155 comments

[ 0.25 ms ] story [ 215 ms ] thread
I don't know why the Ars Google guy is so hostile toward the company but good grief!

Every other outlet "google releasing their version of Apple's ATT"

Ars Technica guy "Google will watch you while you sleep"

Sure the criticism about Privacy Sandbox is valid.

News journalists should dog food Firefox (to encourage end users) and then avoid Chrome. (i.e) they make sure the webpages work great with Firefox. Usually everything works better with Chrome. The reason for the give would be sorry... Our livelihood depends on tracking/ads etc. Oh BTW, I (as a journalist ) am all for privacy but my corporate overlord (CondeNast incase of Ars) forces us to do this/that.

It is the same thing w.r.t. Firefox.

I've never had problems on the Ars site using Firefox.
Firstly, journalists are not for the most part going to be the people designing the webpages. They will submit copy to some kind of CMS. So if a site isn't working well on Firefox/mobile/whatever it's generally not going to be the journo who is to blame it will be their designers probably. The exception to this would be small one-person type outfits but those are mostly on substack these days rather than running their own site.

Secondly Ars Technica works completely fine for me on Firefox. I say that as someone who exclusively uses firefox and only ever breaks out chrome to debug compatibility issues and I can't recall ever having a problem with Ars Technica. Are you saying it doesn't work for you?

Yeah, ArsTechnica really has an anti-Google hardon, it's kinda a pattern where they always choose the worst possible hit piece title when it goes anything in relation to that company. When others do similar things they tend to be much more neutral.

But such is the way of modern digital media - do you think "Google creates a new Privacy Sandbox feature for Android" would bring the same type of clicks, comments and advertiser revenue than one titled "Google will spy on your in your sleep" ? :D

Anti-Google is what gets the pageviews. Ars has been sliding toward clickbait for a long time now.
But Privacy Sandbox seems legitimately bad. How is pointing that out clickbait? It's okay to criticize a technology company, even — or perhaps especially — if it is the manufacturer of a device one uses.
You're missing the forest for the trees - it's the pattern we're commenting on. ArsTechnica (with Ron Amadeo as Android author) has a consistent history of hit pieces in this area that's easy to see - even when it comes to hardware reviews theirs standout as especially negative in comparison to everyone else.

Is Privacy Sandbox really a lie and bad? Who knows, ArsTechnica will be biased against it either way so you need a better source.

(Unless of course you deeply hate Google, then they'll be writing to soothe your soul and confirm your bias. Go ahead then.)

Ron has such a weird mix of being the only guy willing to state the obvious and being completely unhinged. Like he's willing to state that curved screens and camera notches and no headphone jack are stupid, but he also consistently says whatever Pixel is newest is the best android phone ever despite usually not being more than 72 hours away from Ars Technica posting a story about whatever batshit insane hardware fault the Pixel is currently suffering from.
"Google creates a new Privacy Sandbox feature for Android" deceptively implies it improves privacy, when it does just the opposite.

Journalists should pick apart lies, not parrot them.

Can it do the thing that ATT does where I can globally or on a per app basis say do not track and have it honored under threat of getting the banhammer from the Play Store?

Because I really don’t care about advertisers having a new cool way to track me, I care that I can force them off by policy and the sandbox seems to not have that feature.

No.

> On Android, the Privacy Sandbox tracking is in addition to all the usual individual tracking methods; it's not being pitched as an alternative to anything. The Privacy Sandbox on Android is toothless, and Google has no plans to reduce tracking on Android.

Because it doesn't actually improve privacy?
I agree that Ars Technica has an anti-Google stance, but in this case, it seems to be accurate, so I'm not sure what the problem is. The "privacy sandbox" on Android is opt-in… on the part of app developers, not users. If app developers want to track users with cookies and device IDs, they can still do that. It's not anything like what iOS does, where tracking is disabled unless the user opts in.

So yes, while the Ars Technica headline may be a bit hyperbolic, I think it's far closer to the truth than a headline which claims that Privacy Sandbox is comparable to ATT.

Are you legitimately arguing in favour of corporate-sponsored fake news?
As others have stated, it's not a version of Apple's ATT. Not even close.

Personally my biggest issue with this is its naming. I think it is a borderline deceiving name given what it is actually doing.

But they chose a good marketing term so other outlets would say exactly what you think Ars should be saying, but they are not falling for it and actually reporting what it is doing.

That name will trick users into thinking that Google is actually taking privacy seriously (they are not).

What can you expect from an ad company ? Not tracking you would mean hurting their own business.
The really crazy part --- it doesn't have to be this way.

Google could easily switch to context sensitive ads but they don't because advertisers pay extra for "personalized".

Personally, I doubt anyone can really justify the added expense. The entire process is opaque to make any comparison difficult if not impossible. Just because I bought pet supplies last week, does it really make sense for pets supply ads to follow me all over the internet --- even on unrelated web sites?

