44 comments

[ 0.32 ms ] story [ 108 ms ] thread
Does anyone else notice this cycle? Write articles about a privacy problem, putting pressure on Google to resolve it, then once they do as was asked, then complain about the edge cases broken by that very privacy improvement.

It feels like playing both sides of an issue to generate twice the traffic.

It seems like Google deliberately misses the point in all privacy related changes. It's not in their interest to do it properly after all. It seems like the standard pattern for Android. Privacy, well the sorry state of, is why I switched to Apple 2 years ago.

There's some pressure to resolve privacy issues so Google changes (breaks) something minor. Something that in no way impacts the top 10 of privacy and tracking issues, so they can carry on selling ads and using data unaffected.

> It seems like Google deliberately misses the point in all privacy related changes

Harsh considering the fact that Google has been dedicating resources to privacy and took important steps to that affect with Android O [0] and Android P [1] and now with Android Q.

They hosted a invite-only-industry-experts conference to understand the implications of wide-spread security and privacy issues with Android [2][3].

[0] https://android-developers.googleblog.com/2017/12/double-stu...

[1] https://android-developers.googleblog.com/2018/12/android-pi...

[2] https://www.blog.google/technology/safety-security/project-s...

[3] https://security.googleblog.com/2018/12/aspire-to-keep-prote...

Privacy against everyone except Google: https://www.cnet.com/news/new-study-finds-google-android-is-...

You would think with all those privacy resources, Google would be able to stop itself from spying. Perhaps a few more conferences will help?

Considering that the accuracy of the study it describes is disputed, that doesn't seem like a good link to back up your point?
1.) Disputed by Google as 'misleading'.

2.) Try this link then: https://apnews.com/828aefab64d4411bac257a07c1af0ecb (note that these studies don't cover the UI dark patterns encouraging you to give up your privacy 'willingly')

3.) Are we really going to pretend Google's spying is such a fringe idea that it needs a citation to be believed, and not their main business model?

The problem with this sort of argument is that I struggle to understand how people are actually harmed. It seems like people assume that Google is harming people, somehow, but it's not spelled out.

(It seems like collecting information, alone, shouldn't count as harm? It needs to be used for some bad purpose or disclosed to harm anyone.)

So now the goal has moved from proving Google is spying, to showing how that spying is harmful? But okay, lets go with it.

First of all, the information is disclosed immediately - to Google. Then it's just a matter of how much more disclosed is gets.

Surveillance has been shown to chill expression (https://www.cjfe.org/how_mass_surveillance_harms_societies_a..., https://www.eff.org/deeplinks/2016/05/when-surveillance-chil...), and even just metadata can be used to easily find whistleblowers (https://www.abc.net.au/triplej/programs/hack/how-team-of-pre...).

Will Google now or in the future offer services to help "secure corporate IP" by finding whistleblowers? Is it wise to assume they won't? Keep in mind all the information they gather now will be kept for when they want to misuse it later. What if they get served with a warrant for that information? Such as by a government agency that's helping to quash unions (https://www.bbc.com/news/uk-43507728)? How certain are you that there's no company that, now or in the future, will offer services to employers to help identify employees with corporate-unfriendly political beliefs?

Then there is the simple fact that information is power, and used to amass even more power, such as when Facebook used data gathered by Onavo to decide which apps to acquire (https://www.fool.com/investing/2018/12/05/facebooks-onavo-sp...). So spying directly helps corporate giants maintain their monopolies.

And all of that harm is without an authoritarian government in place. What about countries that aren't so lucky as to have a mostly freedom-respecting government? How sure are you your own country won't join them in the next ~50 years?

Surveillance is a leash and collar around your neck - just because it's long enough now, doesn't mean you should wait to get it off.

None of these links are about anything Google did. I understand how many of the things Facebook have done have harmed people, and how governments can harm people, but these things seem not to apply to Google?

I'm not into guilt by association.

> these things seem not to apply to Google?

So first show that Google spies, then show that spying is harmful, then show that Google's spying has done specific harms? You sure have high standards.

