If this can happen, is it possible that once mandatory developer verification comes into effect, all 3rd party apps will be uninstalled at first and require a re-install?
It uninstalled AnkiConnect for me. No warning first to tell me the app was malicious (it isn’t), no prompt of whether or not it’s OK to remove it. Just yeeted.
I had to disable Play Protect from Google Play’s settings, and that wasn’t enough as notifications would now pop up saying the app is malicious after I brought it back, so then I shut off those notifications.
When the warranty on my phone runs out or it’s under threat of not being able to unlock the bootloader, I’ll unlock the bootloader and put on a custom ROM without Gapps. Fuck this bullshit. And Google wants to make installing apps harder to feed its ego. Fuck billionaires.
I removed the network permission from the play store. Apps will still work if they arbitrarily require Google Play to be installed. The store itself can’t do shit.
GrapheneOS can remove Play Store network permissions. I’m not sure about others.
Some can be pretty limited in what they allow you.
For example, I tried Moto G54 5G, and it kept giving me full-screen update notifications, which would immediately re-appear when I exit it and closed it from recent apps.
Naturally, I tried to disable Moto updates, at least temporarily. Hmm, shouldn’t that be me?
I returned the phone for a refund.
Play protect will remove things that google doesn’t like, not malware.
Working at a phone retail place, I have never seen malware not from the Play store. There is fuckloads of malware on the Play store. Most of it faking Google’s own apps which you’d think they would care about, but they don’t. All of that walks straight through play protect and in some cases on Samsung phones will abuse their security features to not let you remove it easily.
Fake apps that replace your home screen, display ads every 5 seconds, and close any app that you’re in are rampant on the Play store and play protect will do nothing about it.
If it was normal to just search the web for all the apps you wanted, and you installed from from prompts on vendor websites, then all of the malware would come from that instead.
Google and Apple claim their stores address the issue. But it’s almost impossible to pay enough people to deeply review every single app and app update.
Fun fact: you can remove your Google account from your Android phone and it’ll work completely fine! I’ve done so, disabled every Google app and Play store thing I could. Everything is either from F-Droid, or APKeep minus my banking app that I’ll get rid of when it’s obsolete.
On one of my phones I do this plus delete/disable everything from google, except play services and play services framework (with everything disabled in there, only cloud messaging enabled). For apps on the play store I just download from aurora store.
The only thing I needed the play store for was to register 2FA for the government app on that phone. On the rest, it didn’t make a difference.
On another phone I use microg and it works fine too. I think attestation (safetynet) and disabled root and dev tools will make everything work fine, I put my hosts file using adb in recovery mode and no application has noticed. No banking app, nothing noticed.
I didn’t know that Android would block installs from “unauthorized sources” using play protect, I thought it would be hardcoded into play services or even on the android images.
Edit: for such a “secure” implementation, etc, it seems very weak, ngl
Even so, I can’t do this if I want to keep some services or games – I’m currently liberal with my app downloads and around a dozen refuse to work unless they’ve been installed or updated to the absolute latest release with the Play Store version - Aurora versions don’t work. There’s the argument that if it doesn’t work, it’s not valuable enough to keep, but I play games quite a bit.
Had heard they could uninstall programs for years now, but never seen a report of that actually being done.
Alas, does Play Protect help in anything? Power users are likely to know what they’re doing, and normal users are likely to be using only the programs Google already sanctioned due to being on Google Play, so I personally can’t see much room for it.
About your question, hard to confirm anything. But with Google existing on an eternal slippery slope, I think it’s safe to say not if they’re doing it, but when.
I mean there is the problem of malicious apps on the Play Store (though that should be handled by Google reviewing submitted apps better). Maybe Play Protect could uninstall those once they’re discovered? Seems a bit late.
There’s uninformed users being fooled into installing malicious APKs outside of the Play Store by blindly following malicious instructions, but Play Protect is just another step to follow.
I figure what’s more valuable to Google is the marketing that Android is secure and a list of apps installed on your phone.
Everyone tried to use the same model, even MacOS reboot sold itself as Unix and the open-source portion of the platform used to be much larger. You could edit a config file and make it load text console only in the early years.
Annoying, really, as every one of them preach openness until they get so big, and then they seal the gates because they think they have their market locked down.
Not anymore.
Will be interesting to see how android dies. It will be slow, but it is a given.
I actually don’t think Apple ever described Mac OS X as open like Android did. The way Android did was always in contrast with Apple’s ways. That was their point.
Apple has boasted about narrow open things, like WebKit, and a few other things. WebKit was so open that Google forked it to make Blink. And WebKit was based on KHTML IIRC. Another open source project. And yes Unix was promoted in marketing. But they never claimed Mac OS X was open like Android did. They boasted about a Unix foundation.
Android never boasted about a Linux foundation. Just about being open.