It isn't so simple, because what makes google (and facebook in its own ecosystem) so valuable are all the data they gathered about you. If you make ads context-sensitive, google is not bringing anything better on the table than any startup in that domain could bring, maybe some minor cost optimization due to scale.

But they can sell customized ads stating that they will be very well targeted regardless of current content. Which seems to be what advertisers want much more, and reason why facebook never opened up their apis to google+ IIRC, your social graph and its use is basically the only worthy thing on whole facebook.

It of course brings all this tracking evil, why google stopped being morally OK company etc. But the money are there.

>because advertisers pay extra for "personalized".

>Personally, I doubt anyone can really justify the added expense.

The CPM of an ad is based off on auction. There is no extra fee for personal ads. The ad spot is just worth more and advertisers are willing to bid more money for access to the ad spot. If people can't justify the expenses the price of the ad spot will fall until people can.

Bottom line --- Google is privacy invasion by default.

I use e/OS with Brave browser --- privacy by default. Both based on Google source but cleansed and stripped of tracking.

Personalized ads are mainly an annoyance and a really dumb idea in my opinion. Context sensitive ads are much easier to implement, more privacy respecting and the only ones that are moderately useful and acceptable.

I have Brave as a secondary browser.

I run Lineage, where I have not loaded any version of Gapps.

My goto browser is Bromite (https://www.bromite.org), which I have configured default incognito and otherwise high security.

I have loaded Magisk, then the modules for MicroG:

https://www.reddit.com/r/MicroG/comments/shmpng/confirmed_sa...

Wouldn't it be great if all Android users could wake up to this tomorrow? It would be an interesting day.

I should try e/OS sometime. The guy who maintained Mandrake Linux is in charge.

I run Lineage

Even without GApps, Lineage still includes links to Google. e/OS had a list of some of these at one time. They remove these links and include MicroG in the default install.

Others may disagree but in my opinion, it is a pretty good compromise between security, privacy and usability.

I think the links are very few, the main one being captive portal detection for wifi logins.

In exchange for this, Lineage delivers the monthly security patches first, mostly guaranteed to be in place by the 15th of every month (load the first nightly published after that date, and it will be bundled).

Admittedly, e/OS is slower than that but I get updates pretty regularly (much faster than on the Samsung my SO has).
...and that captive portal link can be replaced by the user if so desired (which it is by me, I don't see why Google needs to know when I try to connect to any network):

   settings put global captive_portal_http_url http://captive.example.org/generate_204
   settings put global captive_portal_https_url https://captive.example.org/generate_204
   settings put global captive_portal_fallback_url http://another.example.org/generate_204
Or, for Android <6.0.1

   settings put global captive_portal_server captive.example.org
No Google, no cry. Of course you need to replace those domains with some of your own choice, I use my own server with a bit of nginx configuration to provide this functionality:

   server {
     listen 80;
     listen [::]:80 ipv6only=on;
   
     server_name captive.example.org;
   
     # Apple CNA
     location /hotspot-detect.html {
       return 200 '<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>';
       add_header Content-Type text/html;
     }
   
     # Apple CNA
     location /library/test/success.html {
       return 200 '<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>';
       add_header Content-Type text/html;
     }
   
     # ChromeOS, Android
     location /generate_204 {
       return 204;
     }
   
     # Windows
     location /ncsi.txt {
       return 200 'Microsoft NCSI';
     }
   
     location / {
       return 302 http://www.example.org/;
     }
   }
> Bottom line --- Google is privacy invasion by default.

Basically. This is how they make their money. So, no one should be under any illusions about the culture of Google and all of their adherents. Go wants to introduce tool-chain telemetry as a default (opt-out only).

There is an off switch.

That's all I need to know personally.

This is why the naming is so nefarious. Users aren't going to turn off what they believe is a privacy feature.
I don't really get the point of the article. You can opt out of the privacy sandbox and block interests you don't want apps to see. The biggest change seems to be that chrome cand feed data into this system through an Android API, but doesn't this already happen through telemetry, analytics scripts and fingerprinting? You can also just not use chrome.
You can only opt out, once you know that it exists. To know that it exists, you first need to come across something such as the article.
The point of the article is that Google is pitching Privacy Sandbox as the Android counterpart to Apple's App Tracking Transparency, when, in reality, it's anything but. App Tracking Transparency disables tracking unless the user opts in. Privacy Sandbox only disables tracking if the developer opts in. You can see this by reviewing the developer documentation [1] for Privacy Sandbox. It's totally optional on the part of the developer. Pitching Privacy Sandbox as an alternative to ATT deceptive marketing.

[1]: https://developer.android.com/design-for-safety/privacy-sand...

The point of the article to deciphers google's false marketing that this is a privacy improvement when it clearly isn't.
At this point, I don't think there's anything left for Google to spy on. It's like asking how wet the water is.
They've clearly learned from politicians in naming things so that the unaware and easily convinced will think it's a good thing from the name alone.
[flagged]
(comment deleted)
Ron Amadeo is so relentlessly critical of Google I've stopped reading his articles. Overall I find coverage on Ars to be pretty good but he really seems to have an axe to grind.
Yeah I’m surprised they’ve let him go so far. He’s not generally wrong but the level of bias and snark in the articles is fairly unprofessional for a site like Ars.
What? What is false in this article? Its better then believing google lies, it doesn't even replace current tracking!

