I am curious if never logging in to Google while using an Android precludes one from being susceptible to this. Generally you are unable to reach or interact with the app store without first registering a Google account on the device, and accepting various EULAs.
EDIT: Thanks to the commenters below, it appears not participating in the app store ecosystem does not safeguard someone from this. Quite concerning.
So does this mean that if you purchase an unlocked phone directly from the manufacturer rather than your service provider, you shouldn't have this problem?
Doesn't look like it, this is using the "On-Device Platform" by Digital Turbine, which is used to preload bloatware onto phones. It's pre-installed on many phones for ad money.
Based off the "SingleTap" demo video, it even works in a browser on an ad, which is a bit scary.
According to the partners list, phone/provider brands affected are: Verizon, At&T, Samsung, LG, Xiaomi, Motorola, Panasonic, Acer, T Mobile, Cricket, US Cellular, America movil, Tracfone, Telfonica and Tim Gruppo Tim.
In addition to the sibling commenter: AdMob SDK had support for ultrasonic data exchange for a while now, and it's heavily used in Europe while TV ads are running.
Safeguarding your phone from network communication wouldn't be enough, as you would have to prevent audio communication as well - which kinda defeats the purpose of it being a phone.
I'd recommend to use LineageOS or Graphene on any Android smartphone. Use RethinkDNS [1] as firewall and AppWarden [2] to identify spyware.
You can also double check the reports page of the exodus prvcy project [3].
Unless you have a second phone with a proper Os I wouldn’t even suggest using any unlocked phones, banking apps and other daily use apps for common people just wont work.
To TL;DR the discussion: Some Android manufacturers/carriers include a software package by a company called Digital Turbine, which allows automatic installation of apps through a single click on an ad. It’s not a feature of Android itself (I initially thought it was an add-on to instant apps).
It‘s not like I needed another reason to hate the common Android ecosystem, but here we go. I maintain that there’s no way you can legitimately trust your phone manufacturer’s software. The incentives are just too misaligned. You have to use a third-party ROM like LineageOS (which has its own issues).
Most hardware manufacturers can not be trusted with software at fucking all. Apple seems to be the only exception.
Hardware and software need to be distributed separately (see personal computers), which could also solve some issues with updates. Treble is a good but under-utilized step in between.
16 comments
[ 4.4 ms ] story [ 58.9 ms ] threadEDIT: Thanks to the commenters below, it appears not participating in the app store ecosystem does not safeguard someone from this. Quite concerning.
Based off the "SingleTap" demo video, it even works in a browser on an ad, which is a bit scary.
According to the partners list, phone/provider brands affected are: Verizon, At&T, Samsung, LG, Xiaomi, Motorola, Panasonic, Acer, T Mobile, Cricket, US Cellular, America movil, Tracfone, Telfonica and Tim Gruppo Tim.
Safeguarding your phone from network communication wouldn't be enough, as you would have to prevent audio communication as well - which kinda defeats the purpose of it being a phone.
I'd recommend to use LineageOS or Graphene on any Android smartphone. Use RethinkDNS [1] as firewall and AppWarden [2] to identify spyware.
You can also double check the reports page of the exodus prvcy project [3].
[1] https://rethinkdns.com/
[2] https://gitlab.com/AuroraOSS/AppWarden/-/releases
[3] https://reports.exodus-privacy.eu.org/en/
I also can't install any apps on new devices without giving Apple an email and phone number, which is its own kind of bullshit.
It‘s not like I needed another reason to hate the common Android ecosystem, but here we go. I maintain that there’s no way you can legitimately trust your phone manufacturer’s software. The incentives are just too misaligned. You have to use a third-party ROM like LineageOS (which has its own issues).
Most hardware manufacturers can not be trusted with software at fucking all. Apple seems to be the only exception.
Hardware and software need to be distributed separately (see personal computers), which could also solve some issues with updates. Treble is a good but under-utilized step in between.
Nah.