How we built the new Find My Device network with user security and privacy in mind
security.googleblog.comPosted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Keeping people safe and their data secure and private is a t...
I saw this on infinity for Reddit earlier, I don’t know if there’s a workaround for this or not.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.31K Posts
- 53.4K Comments
- Modlog
You can turn off the phone???
Not completely. My understanding is that the baseband radio still always runs even when the application OS is shutdown, and it (often) has its own connections to the GPS, camera and microphone, sometimes even the filesystem (Samsung RFS). The battery not being removable makes this even more problematic IMO.
It seems like a waste of battery
Didn’t iPhone been doing it for years so you can still track your lost phone even if it’s turned off?
But this is Android, I’m sure there’ll be work around if you don’t want it. Personally I think it could be helpful.
You turn it off. It says so in the link.
Right, Google definitely a man of their words. Like they are definitely not record anything in your Incognito Chrome tabs.
You’re trying to describe an action that has started in the past and is still taking place. “Didn’t” is simple past which indicates a concluded action. The correct tense you’d want to use here is present perfect progressive --> “Hasn’t iPhone been doing it for years”.
Edit: Although, I missed the “been” in your sentence, so you just picked the wrong verb. Not too far off 👍
Anti Commercial-AI license
I have some more questions, teacher
If I lived in a country for some years/time, how do I say that?
Also, if I worked as somebody?
And in general, difference between have been and had been?
Thank you
I’ll answer this because the two previous questions depend on what you want to express. Just a note before-hand, the best site for English grammar I know is ego4u.
First the quick answer:
Longer answer:
Conceptually, there are a limited number of possible tenses. Here is a picture from ego4u
Let’s say you want to tell a story. There are the static states you can describe
So, now that we’ve expressed a state, something that is unchanging, we would like to describe changing actions are particular strips in time:
Alright, we have expressed points in time both static and changing, but what about actions that happen just before those points in time? They concluded or may be still happening. We call those “perfect” tenses.
And finally, if we look at the diagram we see one last group of progressives - perfect progressive. Remember, progressive describe something that’s still ongoing at the point in time. You may ask why they are needed when the “perfect” overlaps with the progressive - something that started before a point in time and continues to happen.
Well, that difference might be lost with time as they tend to become less and less important. A grammar purist might disagree but in colloquial English, my experience shows less and less people can tell the difference and I do have to look it up:
The difference between “perfect” and “perfect progressive” is the focus of the tense. “Perfect” makes the result important and “perfect progressive” makes the duration or fluidity / continuity of the action important. I invite you to read this page on Present Perfect Simple vs Present Perfect Progressive. It explains it quite well.
Hopefully that will help you answer your two first questions.
Anti Commercial-AI license
I love you for being so human
Just a random person on the internet asked you to explain something, and you did, you’re so cool
Thank you for the explanation, I will really remember and keep it for my whole life
❤️🩹
(No sarcasm, really, people these days are so mean and tell you to look everything up yourself, or just get angry because you ask or don’t know. Even though you could just copy and paste, this is a human interaction. Really happy to see somebody’s still alive)
Hey, I’m glad the effort was appreciated 😇 Have yourself a great day!
Thanks, this actually helpful.
Take the battery out of the phone. No battery no energy to run bluetooth
phone batteries used to be removable on the user level. hasn’t been that way in like 10 years.
Fairphone?
Anti Commercial-AI license
There still are phones that can do this, and from 2027, all phones sold in the EU must allow user-replacement of batteries.
Can someone explain where the code for this will be located (aosp, gsf)? How can I make sure that it will never ever be activated? What Graphene’s response? etc
They said they won’t support it https://discuss.grapheneos.org/d/11520-android-find-my-device-when-powered-off/2
it looks like its going to be a hardware feature. if the main CPU is off, it implies the radio circuitry and its CPU (the BBM) are still powered. give google this at least, the special new Bluetooth API will be accessible to whatever OS is alive and awake to send commands (even if I don’t trust that “off” means “off”). the fact that its using encryption (that’s too complicated to be made out of Integrated Circut logic) means its likely another software feature added to the BBM co-processor (it handles all radio tasks on the phone). this all but confirms the BBM (at least going forward) will still get power, be awake and have access to the (transmit (TX) and reseave (RX) functions of the) radios even when everything else is properly off.
EDIT: or it could be an abuse of a generic BLE beacon mechanism that’s “just there for whatever the consumer would need it for”. but if they are doing proprietary encryption like they claim, that’s not really possible without updating the BBM’s software to add another feature.
damn that really sucks… sounds like it may just be an OS/firmware change then that activates the radio controller?
either way this is is exactly why we need a new community built piece of hardware. we cannot keep being slaves to Google’s whims just to use Graphene. i know there are other OS’s but either way it’s still Big Tech dependence.