> party tracking cookies in Chrome once the system rolls out. On Android, the Privacy Sandbox tracking is in addition to all the usual individual tracking methods; it's not being pitched as an alternative to anything. The Privacy Sandbox on Android is toothless, and Google has no plans to reduce tracking on Android.

Where do you see this? This claim was also made earlier in the comments on this article. But looking at Amadeo's history - at least at the headline level - I don't see it:

https://arstechnica.com/author/ronamadeo/

Go actually read the ones that pertain directly to Google and see if you still don't see it.
I've been staunchly on the Android side of the Android / iOS question, but this carry-on with refusing to block tracking like Apple has done is really making me consider switching.
Waiting for Google to protect your privacy is like waiting on a billboard company to improve the natural beauty of the roadside landscape.
I already have a second hand iphone for iMessage. Having a "sanctioned" device for baking apps and a device I control for everything else seems like the best hope for compromise these days.
No need to pay double or triple for hardware. There are lots of privacy focused alternatives that are Android based. Personally, I like e/OS:

https://e.foundation/

You can buy a ready to use phone on their web site or you can install the OS on a compatible phone of your own. I have installed this on about 10 phones (all Motorola) for friends and family. Here is an example of one that I just put together as a Christmas present.

https://www.amazon.com/Motorola-T-Mobile-Unlocked-XT2113-2-S...

As a de-Googled phone, the Google Play store doesn't work but that's no big loss because I can get any software I need from F-Droid and Aurora Store.

https://f-droid.org/en/packages/com.aurora.store/

Can any of these privacy-oriented forks support a device from within the last two years with a headphone jack?
I have the fairphone 4 with divestOS:

https://shop.fairphone.com/

https://divestos.org/pages/devices#device-fp4

Super happy with it, but yeah no headphone jack, but i have it with the usb-c convertor.

I'm not happy with that compromise. I don't want to choose between charging and audio. And the dongles that can do both are actually really bulky. And Bluetooth headphones are a scam: too small to be repaired, must worry about batteries, Bluetooth likes to be flaky in general, almost all buds have terrible frequency response curves so the audio quality is not very good.
Take a look at my Amazon link above. This is a 5G "daily driver" from 2021 with a headphone jack, 6/128 GB and a big 5000mAH battery.

It's everything that the average Joe really needs for only $99 refurbed. As I said above, I just installed e/OS on one as a Christmas present. It runs very smooth and fluid, better than stock because the background Google spyware crap is gone.

(comment deleted)
> the Google Play store doesn't work but that's no big loss

It's the loss of an entire ecosystem worth of apps.

If you want an inexpensive phone that will get five or six years of first party support with security updates after that, go with an iPhone SE.

The original $399 version got six years of OS updates and just got another security update last month. That's $67 per year that got both an OS update and security update.

It's the loss of an entire ecosystem worth of apps.

No, it's not. With very few exceptions, the Aurora store pulls apps from Google Play. About the only thing I have seen missing from Aurora store is a few super strict banking apps but you can usually just use their web site.

No paid apps though, right? That would be somewhat painful for me.
You can do paid apps. You just have to login to Aurora using a Google account instead of anonymously.

This isn't so bad if you use a privacy focused ROM and create a special, single purpose Google login that is only used for app purchases. I also suggest keeping a Google gift card for the occasional purchase.

Privacy invasion doesn't really kick in until you start re-using your Google login and your phone/apps are reporting back to Google on a regular basis with your location, device IMEI, advertising ID, hardware fingerprint, email address, browsing/search history, banking/purchase details (aka Google Pay), etc..

Ah, with paid apps I also mean in-app purchases. I guess it might be possible by running sandboxed Play Services on GrapheneOS?
>It's the loss of an entire ecosystem worth of apps.

He literally just said that he used the Aurora store as an alternative. If you don't know what that is, it is basically an anonymous version of the Play Store. Highly recommended

Can you buy apps on the Aurora store?
where did this come from all of a sudden? I thought I knew all the Android alternatives. why does this super polished website for this out of nowhere suddenly maintained technology give me strong [intelligence agency of your choice] vibes?
This has been out there for years --- since 2018.

And check your vibe meter, it is acting up. The main person behind this was the creator of Mandrake Linux.

https://itsfoss.com/e-os-review/

you're right ... I must have confused something. will check it out
I'm considering one of the Linux phones, don't use many apps anyway. I know that's a hard sell for most but it's becoming a real option even for normal users.
I would recommend a Pixel with GrapheneOS or calyx.

You get the usability of Android with (optional)sandboxes google services/microg.

Almost all apps work and its really usable.

I can run Android apps with Waydroid on my Librem 5, and I also get the benefits of a full desktop OS on my phone.
>on my Librem 5

Sounds interesting. Goes and looks it up.

