Google Authenticator collects much more data than the other authenticator apps PCMag reviewed - eviltoast
  • shaserlark@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    ·
    10 hours ago

    I read their article but didn’t understand their methodology. This is pretty much in contrast to this video where a bunch of apps got audited and to everyone’s surprise Google Authenticator seemed like one of the most private alternatives.

    Really not trying to defend Google here because… they’re fucking Google, but I’m wondering why the results are so different.

    • FeelzGoodMan420
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      9 hours ago

      Same. I also checked the data usage on my phone and google authenticator has used NO mobile data since I’ve had it installed for over a year. So I’m calling bullshit on this article.

      I also do not see nearly as many permissions requested as in that screenshot. It needs photo and video permissions because you can upload qr codes and stuff. Also you can (don’t have to) link it your google account, so obviously it would have access to your google stuff.

      • shaserlark@sh.itjust.works
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        7 hours ago

        Yeah what can be done is create a clean Google account registered through an anonymous phone number and a throwaway user name & password, and best to secure it with a hardware key just to make sure no one can get into your OTPs by somehow getting access to those credentials. That should allow you to save credentials in an account at least if you make sure to not login to it on the same device as your other accounts.

        But also not blaming anyone for not trusting Google in the first place.

  • FeelzGoodMan420
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    9 hours ago

    This seems incorrect and gives absolutely no information about how they tested and exactly whuch data was sent. I’ve had Google authenticator on my phone for a long time and the logs show absolutely zero mobile data used from the app. So I’m gonna call bullshit on this article.

    I also do not see nearly as many permissions requested as in that screenshot. It needs photo and video permissions because you can upload qr codes and stuff. Also you can (don’t have to) link it your google account, so obviously it would have access to your google stuff.

    Fyi I’m not defending google. I hate them. Just trying to call out potentially misleading or wrong information.

      • butter@midwest.social
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 hours ago

        Verifiably, at that. On device only. Works without play services. Works without internet (doesn’t even request internet permissions).

        Also open source.

  • ASDraptor@lemmy.autism.place
    link
    fedilink
    English
    arrow-up
    45
    arrow-down
    1
    ·
    1 day ago

    Shocking! The authenticator from the company which hoards all the data it can get from you and then more, hoards all the data it can get from you and then more!

    Also: discover how the scientists discovered that every 60 minutes, an hour passes.

    More news at 9.