How effective do you believe that a Faraday cage would be against this mechanism?
Probably about as effective as keeping an air tag or tile tracker in one. That is, if the problem behavior isn’t correctly disabled by or even encouraged the OS.
We could wait for the implementation from the GrapheneOS team ! I’m pretty sure that they would implement it in a way that would be safe for the user.
If it’s hardware controlled, then the Graphene OS team would have to find a flaw in the hardware, or trust that when they tell the hardware to shut off, that it really does shut off, or find a way to verify that the hardware is really of. But even if they could tell the hardware to shut off, verify that it’s off, and then shut down, the hardware could turn back on after the software is off and the software would be none the wiser.
The only way 2 ways anybody can be relatively sure this feature is off are:
The alternative is getting a linux phone with hardware that doesn’t have this feature.
Anti Commercial-AI license
Fuck, okay, Linux on my phone now, because corporations just spray shit on everything
I hope linux phones will become more of a thing as they aren’t there yet IMO. But of course you can always get a second hand phone… forgot that option
Anti Commercial-AI license
I hate that they don’t support them after a while, those with a locked bootloader wont even get a chance. It makes these phones junk from all the CVEs that are being found.
Postmarket OS Here I come! Now just the problem of banking apps …
Bank on Firefox web browser on phone or computer.
Unfortunately many require 2FA with their app to log in via web browser
Doubt that. Banks officially always have a fully offline paperwork process as well. Every bank. So smartphone involvement is not mandatory, you could have a dumbphone with SMS capability for 2FA.
We are just used to and blinded by convenience in our sedentary lives.
I guess the recommendation of turning off the Bluetooth to save battery, or the sarcastic comment that usually says “bro, just turn off the phone if you care too much about the battery” are gonna be obsolete now aren’t they?
They talk as if they’re protecting our privacy when it’s really a global surveillance net. The spin doctoring is insane.
Bruh, so when android phones are turned off they’ll still waste energy locating people and sharing the location. And most phones don’t have a removable battery! Fucking nuts.
Anti Commercial-AI license
Friendly reminder that Bluetooth has a larger network stack than Wi-Fi. Much more code, much larger available attack base. There have been many numerous Bluetooth vulnerabilities that allow remote code execution or theft of files.
This is truly becoming a surveillance state, in no way that can be debated. That want to be able to access everyone’s innermost thoughts (texts, notes, recordings, calendars, contacts, photos, you get it) without any chance of someone being able to protect against it.
Reminder that Google was the 2nd or 3rd company to commit to NSA’s PRISM program of feeding American’s data for future analysis.
I really don’t disagree with you, but it’s so frustrating and tiring to try to work around all this stuff and use alternative tools that nobody else does, all while you’re viewed as a paranoid tinfoil hat wearer. Yes I know I shouldn’t care what other people think, but I also don’t want to be alone forever.
Find a good girl that doesn’t mind. Mine doesn’t care at all, she has her interests and I have mine. I’ll sit there and listen to her 5 minute lectures on makeup and perfumes, and every once in a while I’ll tell her about a vulnerability or something cool I found, and I know she’s paying as much attention as I do about makeup, but at least I can understand the basics of makeup without years of experimentation and learning.
True, it makes it harder to stay secure when people around you don’t care or don’t know how, but its still possible. Just have to set some solid boundaries sometimes.
maybe humanity shouldn’t have written so many dystopian cyberpunk books and pieces of media, gave us all the wrong ideas :|
Maybe we shouldn’t have handed our fucking lives over to corporations
Maybe they’re not ours til every single corpo is dead, and you should fight like the fucking dead to make this happen?
I dunno.
all of this
removed by mod
are you referring to the new “Privacy Sandbox” or the old “Privacy Sandbox”. because if there calling this new thing a “Privacy Sandbox” after the old one lost public attention after they kept promising it for years, I am going to laugh or maybe cry.
what they originally called “Privacy Sandbox”
it was a browser feature to remove the HTTP cookie and replace it with a cohort system. your browser would receve signals about your habbits. that you were buying domino’s pizza and announce to upcoming sites that you like pizza, but ya know… in a “safe” way.
I still see, “chrome is going to replace the cookie” and “RIP the humble cookie” every once in a while.
removed by mod
this sort of gaslighting through corruption of vernacular used to amuse me, but now I feel like the withering wojak face anymore
Straight up 1984 Newspeak, where the Ministry of Truth is really concerned with lies, the Ministry of Peace is concerned with war, the Ministry of Love is concerned with torture, and the Ministry of Plenty is concerned with starvation.
It’s honestly Doublethink.
Whenever Google gets exposed for bad practices, people ignore it. And they believe this stuff is good or don’t care.