They flagged Rustdesk a while back, which is a probably harmless open-source remote access software. Because of this I learned that Google not only has Play Protect in Google Play settings, but a second, separate setting in Security called Advanced Protection, that prompted me to remove Rustdesk, and a second time after it re-enabled itself. It reminds me of the days I ran Windows and the antivirus would kill vital programs or script files for some games.
I don’t know. advanced protection protects against stingrays though, so I’m not sure I want to disable that just yet except for when I have to update an app and then I re-enable it
Well, from what I can find it doesn’t seem that much of an attack vector –
– My phone does not have 2G compatibility, this probably only tracks location if you’ve switched on location services and I’d wager most people use IM calls and texts rather than cellular. If the phone is old enough to have 2G or 3G, perhaps there’s a threat. If you live in the US it’s ironically probably smart to leave it on – state forces are a bigger threat than malicious conglomerates atm
There are newer stingray type devices that are effective against 3G and 4G devices as well, and I think there’s one that’s coming out soon or has already been released that works on 5G to some extent but not completely. I haven’t read up on it fully lately, but there’s definitely more out there than just 2G/3G devices.
If you read the alleged protection dialog, Google’s only blocks against 2G networks. The same of which many carriers allow, enable, or enforce blocking, and if not *#*#info#*#* let’s you do it yourself.
“2G network protection - Avoids 2G networks, which are less secure”
Most of the time they do spell things, yeah, then there are the weird legacy holdover ones. The *3001#12345#* iPhone code is an old Nokia engineering screen code that probably only had meaning to Nokia S40/S60 engineers.
Interesting. *#*#info#*#* didn’t do anything for me.
Invalid mmi code
Edit: I did however find it under settings, network,sims, and then when I selected my particular sims, it scrolled down a bit. I found that that was already disabled. It was labeled as 2G network protection.
Play protect doesn’t actually scan for malware; it’s not an anti-virus. Google, supposedly, scans for malware on the app store regularly and takes action through play protect if they find it there.
So, in other words, unless you have a very specific reason; like you believe it is likely that one of the apps you use from the google play store could become compromised in the future, just disable plat protect.
It will at best annoy you with false positives and blocking non-play store apps for no other reason than google’s jealousy. At worst it won’t stop a harmful app from being on your device – it will just eventually catch and remove it after it has already been on your device doing whatever nefarious activity.
Google has control over every aspect of your phone. Some LineageOS versions ago the true permissions were visible. And google play services is crazy mighty. Time to get rid of google entirely in my opinion.
i havent had it uninstall an app but google has been blocking me from updating apps in Obtainium (using Shizuku) DESPITE having play protect disabled. im able to bypass it but the fact that it even blocks it in the first place unwarranted pisses me off
“Easy antitrust case” the same kind of easy as easy to punish google for actively throttling access to sites that dont pay them,or easy to punish them for actively supporting apartheid?
They’ve got a chokehold on the internet and of every political entity/corporation that uses the internet, excising this tumour is going to be anything but easy.
Supporting apartheid has nothing to do with antitrust. In fact, there is no law against it at all.
Google does not “throttle access to sites that don’t pay them.” Paying for an ad placement is as old as newspapers. There is no evidence that they additionally down rank sites that have no advertising account with them, and it wouldn’t make any business sense anyway because having nonpaying sites rank highly is what convinces a paying site to pay more to get top of page ad placement.
Anything to back up your claim about how having sites that don’t pay get pushed to the top is somehow better for google because it makes the ones already paying somehow pay more?
SEO doesn’t mean that the site pays Google. It’s exactly the opposite. SEO means gaming the Google ranking algorithm to appear higher in the organic rankings without paying Google. In the past, people would do this by creating link farms to game the page rank component.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
DROID DOES
Welcome to the Android community on Lemmy. Here you can participate in amazing discussions and events relating to all things Android.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
We start hacking. The war begins!
It uninstalled AnkiConnect for me. No warning first to tell me the app was malicious (it isn’t), no prompt of whether or not it’s OK to remove it. Just yeeted.
I had to disable Play Protect from Google Play’s settings, and that wasn’t enough as notifications would now pop up saying the app is malicious after I brought it back, so then I shut off those notifications.
When the warranty on my phone runs out or it’s under threat of not being able to unlock the bootloader, I’ll unlock the bootloader and put on a custom ROM without Gapps. Fuck this bullshit. And Google wants to make installing apps harder to feed its ego. Fuck billionaires.
I removed the network permission from the play store. Apps will still work if they arbitrarily require Google Play to be installed. The store itself can’t do shit.
GrapheneOS can remove Play Store network permissions. I’m not sure about others.
i mean, if you’re on a non-stock OS you can just not install google services at all, and instead use aurora store.
Some can be pretty limited in what they allow you.
Hmm, shouldn’t that be me?