>>From: $1,999.00

You must be joking...

>>From: $1,999.00

This is the cost of Librem 5 USA (made in USA) [0], not Librem 5 (made in China) [1]. Also, I preordered it for $600 a long time ago, and sometimes you can buy from resellers for a similar price [2].

[0] https://puri.sm/products/librem-5-usa

[1] https://puri.sm/products/librem-5

[2] https://forums.puri.sm/t/librem-5-for-sale-eu-630-eur/19445

>>This is the cost of Librem 5 USA (made in USA) [0], not Librem 5 (made in China)

I suppose that helps a little. I seem to have incorrectly assumed that the USA model was intended for use in the USA, not simply assembled there. Still crazy expensive. For that price I'd expect it to come with a keyboard and mouse and replace my Thinkpad altogether.

You indeed can connect Librem 5 to any keyboard, mouse, and screen and use it as a desktop.
>You indeed can connect Librem 5 to any keyboard, mouse, and screen and use it as a desktop.

You have my attention.

....

[goes and looks it up]

Niiiiice. Reads more...

https://puri.sm/posts/what-is-mobile-pureos/

The only problem I'm seeing is this is all Gnome and I'm a big Mate desktop guy. I wouldn't really have a desktop replacement unless I could get the traditional desktop back. Still this situation is a much better one than I originally feared. I'll be watching this closely. Thanks for educating me.

I'm pretty sure you can start mate on it when you are plugged into keyboard/display/mouse. You just wouldn't have a smooth switch between phone and desktop.
They contribute upstream and make many improvements to the Linux stack in general. But I agree, it's not something many people are willing to pay.
Well if you really want a phone that's secure and private, prove it by paying for it. Mass production and the ability to sell your data to advertisers means the stuff that does that will always be cheaper.
How does the Librem 5 support verified boot? What about user data encryption? Those are the first, most basic security features I am expecting from a smartphone. How about app sandboxes and strict MAC policies?
Beats me, I dunno if it does. But if it actually has no ad network tracking, that's more than any other platform, and could easily be worth the extra cost if you actually care about that.

Lots and lots of people say they don't want to be tracked by ad companies. But how many are willing to open their wallets to make it happen? I'd say you can judge how sincere their commitment is by that.

What about AOSP or GrapheneOS? Those also lack all tracking. Not to mention the security, and can you really have privacy without security?
Librem 5 has full disk encryption since PureOS 10 was released. See also: https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque....
Correct me if I'm wrong, but the way FDE is implemented in Librem 5 means that it is only effective when the phone is turned off? The disk is decrypted when you type in your LUKS passphrase and after that, it stays decrypted until you completely power it off or reboot. That makes it pretty much useless on a phone that you carry around.

The linked source has a lot of stuff that is done "in the future" and basically all of those "in the future" suggestions, are inferior to what AOSP has had for years.

The document lists some of the drawbacks of Librem 5, such as the use of memory-unsafe languages, and then blames Android for also relying on the same memory-unsafe languages and even some Android-specific components written in memory-unsafe languages. The fact is that Android has tons of mitigations specifically for this problem, which Librem 5 completely lacks. They're not comparable in that way. Librem 5 basically exposes the entire Linux kernel attack surface, whereas Android has multiple layers of protection between userspace and the Linux kernel. Apps written in memory safe language, proper app sandboxes, hardened memory allocator, extremely strict SELinux policies, CFI, PAC, ShadowCallStack, etc.

The only nice thing Librem 5 has, are the killswitches, but do those really matter at this point?

Yes, desktop GNU/Linux has a long way to go to get to the security model of Android. Yes, FDE only works for the turned off device (at the current stage). But, depending on your threat model, the phone can already be more secure nevertheless.

For example, if you do not trust the manufacturers in China, you can verify the schematics, or order Librem 5 USA. Or, if you suspect your device is compromised, you can rely on the kill switches to make sure you are not tracked or listened to. Can you do these on Android? I'm sure there are known vulnerabilities for the latter on the black market.

Another example: If you use the smart card to read or sign your emails, you can be sure that even a hacked or stolen unlocked phone would not allow the attackers to manage your email identity.

People who say that Librem 5 is less secure than Android do not take into consideration that threat models can affect it a lot. You cannot simply declare "it's insecure" without considering the threat models. Also, I guess if you are fine with the security of your GNU/Linux laptop, which you take with you, you should be also more or less fine with the Librem 5 security.

I am not even speaking about the freedom benefits. Also, there is no security and privacy without freedom (https://puri.sm/posts/why-freedom-is-essential-to-security-a...). In the long term, Google is heading toward the walled garden on Android, just like Apple does. I would not bet on it for the future. If you care about security more than freedom and need Android-style security now, then Librem 5 is not for you.

If your actually interested Pine64 has cheaper offerings, for a Linux first phone. The original pinephone is only ~$200.
The problem is really the apps. Most play store apps are absolutely riddled with tracking libraries, even if you get them from Aurora store.

