’t harvest any data.

    • LemmyKnowsBest@lemmy.world
      link
      fedilink
      arrow-up
      88
      ·
      4 months ago

      Your calculator would like access to your contacts.

      Your calculator would like permission to send and receive phone calls.

      Your calculator would like permission to view and delete emails.

      Please click AGREE to proceed.

    • takeda@lemmy.world
      link
      fedilink
      arrow-up
      12
      ·
      4 months ago

      Well, everything else that’s not calculations.

      This is why everyone is trying to have their app installed, there’s a lot of information that the phone provides, and now you no longer get warned what data is available.

    • dev_null@lemmy.ml
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      4 months ago

      Same as for any app: crash reports, to fix issues.

      I was curious so I installed it (it’s the Google calculator app), and it just links to the generic Google privacy policy. There is nothing specific to the Calculator.

    • Victor@lemmy.world
      link
      fedilink
      arrow-up
      10
      ·
      4 months ago

      That privacy policy better be really short.

      Clicking through to the policy from within the app just sends you to the general policy across Google. Very long.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        If we collect data and we do vaguely here’s what we might do which might include this other stuff that we might or might not do depending on what data is being collected.

        • Victor@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          4 months ago

          That’s basically the language. It’s so vague and general/generic and it applies to all products, that it’s impossible to know what is being collected without sniffing the traffic (maybe?).

    • Sibbo@sopuli.xyz
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      4 months ago

      I believe it’s about how often the app is used. Advertisers label people with “gullible” and stuff like this, so when you use a calculator regularly, that may be a hint that you are not.

        • Sibbo@sopuli.xyz
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          True. In the end, they are gonna use some statistical methods to find what is more true. Using also all the other data they have about you.

    • j4k3@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago
      The reason the Linux kernel on Android does not have root and it is so challenging to hack the devices for the first time is because of how the user space is made.

      The entire premise of a device where the user is not required to understand graduate level computer science, networking, and operating systems, is based upon a simple principal. The mobile operating system is designed so that the app developer is essentially a user with the same privileges as the user. In practice, they are at the same access level but have far more knowledge about what that means and what they can do with it.

      The reason the root binary packages like su or sudo are not present is so that the app developer can not intentionally (or accidentally) take over the device completely. When the hardware manufacturer is done setting up the device’s OS, they log out with a script that removes all administrative access and any packages that can be used to import a new kernel binary like wget git or curl.

      The app developer is using a sandbox that is something like your user space sandbox. Within that app sandbox they have access to all kinds of stuff needed to configure almost any service, network, hardware access, or library they need in order to make their stuff work. This is what is being abused for data mining stalkerware.

      With Android, all applications are loaded into memory on boot. The excuse given is faster boot up of applications. In practice, this is a small fraction if a second difference with no bearing on your persistent mental level of comprehension. These apps are like users all traveling along with you in the background 24/7. Indeed, the integrated battery is a hacking exploit to maintain continuous operations of the stalkerware and promote users never fully power cycling their devices so that these apps remain uninterrupted.

      It is not about the calculator. It is about the stalkerware, which is ultimately ownership over a part of your digital person with the intent to manipulate, aka digital slavery. Search engines are not deterministic. There are only two relevant web crawlers and all search engines use these either directly or indirectly. This is the primary choke point where you can be easily manipulated with information, especially when combined with YouTube’s link to one of these crawlers. This is not banner ads, this is political opinions, foreign policy, and manipulation of information down to the individual scale. It is theft of autonomy. It is an attack on the third pillar of democracy - press/freedom of information. It always has been since the dawn of the free stalkerware internet.

      The fix is simple. The kernel modules and documentation for all hardware sold commercially must be open source. Anything less is ultimately theft of ownership, neo feudalism, and will lead to the end of democracy.

      THAT is the true weight of this tiny little message and annoyance. It is a much bigger issue than it first appears to be.