For example, I tried Moto G54 5G, and it kept giving me full-screen update notifications, which would immediately re-appear when I exit it and closed it from recent apps.
Naturally, I tried to disable Moto updates, at least temporarily.
I returned the phone for a refund.
Play protect will remove things that google doesn’t like, not malware.
Working at a phone retail place, I have never seen malware not from the Play store. There is fuckloads of malware on the Play store. Most of it faking Google’s own apps which you’d think they would care about, but they don’t. All of that walks straight through play protect and in some cases on Samsung phones will abuse their security features to not let you remove it easily.
Fake apps that replace your home screen, display ads every 5 seconds, and close any app that you’re in are rampant on the Play store and play protect will do nothing about it.
I searched for “Messages” on the play store, and the top link was malware. WTAF?
It has the largest user base to target.
If it was normal to just search the web for all the apps you wanted, and you installed from from prompts on vendor websites, then all of the malware would come from that instead.
Google and Apple claim their stores address the issue. But it’s almost impossible to pay enough people to deeply review every single app and app update.
It would be easy to pay for it, but shareholders don’t like that
I’ve disabled play protect because of this bs
Well, they’re obviously gonna make Protect forcibly on, 24/7. So then what for us?
Fun fact: you can remove your Google account from your Android phone and it’ll work completely fine! I’ve done so, disabled every Google app and Play store thing I could. Everything is either from F-Droid, or APKeep minus my banking app that I’ll get rid of when it’s obsolete.
On one of my phones I do this plus delete/disable everything from google, except play services and play services framework (with everything disabled in there, only cloud messaging enabled). For apps on the play store I just download from aurora store.
The only thing I needed the play store for was to register 2FA for the government app on that phone. On the rest, it didn’t make a difference.
On another phone I use microg and it works fine too. I think attestation (safetynet) and disabled root and dev tools will make everything work fine, I put my hosts file using adb in recovery mode and no application has noticed. No banking app, nothing noticed.
I didn’t know that Android would block installs from “unauthorized sources” using play protect, I thought it would be hardcoded into play services or even on the android images.
Edit: for such a “secure” implementation, etc, it seems very weak, ngl
That is because it is security theater.
Even so, I can’t do this if I want to keep some services or games – I’m currently liberal with my app downloads and around a dozen refuse to work unless they’ve been installed or updated to the absolute latest release with the Play Store version - Aurora versions don’t work. There’s the argument that if it doesn’t work, it’s not valuable enough to keep, but I play games quite a bit.
Find new games to play 😁. 500+ on F-Droid that respect privacy. Though, not every single one is great, I’ve got maybe 5 solid good time killers
Had heard they could uninstall programs for years now, but never seen a report of that actually being done.
Alas, does Play Protect help in anything? Power users are likely to know what they’re doing, and normal users are likely to be using only the programs Google already sanctioned due to being on Google Play, so I personally can’t see much room for it.
About your question, hard to confirm anything. But with Google existing on an eternal slippery slope, I think it’s safe to say not if they’re doing it, but when.
Happened last year with BLE Radar when police/ICE realized people could see (the presence of) their body cams.
I mean there is the problem of malicious apps on the Play Store (though that should be handled by Google reviewing submitted apps better). Maybe Play Protect could uninstall those once they’re discovered? Seems a bit late. There’s uninformed users being fooled into installing malicious APKs outside of the Play Store by blindly following malicious instructions, but Play Protect is just another step to follow.
I figure what’s more valuable to Google is the marketing that Android is secure and a list of apps installed on your phone.
Google is a sellout hypocrite of the highest order and has been for…15, 18 years?
Android being “open” was always just marketing. The truth is more complex and not as sellable.
Everyone tried to use the same model, even MacOS reboot sold itself as Unix and the open-source portion of the platform used to be much larger. You could edit a config file and make it load text console only in the early years.
Annoying, really, as every one of them preach openness until they get so big, and then they seal the gates because they think they have their market locked down.
Not anymore.
Will be interesting to see how android dies. It will be slow, but it is a given.
I actually don’t think Apple ever described Mac OS X as open like Android did. The way Android did was always in contrast with Apple’s ways. That was their point.
Apple has boasted about narrow open things, like WebKit, and a few other things. WebKit was so open that Google forked it to make Blink. And WebKit was based on KHTML IIRC. Another open source project. And yes Unix was promoted in marketing. But they never claimed Mac OS X was open like Android did. They boasted about a Unix foundation.
Android never boasted about a Linux foundation. Just about being open.
android is a box were the lid only closes halfway on its own, and it took them until now to care enough to close the lid
Roll on Moto and Graphene
I uninstalled Google.
You can (and should) also disable Play Protect.
