How we built the new Find My Device network with user security and privacy in mind
security.googleblog.com
external-link
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Keeping people safe and their data secure and private is a t...

I saw this on infinity for Reddit earlier, I don’t know if there’s a workaround for this or not.

@HelloHotel@lemm.ee
link
fedilink
8
edit-2
9M

it looks like its going to be a hardware feature. if the main CPU is off, it implies the radio circuitry and its CPU (the BBM) are still powered. give google this at least, the special new Bluetooth API will be accessible to whatever OS is alive and awake to send commands (even if I don’t trust that “off” means “off”). the fact that its using encryption (that’s too complicated to be made out of Integrated Circut logic) means its likely another software feature added to the BBM co-processor (it handles all radio tasks on the phone). this all but confirms the BBM (at least going forward) will still get power, be awake and have access to the (transmit (TX) and reseave (RX) functions of the) radios even when everything else is properly off.

EDIT: or it could be an abuse of a generic BLE beacon mechanism that’s “just there for whatever the consumer would need it for”. but if they are doing proprietary encryption like they claim, that’s not really possible without updating the BBM’s software to add another feature.

removed by mod

@trippingonthewire@lemmy.ml
creator
link
fedilink
3
edit-2
9M

How effective do you believe that a Faraday cage would be against this mechanism?

@HelloHotel@lemm.ee
link
fedilink
1
edit-2
9M

Probably about as effective as keeping an air tag or tile tracker in one. That is, if the problem behavior isn’t correctly disabled by or even encouraged the OS.

We could wait for the implementation from the GrapheneOS team ! I’m pretty sure that they would implement it in a way that would be safe for the user.

If it’s hardware controlled, then the Graphene OS team would have to find a flaw in the hardware, or trust that when they tell the hardware to shut off, that it really does shut off, or find a way to verify that the hardware is really of. But even if they could tell the hardware to shut off, verify that it’s off, and then shut down, the hardware could turn back on after the software is off and the software would be none the wiser.

The only way 2 ways anybody can be relatively sure this feature is off are:

  • pulling the battery:
    • good luck with that with phones that don’t have removable batteries
    • hopefully there won’t be a small backup battery to power this specific circuit
  • physically disconnecting this circuit from other circuits:
    • that might mean saying goodbye to bluetooth functionality on the phone

The alternative is getting a linux phone with hardware that doesn’t have this feature.

Anti Commercial-AI license

Fuck, okay, Linux on my phone now, because corporations just spray shit on everything

I hope linux phones will become more of a thing as they aren’t there yet IMO. But of course you can always get a second hand phone… forgot that option

Anti Commercial-AI license

@HelloHotel@lemm.ee
link
fedilink
1
edit-2
9M

I hate that they don’t support them after a while, those with a locked bootloader wont even get a chance. It makes these phones junk from all the CVEs that are being found.

  • What old model would you recommend?
  • Is something like postmarketOS viable yet?
  • What phones are/will be effected?
  • Do existing phones planned for the program have the payload sitting there dormant or will the system updater (on googled android) need to download the payload?
Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.14K Posts
  • 78.7K Comments
  • Modlog