You can block some of their access but it's hard from airtight.

> refusing to block tracking

You realize that Apple is still doing the tracking, just not allowing third parties?

It would increase the privacy of Google products if they blocked third-party tracking on their devices. It would be more private still if Google didn't do their own tracking but that is still a separate point.
Tracking logged on users in first party apps is something everyone can do. Not just Apple.
The difference is you have no choice but to use these Apple apps with tracking.
> According to an analysis by StockApps.com, out of the five major digital firms (Google, Twitter, Apple, Amazon, and Facebook.) Google harvests the most data on its users. The corporation collects thirty-nine data points for each user.

Apple is in a league above Amazon in protecting user privacy. It is the most privacy-conscious firm out there. Apple only stores the information that is necessary to maintain users’ accounts.

https://stockapps.com/blog/google-tracks-39-types-of-private...

Apple stores data on who reads what articles in its News app to target ads. It stores data on who downloads which apps in the App Store to show ads. It will do more and more of this. Unlike Android, iPhone offers no other source for apps, and it does not let you uninstall the News app. User choice is required for real privacy. By that measure (for users who care about privacy and choose apps accordingly), Apple is the worst choice for privacy.
Basing the ad displayed on search terms entered or the page content is the opposite of a privacy violation.

The problem is companies like Google and Facebook, which track users across the web and relentlessly spy on everything they do.

Google literally spies on everyone's credit/debit card transaction data now, so they can spy on your offline life as much as they already do online.

>Of course, Google has been able to track your location using Google Maps for a long time. Since 2014, it has used that information to provide advertisers with information on how often people visit their stores. But store visits aren’t purchases, so, as Google said in a blog post on its new service for marketers, it has partnered with “third parties” that give them access to 70 percent of all credit and debit card purchases.

https://www.technologyreview.com/2017/05/25/242717/google-no...

> Basing the ad displayed on search terms entered or the page content is the opposite of a privacy violation

It doesn't just show ads based on current search terms. It uses your install and usage history to show personalized ads. https://www.macrumors.com/2022/10/22/apple-announces-more-ap...

The difference between Android and iOS is that with Android, you don't have to use spying services from Google or Apple. With iOS, you are required to use spying services from Apple.

> Google literally spies on everyone's credit/debit card transaction data now, so they can spy on your offline life as much as they already do online.

Google gets your purchase history whether you use Android or iOS. iOS is strictly worse for privacy.

> Google gets your purchase history whether you use Android or iOS.

> Apple only stores the information that is necessary to maintain users’ accounts.

The difference is clear.

I don't know how you keep failing to understand this. How little Apple and Google care about privacy doesn't matter. What matters is being able to avoid them as much as possible. iOS fails completely at this, while Android fares much better.
> How little Apple and Google care about privacy doesn't matter.

It's impossible to take this seriously.

Google, literally has surveillance capitalism as it's entire business model.

Are you really that dense? I showed you how Apple violates your privacy on iOS in a way that you cannot avoid on iOS. On Android, you don't have to put up with that nonsense. What the hell does Google have to do with it, violating your privacy whether you use iOS or Android or no phone at all?

You have no choice but to let Google get your purchases (except maybe via some opt out with your card issuer). You do have a choice not to send your app usage to Apple and Google, but only if you use Android.

As far as whether Google or Apple is worse for surveillance capitalism, only the former (and Microsoft and Mozilla) lets me opt out of them collecting my SSID location. That is yet another reason iOS is worse for privacy than Android. Even worse, it is impossible to get your location on iOS without also sending your location to Apple.

>Are you really that dense?

No, I'm just not gullible enough to buy into such a ridiculous premise.

Spying on users is Google's entire business model.

> Spying on users is Google's entire business model.

What does that have to do with anything? On Android, I can use as few Google apps as an iOS user. Even better, I can use fewer spying Apple apps. Apple's entire business model is marketing to gullible users who hand over their money and their data.

With hardware remote attestation there will no longer be any point in even owning an android phone anyway. Android is obviously inferior to iOS in every way but the whole point was you could have control over the machine and do whatever you wanted. Now apps will be able to verify that you "tampered" with the phone and will refuse to run, and since it's hardware cryptography it cannot be faked without massive effort. Might as well get an iPhone which at least isn't a shitty Google product.

Termux is the one android exclusive software I can't live without and they managed to fuck even that up by killing processes indiscriminately in order to save battery or whatever. If there's no solution by the time my phone dies, my next one will be an iPhone.

>With hardware remote attestation there will no longer be any point in even owning an android phone anyway. Android is obviously inferior to iOS in every way but the whole point was you could have control over the machine and do whatever you wanted. Now apps will be able to verify that you "tampered" with the phone and will refuse to run, and since it's hardware cryptography it cannot be faked without massive effort. Might as well get an iPhone which at least isn't a shitty Google product.

Wait a minute, will something like this really come to Android phones? I guess that installing a custom rom will become impossible at the same time?