They flagged Rustdesk a while back, which is a probably harmless open-source remote access software. Because of this I learned that Google not only has Play Protect in Google Play settings, but a second, separate setting in Security called Advanced Protection, that prompted me to remove Rustdesk, and a second time after it re-enabled itself. It reminds me of the days I ran Windows and the antivirus would kill vital programs or script files for some games.
I don’t know. advanced protection protects against stingrays though, so I’m not sure I want to disable that just yet except for when I have to update an app and then I re-enable it
Well, from what I can find it doesn’t seem that much of an attack vector –
– My phone does not have 2G compatibility, this probably only tracks location if you’ve switched on location services and I’d wager most people use IM calls and texts rather than cellular. If the phone is old enough to have 2G or 3G, perhaps there’s a threat. If you live in the US it’s ironically probably smart to leave it on – state forces are a bigger threat than malicious conglomerates atm
There are newer stingray type devices that are effective against 3G and 4G devices as well, and I think there’s one that’s coming out soon or has already been released that works on 5G to some extent but not completely. I haven’t read up on it fully lately, but there’s definitely more out there than just 2G/3G devices.
If you read the alleged protection dialog, Google’s only blocks against 2G networks. The same of which many carriers allow, enable, or enforce blocking, and if not *#*#info#*#* let’s you do it yourself.
“2G network protection - Avoids 2G networks, which are less secure”
OH, that’s why 4636.
So 3646633 could be ENGMODE (Engineer Mode on MediaTek). Are all of them like this?
Most of the time they do spell things, yeah, then there are the weird legacy holdover ones. The *3001#12345#* iPhone code is an old Nokia engineering screen code that probably only had meaning to Nokia S40/S60 engineers.
Interesting. *#*#info#*#* didn’t do anything for me.
Invalid mmi code
Edit: I did however find it under settings, network,sims, and then when I selected my particular sims, it scrolled down a bit. I found that that was already disabled. It was labeled as 2G network protection.
deleted by creator
Play protect doesn’t actually scan for malware; it’s not an anti-virus. Google, supposedly, scans for malware on the app store regularly and takes action through play protect if they find it there.
So, in other words, unless you have a very specific reason; like you believe it is likely that one of the apps you use from the google play store could become compromised in the future, just disable plat protect.
It will at best annoy you with false positives and blocking non-play store apps for no other reason than google’s jealousy. At worst it won’t stop a harmful app from being on your device – it will just eventually catch and remove it after it has already been on your device doing whatever nefarious activity.
Google has control over every aspect of your phone. Some LineageOS versions ago the true permissions were visible. And google play services is crazy mighty. Time to get rid of google entirely in my opinion.
I use grapheneOs BTW
Omg tell me more…
i havent had it uninstall an app but google has been blocking me from updating apps in Obtainium (using Shizuku) DESPITE having play protect disabled. im able to bypass it but the fact that it even blocks it in the first place unwarranted pisses me off
I’d be interested to know what anti-malware tools one can use on an Android other than Play Protect.
Samsung phones include McAfee, oddly.
At the rate that software was bloating over the years, I’m surprised humanity has produced enough RAM already to load the latest version.
Ill bet that it shares no code with PC mcafee, and its just a rebadge over something else.
And probably mostly a feel-good useless thing.
There is Hypatia available through F-Droid.
Mbam has been on android forever
it’s not really your phone unless you have full root/bootloader access to the device sadly
Welcome to 2010. https://android-developers.googleblog.com/2010/06/exercising-our-remote-application.html
Remote installation via the web has been exposed to the user since 2011. https://googlemobile.blogspot.com/2011/02/introducing-android-market-website.html
This also means users can remotely uninstall. https://www.androidauthority.com/google-play-store-uninstall-button-3614548/
Yes, it’s possible that Google will abuse this, but it would be an easy antitrust case.
“Easy antitrust case” the same kind of easy as easy to punish google for actively throttling access to sites that dont pay them,or easy to punish them for actively supporting apartheid?
They’ve got a chokehold on the internet and of every political entity/corporation that uses the internet, excising this tumour is going to be anything but easy.
Supporting apartheid has nothing to do with antitrust. In fact, there is no law against it at all.
Google does not “throttle access to sites that don’t pay them.” Paying for an ad placement is as old as newspapers. There is no evidence that they additionally down rank sites that have no advertising account with them, and it wouldn’t make any business sense anyway because having nonpaying sites rank highly is what convinces a paying site to pay more to get top of page ad placement.
https://mashable.com/article/google-search-low-quality-research
The paper this is based on
https://downloads.webis.de/publications/papers/bevendorff_2024a.pdf
Anything to back up your claim about how having sites that don’t pay get pushed to the top is somehow better for google because it makes the ones already paying somehow pay more?
SEO doesn’t mean that the site pays Google. It’s exactly the opposite. SEO means gaming the Google ranking algorithm to appear higher in the organic rankings without paying Google. In the past, people would do this by creating link farms to game the page rank component.