Pixel 7 with GrapheneOS is looking like a good long term choice right now.
Graphene is built on Android. If you enable all the gsf on graphene with android 15 it can probably still run in the background while off.
kinda what @null@slrpnk.net said, we should probably wait for graphineOS’s expert opinion on the matter.
They said they won’t support it https://discuss.grapheneos.org/d/11520-android-find-my-device-when-powered-off/2
“Probably” is doing a lot of heavy lifting there.
It’s all speculation at the moment.
OP blocked for clickbait.
I think mod should step in and fix the title.
You’re right that it’s not at all what the article was saying.
I see HOW op got to that assumption.
Not a single mention in the article about whether Bluetooth is turned on or off.
Samsung has an opt in option for the Smart thing network. I guess Google will go the same route.
This is Google’s deployment of tracking apparatus, courtesy CIA. Heil America and thank the greatest country on earth! NSA programs, Patriot Act, CLOUD Act and uncountable activities were not enough. Banning Tiktok is not enough.
Google, its devices or software or anyone shilling it cannot be trusted. This is in the best interests of your privacy AND security.
I will also take a moment to remind of Google’s Project Maven, where they used smartphone metadata collected using Google Play Services and Google trackers on internet to drone bomb Muslims in Yemen. Currently, they are facilitating a genocide of Palestinians, as have they done to Middle East for decades. https://www.wired.co.uk/article/google-project-maven-drone-warfare-artificial-intelligence
The only workarounds I see is preferring devices like the ones Huawei has, with no GMS thanks to US sanctions, or buying non-Google devices you can root and flash something as clean as LineageOS (not Graphene Google OS) or AOSP based custom builds. Boutique devices like ones with /e/OS, Murena phones also seem like good foundations to start with. On existing phones, disabling Bluetooth ability for any Google packages using ADB/Shizuku in addition to blocking any Google/Alphabet related domains using HOSTS rules will be a solid strategy.
They are deeply involved with CIA/deepstate/MIC and are censoring and propagandizing their own population on behalf of the Capitalist ruling elite. Scum corporation…
Isn’t that the normal behavior? I can put my phone in my pocket and still have Bluetooth
…no? how do you use your phone if its off?
The programs keep running when the screen is off
we are talking about turning the phone off
Bluetooth doesn’t work when your phone is off
deleted by creator
That’s not possible. You would need the hardware running which would mean it isn’t off
yes, exactly, thats one of the issues here
This is going to change, ergo the news article
… you never actually turn off your phone, huh? Haha
With android 15. Pay attention! 😅
RIP battery.
Depends how it’s implemented, my bluetooth “smartwatch” runs for around 2 years on a single CR2032.
There is also Bluetooth low frequency thingy with less data transfer. I wonder what Google will do and use while being turned off.
Where is that mentioned? I can’t find that in the article
It’s mentioned in the linked article about Find My Device.
This is what it says
I don’t know that means Bluetooth will be running when the device is off. “Specialized hardware” could mean a full Bluetooth modem on backup power, but more likely it’s means there’s a low power beacon. Would be interesting if anyone does a teardown of the Pixel 8.
For non-Pixel 8 devices, definitely not. I assume “Offline” refers to the case where your device doesn’t have WiFi/LTE, but can still use Bluetooth to communicate with devices that do.
I also couldn’t find a mention, and it definitely does not make sense (and likely isn’t even possible) to run Bluetooth without Android itself running
Maybe this line is being misinterpreted?
It’s definitely possible. It may be using specific hardware to do the powered off tasks. Or it never be truly off, a small os running to managing these powered off tasks.
The second is more likely, it’s cheaper and easier. It can also be applied to older devices and requires less integrated design.
That doesn’t say that. Although the article linked from there does, for Pixels.
even with a dead battery? how? there must be something ‘turned on’ to send bluetooth signals or is this magic?
Not necessarily, there are lots of completely passive beacon technologies. I seem to remember reading a few years ago about beacons powered by Wifi signals.
Obviously you also need other phones to be able to pick up those signals so it might take until phones with Android 15 become commonplace which might take a while. But it’s definitely doable.
I suspect it still draws battery power, but extremely small amounts. Few mah left in the battery could power a BLE beacon for weeks. There would be some limit to this as draining the lithium battery too deeply will damage it.
The question is: when a phone is turned off is it really turned off? The amount of software that needs to be running to manage Bluetooth leds to to believe they simply kill all applications (including the UI) and most services and leave the kernel and a few other things running. I might be wrong, but I would like to see some clarification on that.
the new google massive surveillance apparatus is ready to be deployed
Apple already does it with their iPhone, just saying.
I know
What do you think Google Maps and GSF are
It’s been on for years now. It’s just more effective now and will continue to get more intrusive.
More like, already deployed, this is just the announcement.