Now could you explain how the risks and dangers of surveillance don't apply to the surveillance done by Google? Are they somehow immune to government warrants? Are you privy to all of their business decisions, to know that they never abused their vast access to data to enrich themselves at the expense of others? Should we keep handing over all our data to them, and just hope that they'll stay benevolent indefinitely?

It looks to me like you don't want to understand.

Of course I can't prove that Google hasn't done anything wrong. I don't believe that. Google is criticized all the time for various things they did. Sometimes they change what they do in response to criticism.

They also have a lot of power that could be abused. I like to make a distinction between potential and actual harm, though. Almost everything you do in civilization involves trusting other people to do things for you. Including keeping secrets. Sometimes that trust is broken, but a trustless society isn't possible.

what about the UI patterns? any word in defense...

counselor...

I have noticed the annoying(to say the least) habit of everytime I click on a video on youtube on Android...the fucking youtube native app pop-up a fuck window to ask If I dont fucking prefer to watch the video on the native app...

so...´do no evil` , righ,

wery well...

Lol!

want more? they ask your phone number right now, and they write in size 0.2 font hidden down there , your freewill option to Fucking ´skip` giving them your personal phone number...

the acropole is yours, Counselor

in my opinion...

Your Honor

thanks...

Snark and swearing aside, this is at least criticism of a couple of specific things that Google software does.

I'm often annoyed by this stuff, but on the other hand if you gave in, I doubt anything particularly bad would happen?

(comment deleted)
Doesn’t it seem strange that they needed to hire “industry experts” 10 years into Android’s existence instead of thinking in these terms from day one?
Not to defend a giant corporate entity, but can you think of any major operating system that prevents its users from giving away their information to programs they voluntarily install?

Google's goal isn't to prevent themselves from getting your info, but to prevent random 3rd parties from tricking you out of it. That would seem like a high bar to set a decade ago.

Not really.

It seems to me Google releases features without privacy protections, which leads to som legitimate use, but also a lot of privacy abuse. People point out the privacy abuse, and they clamp down on those features. Obviously when they do so they are unable to cover all legitimate use cases immediately, so it’s useful to point out the edge cases they missed so they can work on supporting those edge cases going forward.

This is throwing the baby with the bathtub, completely ridiculous.

They could remove internet permission from all applications except Google's own Chrome, with that reasoning.

Instead of removing clipboard permissions from all applications, make it a clear option so that the user can give it when needed or only to a specific application, for instance the essential clipboard manager -- that Android incomprehensibly doesn't have and never has, as part of its core. So far only third-party applications have provided this needed feature.

Bundling clipboard with Google's keyboard ( or others like Swiftkey ) that come loaded with unnecessary permissions ( like internet -- I personally never use a keyboard with that permission ! ) and analytics packages is certainly not improving privacy at all.

I'd bet that less than 0.1% of users use a custom clipboard. Android's primary focus should be to make the OS secure for the nontechnical majority. These are people who don't understand permissions, and will click on app installer popups. IMHO this is a welcome move.

An alternative would have been to deny all network access to clipboard apps - thereby ensuring that they are not able to steal any data.

According to numbers of downloads of clipboard managers, it's probably much higher than that. But the reasoning doesn't stand. Like I said, they could remove all phony Chrome clones with massive analytics and calls home, of which there are dozens, with read and write storage permissions, internet permission, etc, the list goes on and on. And say only Chrome is allowed, or vetted browsers from known vendors, like Mozilla or Microsoft, they certainly should, but they don't do it.

Yet they pick on an essential feature for anyone using copy and paste hundreds of times a day.

There is much more danger in rogue browsers, by far, than in a clipboard manager.

The solution is absolutely obvious. It isn't what they decided. It is just the first beta, but we'll see.

It'd be ridiculous to need to have a text file always open in another application with constantly used bits of text, code, or info, and switch back and forth as needed multiplying a simple workflow by who knows how much in operations and time.

I'm sorry, but I think even saying 0.1% of users use a clipboard manager is way overestimating it.