If this happens, then there truly isn't going to be much point in using an Android phone over an iPhone

It won't become impossible to install a custom rom, it will simply become impossible to use many if not most popular apps.

Android already provides a mechanism for apps to refuse to run on modified devices, it's called SafetyNet and is widely used for example by banking apps. Currently, it's usually possible to trick it, but with hardware attestation it will become practically impossible.

Yes, some banking apps do this.

The simple solution --- install the bank's web site as an app.

Go to the site, click the browser menu button (3 dots on Android or up arrow on iOS) and select "Add to Home Screen". You now have a link icon on your phone that looks and acts just like any other app.

Some banks (Chase for example) offer a "Progress Web App" which removes the browser interface elements so the causal observer can't even tell it's not a native app.

https://www.howtogeek.com/342121/what-are-progressive-web-ap...

I am able to use Chase's app on my LineageOS + Magisk rooted device. The annoying part is that they seem to disable fingerprint login, so now I have to copy/paste the password every time.
Wait a minute, will something like this really come to Android phones?

Google has been doing this for quite some time to prevent unlocked devices from accessing the Play Store. The solution is to avoid Google Play --- along with all other Googly things.

This is a security feature and the play store doesn't require it AFAIK. Apps can choose to use it as a signal on whether a client is secure. Unlocked devices are insecure because an attacker can flash a malicious image and steal all of your sensitive data such as an authentication token for your bank account.

If your solution is to just be less secure go ahead, but don't complain when services don't want to serve you or treat you different since you are less secure than the other users.

Yeah, sure. An "optional security feature".

> don't complain when services don't want to serve you or treat you different since you are less secure than the other users

Hell no. They should not be allowed to discriminate against me just because I chose to own my system. They should not even be able to figure out what software I'm running, to say nothing of "treating me different".

"Don't want to serve us" unless we let them invade and own our machines? Please. This should be illegal.

>They should not be allowed to discriminate against me just because I chose to own my system.

App developers don't care if you own your system. They just want a way to prove that the device their app is running on is secure and that the client has not been modified. If there was a way for you to prove that to them they wouldn't mind.

>They should not even be able to figure out what software I'm running, to say nothing of "treating me different".

They just want to know that the client has not been tampered with so that they know you are not going to shall user's tokens, scrape people's information, or mondo automated actions as a bot. A signal that you are using the vanilla client makes you much more trust worthy to a service.

>"Don't want to serve us" unless we let them invade and own our machines?

Apps aren't invading your machine. They just want some guarantees about the environment they are operating in. The information that they get from you is the package's name, certificate, version, whether it's from the play store, whether your device passes integrity checks, and whether the app is properly licensed.

> App developers don't care if you own your system.

> They just want a way to prove that the device their app is running on is secure and that the client has not been modified.

Contradictory. If I own the system, I can obviously modify it and everything running on it. Including your app. Therefore what they want is proof that I don't own the system.

> They just want to know that the client has not been tampered with

"Tampered with" -- there's that language again. Owning my computer is not "tampering", it is freedom.

> They just want some guarantees about the environment they are operating in.

Who cares what they want? It's my machine, I decide what they get. If they get anything at all. If I want them to believe they are running on a clean environment, that's what they should believe.

> The information that they get from you is the package's name, certificate, version, whether it's from the play store, whether your device passes integrity checks, and whether the app is properly licensed.

"Integrity" checks? Rooting my phone does not violate its "integrity". If anything it restores it.

Certificates? Store? Licensing checks? Look at all this crap that must be installed on "my" system just to give you your "guarantees". My phone's gotta come out of the factory pwned at the hardware level for your "guarantees" to be worth anything. It has to come with a full root of trust from the firmware to the bootloader to the operating system to each individual app just to prevent my "tampering". But you're seriously claiming apps aren't invading our machines.

An app "wanting" anything is invasion enough.

>Contradictory

I disagree. You can have control in modifying your system, but the software just needs a way to prove that the security features it assumes are true. There could be a way for it to analyze the changes you made and decide whether or not it should trust your system.

>"Tampered with" -- there's that language again. Owning my computer is not "tampering", it is freedom.

It's someone else's software. You may own your computer, but you don't own the YouTube client. Google owns the YouTube client. Tampering with Google's client is tampering.

>"Integrity" checks? Rooting my phone does not violate its "integrity". If anything it restores it.

No, it does not. One part of Android's security model is that app's have storage that only they can access. Take for example a 2FA app which stores it's private key in this location. This makes it so that you must physically have your phone in order to get a 2FA code. This is the "something you have" part of 2FA. Rooting your phone violates the integrity of the system because now someone can just become root and steal the private key. Now they can generate 2FA codes without physically having the device with them. It then becomes another "something you know."

>My phone's gotta come out of the factory pwned at the hardware level for your "guarantees" to be worth anything.

These are security features. Your phone is less secure without them. It's not pwned.

>An app "wanting" anything is invasion enough.

Everyone wants something. Every business transaction includes both parties wanting something from the other.

