Be sure to give it a one-star review.
So far, Magisk and Play Integrity Fix have been sufficient for apps that don't like it.
Zak
joined 2 years ago
Messaging, web browser, podcasts, navigation, a couple services that require a phone to access. I tend to not install apps that could be websites.
Hardware drivers are surely dated. Android, on the other hand is 15, and I assume getting updated to 16 soon. I think I'm pretty good with regard to the sort of zero-click exploits I've heard of used for targeted attacks. If somebody slipped a trojan into a software update, I could have a problem, especially if it was a privileged app like AccA or Adaway. Of course, updated drivers wouldn't protect me from that.
The entire smartphone industry.
I use five year old smartphone (Pixel 4a). I can afford a new one, but I don't need a new one, and it would be worse in ways I care about (bigger, probably without a headphone jack), without being better in any way that really matters to me, so I don't want a new one.
Official software updates ended a couple years ago, but I'm running LineageOS and I got an update this week. Google has intentionally made it hard for most people to use LineageOS or any other Android distribution not blessed by Google as their primary phone by allowing app developers to check whether it's Google-approved. For now, I can usually work around that, but it would be too big a hurdle for most people.
The kernel is getting pretty old though; it's 4.14 when I'm up to 6.17 on my laptop. This is because SOC vendors don't release open source drivers, nor maintain the proprietary ones for very long.
Finally, there's the battery. Mine is in great shape because I use AccA to limit charge to 60% most of the time, but charging to 100% as most people do would have greatly reduced its capacity by this point. Replacing it requires melting glue and some risk of damage. Most phones are like that now (though that's changing due to EU regulation).
I’m scared.
Of what? This is not a rhetorical question. Security starts with threat modeling, and your threat model dictates the precautions you need to take.
If you're most people, your main privacy threat is advertisers and data brokers. Other comments have detailed how they collect data, and it's usually "voluntary". Defenses against this include a browser with good adblocking like Firefox with uBlock Origin, using websites instead of native apps as much as practical, using DNS-based adblocking, limiting or eliminating use of corporate social media, turning off voice-activated assistants, and preferring open source when practical.
It is not likely that advertising companies are activating the microphone or camera on your phone without your knowledge. The legal penalties for doing something like that in most countries would be ruinous for even the largest corporations, and the motivation for security researchers to check for things like that is substantial. If it did happen, the impact on your life would likely be a small payment from the resulting class-action lawsuit several years later.
If you live under a repressive regime that is known to routinely install spyware on phones, you may have different concerns. If an intelligence agency, large criminal organization, or multinational corporation is directly targeting you and willing to spend more money than most people have surveilling you, they'll probably succeed even if you throw your phone in the ocean.
In any case, modern Android phones and modern iPhones do display an indicator when an app (or the system) is accessing your microphone. I do not know if this can be disabled.
It can't, for certain values of can't.
On Google certified Android, the feature is required; apps cannot disable it, and there isn't a UI toggle for it. A phone manufacturer who added a way to disable it would be breaking its contract with Google and could owe money or lose the ability to ship Google certified Android. As for Google's own devices, "just trust us". If you have a normal threat model, that's probably good enough.
If someone very sophisticated and resourceful is targeting you directly, that may not be good enough. It can be disabled with ADB, and it's possible to run ADB commands on-device. It would be hard to make that happen without physical access to your unlocked phone, but if your adversary is sophisticated enough and the stakes are high enough, it would be unwise to rule it out.
Sony once sold a video camera that could sort of do that under specific circumstances.
Cameras usually have a filter to block infrared light, but that camera offered the ability to toggle the filter to improve the camera's performance in low light. Hobbyists also sometimes modify cameras to remove their infrared filters for artistic effect or to photograph animals at night without disturbing them with visible light. Some clothing is not fully opaque to infrared light, so an IR camera can sometimes capture some detail of what's underneath. Adding a filter that reduces visible light and passes IR might increase the effect.
It's fair to be concerned. I have known the author online for several years, and he has reputation to lose if he publishes malware. Of course, you have no reason to trust me either.
It's a recent fork and rebrand of Unexpected Keyboard.
That's a good way to think about it because that's what it does. More people see posts and comments that have more points.
The reason cast iron is useful for searing a big cut of meat is that it has a reasonably high specific heat capacity (less than aluminum, more than copper, similar to steel) combined with considerably more mass than typical cookware made of other materials. It takes longer for the meat to cool the pan, so more heat transfers into the outer surface of the meat.
Cleanup of properly seasoned cast iron should be about as easy as non-stick pans because the seasoning (polymerized cooking oil) is, in fact a non-stick surface. Contrary to popular belief, it's fine to use soap on it, but aggressive abrasives can strip the seasoning. Fortunately, that's not hard to fix.
You can absolutely scrape the seasoning off a cast iron pan through aggressive use of metal utensils, but you can also re-season it by applying a little cooking oil and getting it hot for an hour or so.
For something that's sure to be enshitified, I use Perplexity regularly, especially since Paypal gave me a free year of its Pro plan. I'm finding it considerably more effective than traditional web search when I'm looking for something specific, though to be clear, I'm looking for an existing web page rather than the output of the LLM. It's also pretty good at providing the exact command line incantation for some one-off task and producing short code samples for some API I'm probably never going to use again. Sometimes I pay Anthropic for the latter.
Some other stuff:
- Cleverkeys, an open source Android keyboard with open source swipe typing (no Google library dependency).
- Rio terminal - GPU accelerated, written in Rust.
- Lemmy - you may have heard of it.
Not actually new, but more people should know:
- KDE Connect - notification sync, shared clipboard, remote control, etc... between phones and PCs. Supports Android, iOS, Linux, Windows, Mac, and more.
- Syncthing - sync the contents of a directory between multiple devices. Syncthing-fork to do it on Android.
view more: next ›
That sounds like a very negative experience, pretty much opposite to my experience with the same model.
50 USD was one of the compensation options Google offered; a battery replacement was another. The latter might have been wise if she wanted to keep using the phone.