The top clipboard manager apps have like 500k installs. Android had 2.7 billion users in 2017. If we assume that the Android install base hasn't grown and that the total base of clipboard managers is 10x larger, we still only get to 0.18% of users...

Clipper [1] alone has over a million installations. Others as you say have 500k, it all amounts to millions of users of clipboard managers specifically labelled as such. Add other applications which couldn't work without a clipboard monitoring feature ( KDE Connect has been mentioned already, translation applications, text and code editors, the list goes on... ) and you jump to tens of millions if not hundreds of millions.

[1] https://play.google.com/store/apps/details?id=org.rojekti.cl...

I've no idea how many people use them, but I do and it's easy to get used to.

What I use is an app called KDE Connect, which provides a shared clipboard with my desktop computer if the phone is on the same WLAN. It's neat. Really neat. And of course it needs network access.

How many actual people (as in persons) are those 0.1% when it comes to Android? People here always operate with percentages like they're worth anything as absolute numbers.
In which Android version Internet needs permission? Mine (7.1.1) does not have such a setting.
Applications require permissions to run.

Many require internet permission although it makes no sense. For instance all Google keyboards have internet permission. And most others. That something that can record and transmit every single thing one types has that permission, to me, seems insane and I certainly will use only keyboards that do not have such asinine requirement.

Edit : https://fixitalready.eff.org/android/#/

Even without Internet permission there are easy ways to exfiltrate critical data.

For example, the app could just open the browser set to http://myapp.com/?secretdata=Ultramanoids_password

How are you going to stop that? Have the browser stop and ask before loading the web page?

Wouldn't that be visible?
Yes, but by then your data is already exfiltrated.

There are also a bunch of ways of doing it in non-visible ways by using API's of other apps

Looked up, thanks. Seems you can't grant or revoke that permission. I don't understand why having it at all if you cannot change it.
Well, one use it has is to know when to stay away from something that requires it despite not needing it. Do not install such application.
Amy keyboards you could recommend? Ideally available on f-droid.
"Hacker's Keyboard" on f-droid had a long and venerable history.
I need Japanese and Chinese, also handwritten for kanji, and the only one that combines both without analytics or internet permission currently is Multiling O [1] but I am hoping for an alternative, because it is only distributed through the Play Store, and I do not use Google services.

Otherwise, open source and on F-Droid there's AnySoftKeyboard [2] and even a build of Mozc [3], this last one unfortunately with internet permission.

[1] https://play.google.com/store/apps/details?id=kl.ime.oh

[2] https://f-droid.org/en/packages/com.menny.android.anysoftkey...

[3] https://f-droid.org/en/packages/org.mozc.android.inputmethod...

So don't fix actual privacy issues users complain about (i.e. Their whole business model), fix the supposed ones for tools that users enjoy and opt into so that you can feign caring about privacy.
I've never even thought about clipboard managers for Android. While I can see the lack of such tools might limit some users' productivity, I think the overal result of a change is still a positive one.

I'd much rather see background clipboard access as a separate permission classified as "dangerous", but I doubt most people won't just click allow till the prompts stop happening. Maybe things would improve if aside from a permission, a notification would appear each time an app is accessing/has recently accessed the clipboard, with the option to mute notification sounds about specific apps. That way, background clipboard access is discouraged yet still available.

There are many ways to do this. Off the top of my head right now, make it a developer option, off by default, and only accessible through the developer options menu, which also needs to be activated itself.
It’s even simpler. By default, for instance, third party keyboards don’t have network access and you have to explicitly go through settings to give it access and then you get a big scary warning.
(comment deleted)
I think there should be an option to allow background access to the clipboard. I use a translation app that listens for a copy and pops up a translation on top of what I'm currently doing. I would prefer not to have to switch apps every time to do this.
Google must be trying to make people root their phones.
You'd think so. In reality, only a vocal and miniscule minority cares about such things. The sweet discounts and price cuts sells their phones really well to the majority
This will break all those apps that let you download/repost Instagram posts.

I guess I will be abandoning the one I wrote.