Google SafetyNet can be used to attest that the device has not been modified or "tampered" with. Basically Google cryptographically proves it owns your phone and has control over what you do with it. You can fake the software attestation right now with stuff like Magisk but once it moves to hardware attestation it's over. You'll be able to install custom systems but what's the point if they can't run the apps you want or need?

Why wouldn't an app require this? Banks want it because "fraud", streaming services want it because "piracy"... You can come up with pretty much any reason for any "rightsholders" to want control over our computers. If WhatsApp starts requiring this, it's either accept Google control or my phone turns into a paperweight.

> Android is obviously inferior to iOS in every way

Damn how i hate to write that: At least on Android you can turn off WI-Fi and mobile data, unless iOS which keeps it enabled "for system services".

Airplane mode turns off all radios.
Anything mentioning privacy in it's name now screams the opposite. It's not a tainted term.
I have been using LineageOS on old Pixels/LG phones for over a year and half now. So far no real problems and it is hella lot faster then the stock Android they came with. I find my needs really just sit between a dumb phone and all the gadgets and software of the latest smartphones - if it can call, run a chat messenger, snap an occasional photo that's really about it.
For a pixel I would highly recommend GrapheneOS
Nonsense like this makes me happy to be on GrapheneOS.
I recently switched to that myself. Tired of Google not respecting our private lives and wanting to know every single action we take. Wish it worked on more phones than just the Pixel line so more people could use it
Further, I’m amazed at the level of irrelevancy of their ads. I can’t think of a single purchase I’ve made or will make that corresponds to an ad I’ve seen on YouTube.
> I can’t think of a single purchase I’ve made or will make that corresponds to an ad I’ve seen on YouTube. I can tell you a secret about ads: they aren't supposed to work on your conscious brain. The aim to ensure that on your next grocery run you choose "prime water" over "gaterode" because you heard about this new brand which was recommended by your favourite youtuber or choose "budwiser" over other no-name brand beer because you saw a cool superbowl ad.
I just tried GrapheneOS yesterday. Installation on my new phone was a breeze, but once I was in, there was... Nothing. The "Apps" app, which I assumed was an alternative to the Google Play store, had literally nothing except a link to install Google Play services.

So I installed that and the Play store, which, due to GrapheneOS's sandboxing, was probably better than the stock Android. But it didn't even work well. Plenty of apps I tried to install wouldn't. After about 3hrs of playing with it, I said "fuck it," and flashed the stock Android back onto the phone.

I really want to switch, but that was far too much work.

One tip, use Aurora store instead of Google play, after that everything will work fine.

GrapheneOS developers aren't really the most considerate of beginners.

This is a good tip. Another thing is to make sure to have the Google Play Services proxy installed if you plan on using most Play apps.

You can even keep separate profiles for apps that do and don't need play services.

What didn't work? Any specific apps? Because that's definitely not the experience of people using GrapheneOS.

Either way, you don't have to use Sandboxed Google Play or Play Store on GrapheneOS. You can install whatever third-party store you want.

Sometimes you have to go into the installed app's settings and tell it to use standard android memory addresses. This recently fixed the Wells Fargo app for me which was hanging upon start.

I keep Google play services in a separate profile on grapheneos so that use it as minimally as possible.

So, is this the return of FLoC[0]?

They didn't get buy-in from other browsers, so they are doing it at OS level.

Nice /s

0: https://en.m.wikipedia.org/wiki/Federated_Learning_of_Cohort...

Its even worse, its not replacing current tracking!

> On Android, the Privacy Sandbox tracking is in addition to all the usual individual tracking methods; it's not being pitched as an alternative to anything. The Privacy Sandbox on Android is toothless, and Google has no plans to reduce tracking on Android.

A lot of the discussion in this thread has been about how Privacy Sandbox has been deceptively marketed to users, and I agree that Google's marketing has been deceptive. However, what I really want to know is, what's in it for app developers? Privacy Sandbox is opt-in, but what advantages do app developers gain by opting in? Will they be ranked more highly in Play Store search results? Why should an app developer totally rewrite their analytics code to use Privacy Sandbox when existing methods of tracking already work, and will continue to do so?

Who does Privacy Sandbox benefit? It doesn't benefit users, because it's not mandatory for apps to respect it. It doesn't benefit developers, because it's non-zero work to migrate, and zero benefit (because existing tracking and analytics systems will continue to work). It's doesn't benefit Google, as a whole, because it's one more API that they have to continue to support.

What was the point of all this?

The point is to try to get people to consent to giving up privacy. That benefits everyone who is trying to make money by gathering data about users -- which happens to be Google's primary business approach.
I have a bunch of issues with the "Privacy Sandbox", but my #1 issue is that it's called "Privacy Sandbox". That term implies that a sandbox is being used to preserve your privacy, when it is, in fact, a system designed for the opposite of that.
You really have to sit back and admire the marketing team that came up with this spin.
After all the crap that Google put in Android, I still don't understand why some other alternative ecosystems like Ubuntu Phone or GrapheneOS or Mankato (PinePhone) aren't attractive for users and developers.

