Google’s Messages and Dialer apps for Android devices have been collecting and sending data to Google without specific notice and consent, and without offering the opportunity to opt-out, potentially in violation of Europe’s data protection law.
According to a research paper, “What Data Do The Google Dialer and Messages Apps On Android Send to Google?” [PDF], by Trinity College Dublin computer science professor Douglas Leith, Google Messages (for text messaging) and Google Dialer (for phone calls) have been sending data about user communications to the Google Play Services Clearcut logger service and to Google’s Firebase Analytics service.
“The data sent by Google Messages includes a hash of the message text, allowing linking of sender and receiver in a message exchange,” the paper says. “The data sent by Google Dialer includes the call time and duration, again allowing linking of the two handsets engaged in a phone call. Phone numbers are also sent to Google.”
The timing and duration of other user interactions with these apps has also been transmitted to Google. And Google offers no way to opt-out of this data collection.
Apps are typically removed from the IzzyOnDroid repository if they are later added to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they’re accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates.
The settings you’ve highlighted do improve device security against common threats, such as those posed by nosy people who find the device unattended, as I’ve mentioned in the post.
The setting you’re mentioning i.e., Apple ID > Find My: Disable everything^1^ has superscript i.e., ^1^ attached to it. The superscript leads to the following note:
^1^: Some people prefer to leave “Find My iPhone” enabled as it allows them to remotely wipe the device if it gets lost. However, due to enabling the “Erase Data” setting, I don’t believe this is necessary. If it makes you feel better or if you have a specific use case for it, you can leave this feature on, but “Share My Location” should still be disabled (unless you use need to use it often) as this feature will report your location back to Apple regularly.
I’m not the writer of the article, but I think that this note makes it clear that you can configure this setting according to your threat model.
I’m not the writer of the article, but here’s an answer you can find on running a quick search.
According to this article from the Electronic Frontier Foundation (EFF):
What is 2G and why is it vulnerable?
2G is the second generation of mobile communications, created in 1991. It’s an old technology that at the time did not consider certain risk scenarios to protect its users. As years have gone, many vulnerabilities have been discovered in 2G and it’s companion SS7.
The primary problem with 2G stems from two facts. First, it uses weak encryption between the tower and device that can be cracked in real time by an attacker to intercept calls or text messages. In fact, the attacker can do this passively without ever transmitting a single packet. The second problem with 2G is that there is no authentication of the tower to the phone, which means that anyone can seamlessly impersonate a real 2G tower and your phone will never be the wiser.
Cell-site simulators sometimes work this way. They can exploit security flaws in 2G in order to intercept your communications. Even though many of the security flaws in 2G have been fixed in 4G, more advanced cell-site simulators can take advantage of remaining flaws to downgrade your connection to 2G, making your phone susceptible to the above attacks. This makes every user vulnerable—from journalists and activists to medical professionals, government officials, and law enforcement.
I’m not the writer of the article, but here’s an answer you can find on running a quick search.
According to this article from the Electronic Frontier Foundation (EFF):
What is 2G and why is it vulnerable?
2G is the second generation of mobile communications, created in 1991. It’s an old technology that at the time did not consider certain risk scenarios to protect its users. As years have gone, many vulnerabilities have been discovered in 2G and it’s companion SS7.
The primary problem with 2G stems from two facts. First, it uses weak encryption between the tower and device that can be cracked in real time by an attacker to intercept calls or text messages. In fact, the attacker can do this passively without ever transmitting a single packet. The second problem with 2G is that there is no authentication of the tower to the phone, which means that anyone can seamlessly impersonate a real 2G tower and your phone will never be the wiser.
Cell-site simulators sometimes work this way. They can exploit security flaws in 2G in order to intercept your communications. Even though many of the security flaws in 2G have been fixed in 4G, more advanced cell-site simulators can take advantage of remaining flaws to downgrade your connection to 2G, making your phone susceptible to the above attacks. This makes every user vulnerable—from journalists and activists to medical professionals, government officials, and law enforcement.
The article provides a comprehensive overview of the risks associated with targeted ads and malvertising. It offers insights into the different ways malvertising can be carried out and how it can appear on any advertisement on any website, including popular ones. It cites examples of high-profile malvertising cases involving...
Fossify Phone (Fossify is a fork of Simple Mobile Tools) is now available, adding to Fossify's existing Gallery, File Manager, and Calendar apps
cross-posted from: lemmy.world/post/11117839...
Android and iOS settings for better security and privacy (thenewoil.org)
The article lists settings to change on Android 14 and iOS 17....
In case you missed it: Fossify (A fork of Simple Mobile Tools)
cross-posted from: lemmy.world/post/10796117...
Your Tablet's Light Sensor Can Spy On You (spectrum.ieee.org)
Quote from the article:...
Mozilla's Platform Tilt: Tracking technical issues which disadvantage Firefox relative to the first-party browser within major software platforms (mozilla.github.io)
About Platform Tilt:...
Firefox 122 released: Here's what's new
cross-posted from: lemmy.world/post/11090267...
Common misconceptions about privacy and security (www.privacyguides.org)
cross-posted from: lemmy.world/post/10833312...
Companies Make it Too Easy for Thieves to Impersonate Police and Steal Our Data (www.eff.org)
Full text from the Electronic Frontier Foundation (EFF) article:...
Targeted Ads are a Cybersecurity Risk (avoidthehack.com)
The article provides a comprehensive overview of the risks associated with targeted ads and malvertising. It offers insights into the different ways malvertising can be carried out and how it can appear on any advertisement on any website, including popular ones. It cites examples of high-profile malvertising cases involving...
Fossify Contacts and Fossify SMS Messenger (Fossify is a fork of Simple Mobile Tools) are now available, joining Fossify's existing suite of Gallery, File Manager, Phone, and Calendar apps. (search.f-droid.org)
cross-posted from: lemmy.world/post/11253225...