What's holding everyone back? I understand that without users there won't be apps, but also without apps there won't be users, since they offer just the basics.

Imagine if TikTok or WhatsApp have had an app for those others OSes

They only thing holding me back from calyxos is the lack of Android Auto. I know that it has its own privacy issues but man is it convenient with a compatible head unit.

Its possible to add Android auto stubs to it to give privileged access, compile your own build, sign it, flash it, and install the apks yourself as a DIY middle ground. I did it for a pixel 6 and was happy with it but bootlooped the phone applying my first compiled OTA update so this scared me off trying it again and I went back to stock. I understand why the team is against it but unfortunate.

Maybe another take on your question is why did windows phone and bbm fail?

It is the Apps, and you perfectly summarized how it's a feedback loop. It wasn't the only reason why Windows phone failed, but it was one of them, even though Microsoft threw money at companies to at least have the most important apps available from pretty much day one. The app store still was pathetic and a lot of basic quality of life apps missing. And they kept going for what, 6 years before they announced they'll scrap it, and kept support going for another 4 years. Now imagine something new comes up, no matter how awesome the system is, no matter how well executed every move of the company behind it is: how much is a smartphone worth that doesn't have WhatsApp, Facebook, Google Maps, YouTube, TikTok, Instagram, you name it. And no, the browser versions don't count.

Heck, you can just use lineage os without the Google services to get a taste of this. And that's a system where you still can get all the Apps with a tiny bit of effort, as long as they don't depend on the Google services. It sucks for the most part.

But really, since you asked, just try it. Get some used phone that's supported by lineage OS and challenge yourself to use it exclusively for a month. Or maybe for fun/hard mode, get a Lumia 950 and try that for a month.

> as long as they don't depend on the Google services

A surprising and hilarious number of things, including some of Google's own apps, show "X won't work unless you enable Google Play Services" popups and then continue working just fine. (I'm guessing they link against some client library that shows that on all function calls, but then doesn't throw an exception.)

GrapheneOS has sandboxes google services, so almost all apps work, even services like google nearby share work too! The only exception is apps needing Safetynet with hardware attestation.
There are plenty of projects. They aren't main stream because people are more than willing to sell their privacy for convenience.

One such example is CalyxOS. Using it right now. It comes with both F-Droid and Aurora Store. The latter let's you download anonymously from the playstore.

Marketing. As an advertising company, they can pour billions into advertising their own products.
Hardware support. Most of these distributions only work on very limited set of phone models
Banking apps (not all but many), android auto, tap to pay. Those are three huge sacrifices for most people.
I guess 'Data Tarpit' didn't make the short list.
This is an industry standard brain wash technique that is used in many products.

Just yesterday I actually had time to read that new Apple "Privacy" Statement that pops up on a Mac for some reason since a few weeks and they put a blunt lie on top about how "private" their service is and just a few lines later they tell you that they grab actually all your private data.

Every EU website now pops up a "privacy statement" where they actually tell you that they DO NOT respect your privacy.

I am sure there is a technical term for that, I would simply describe it as "producing cognitive dissonance in the most obvious way and make it look fine".

It took already an enormous effort to get all these companies to actually have to report about their abuse of your private data, in EU even make users agree.

However, it did not change anything - most companies still break your privacy even with more fun doing it, as you agreed.

A terrible and wasteful development of modern primitive capitalism.

BTW George Orwell of course predicted it very well.
How I hate this war is peace "newspeech" . I don't even know what it's called. Anti speech? Lying ?
It is newspeak.

And what do you mean "lying" ? There are no lies anymore. Only "sources", CIA press releases and "insert your enemy here" propaganda. /s

The whole point is this will replace more intrusive tracking. It is trying to make it viable for businesses to switch to something that protects people's privacy more without killing off companies that depend on effective advertising. Apple took a poor approch in not having viable replacement before their changes and this resulted in many companies being negatively effected and many companies going out of business. When you make a big change to your ecosystem you need to consider all of the stakeholders else you can cause a subset of people to experience a lot of pain.

The author falsely claims Chrome is killing off ad blockers too with manifest v3 since manifest v3 protects the privacy and security of users better. This guy isn't consistent about being pro privacy. He simply hates Google. Manifest v3 doesn't even kill off ad blockers, nor does the Chrome team intend to as they have been improving the APIs to enable them to function. The strongest argument is that chrome extension store will reject manifest v3 extensions that want overly broad permission to access the content of any site you visit.

Google could protect privacy very easy by letting me filter app in the app store by capabilities. I can not just see apps that do not X or Y. Whole app store is still a great malware distribution project - horrible. Managers responsible for that mess should go to jail for twenty years.
lol imagine being a "journalist" in the current year and writing "Rather than match iOS's tracking limits, Google built an additional tracking system." as if you think iOS tracking does anything close to what it says it's going to do ( ex https://gizmodo.com/apple-iphone-analytics-privacy-4th-lawsu... ).

This is a hit peace written by an iZealot who doesn't even address Apple's system shortcomings.