this post was submitted on 21 Mar 2024
9 points (100.0% liked)

Privacy

36021 readers
10 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
9
Google Allows Creditors to Brick Your Phone (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
76 comments fedilink hide all child comments
 

I installed NetGuard about a month ago and blocked all internet to apps, unless they're on a whitelist. No notifications from this particular system app (that can't be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?

Edit 2: I bought my Pixel 6 phone outright, directly from Google's Australian store. I have no creditors.

Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?

I don't even live in the US, so what the actual fuck?

Edit 1: You can check it's installed (~~stock~~ Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search "DeviceLockController".

I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it's amazing. You can also purchase via Google Play store.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

Requests the app made today.

This is my phone I own outright, by the way. I don't have any creditors.

Update for those curious:

[–] [email protected] 1 points 1 year ago

I find it interesting that yours is com.google.android.devicelockcontroller.

I checked mine on GrapheneOS and it looks like it's the AOSP version of the package: com.android.devicelockcontroller

[–] [email protected] 1 points 1 year ago (6 children)

adb shell pm uninstall --user 0 com.google.android.devicelockcontroller

If you're using Shelter, then in addition to that command, replace --user 0 with --user 10

You don't need root to do this. You can also uninstall other bloatware using this same method.

[–] [email protected] 1 points 1 year ago

I tried this on a Pixel 7 and am getting:

panther:/ $ pm uninstall --user 0 com.google.android.devicelockcontroller

Failure [DELETE_FAILED_INTERNAL_ERROR]

I also tried disable and got:

Cannot disable a protected package: com.google.android.devicelockcontroller

[–] [email protected] 1 points 1 year ago

Hero, I just have to get around to doing it 😅 (I will, but grumble, grumble this is why most people don't bother battling for privacy)

load more comments (4 replies)
[–] [email protected] 3 points 1 year ago (15 children)

This type of tech is already being put into vehicles as well. I used to get laughed at 20 years ago when I predicted this. Nobody is laughing anymore. If anything, they just accept it.

[–] [email protected] 2 points 1 year ago (1 children)

Sigh. Way too much freeze in fight, flight or freeze...

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

https://neuroclastic.com/the-6fs-of-trauma-responses/

Don't forget the 3 other Fs! Fawn(Friend), Flood, and Fatigue/Flop

[–] [email protected] 2 points 1 year ago

Well, that was depressing (irony intended). Thanks for the thinking...

[–] [email protected] 1 points 1 year ago

your self driving car will just drive itself back to the lot when your payment is late

load more comments (13 replies)
[–] [email protected] 3 points 1 year ago (6 children)

In 2020 Google claimed it was supposed to be limited to a single region in partnership with a single carrier. And was never meant to be put up on Play Store.

A spokesperson from Google reached out to clarify some details about the Device Lock Controller app. To start with, Google says they launched this app in collaboration with a Kenyan carrier called Safaricom.

Google has confirmed that the Device Lock Controller app should not be listed on the Google Play Store for users in the U.S., and they will work to take down the listing.

Source: https://www.xda-developers.com/google-device-lock-controller-banks-payments/

Of course, it was a lie since it's still on Play Store an of today and in use.

[–] [email protected] 2 points 1 year ago (2 children)

I'm using CalyxOS and it's pre-installed as a system app, so this seems like something that's being built in at the AOSP level of development.

[–] [email protected] 1 points 1 year ago (3 children)

Can't find it in OxygenOS

load more comments (3 replies)
[–] [email protected] 1 points 1 year ago (2 children)

DivestOS here, it's not in my ROM.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Are you looking at system apps? It's installed as a system app on my phone using GrapheneOS

com.android.devicelockcontroller

Looks like it's an AOSP app

[–] [email protected] 1 points 1 year ago

I see it on Graphene too, took away its network perms at least.

load more comments (1 replies)
[–] [email protected] 1 points 1 year ago (6 children)

It must be globally, I'm in Australia. What utter bullshit, since I would have never known if it weren't for my NetGuard firewall app.

[–] [email protected] 1 points 1 year ago (7 children)

Being Australian this is likely one to report to the ACCC, as Aussies at least have basic consumer protection, though that get murky with overseas tech entities.

load more comments (7 replies)
load more comments (5 replies)
[–] [email protected] 1 points 1 year ago (3 children)

Of course, it was a lie since it's still on Play Store an of today and in use.

FWIW, I just searched it up and it's listed as unavailable in my region (USA) 🤷‍♂️ so at the very least, they scoped it down a little bit

[–] [email protected] 1 points 1 year ago

So they region locked it from US, but it can still be pre-installed as a system app from AOSP. And it's available in EU, while was meant to be in Kenya only.

load more comments (2 replies)
load more comments (3 replies)
[–] [email protected] 1 points 1 year ago (1 children)

I know this is a privacy community, but I'm not sure I'm onboard with the outrage on this particular one. If you rent/lease or go on a payment plan for the device you're using, then it isn't yours, it belongs to the entity you borrowed it from.

If I don't make car payments, the bank can repossess my ride. If I dont pay my mortgage or rent, I can be evicted by my landlord or bank.

If I don't make my phone payment, the company should have recourse to prevent me from using their device.

This could open up the ability for bad actors to disable my device, and I agree that's a horrible prospect. But the idea of a legitimate creditor using this feature to reclaim their property is not something I find shocking.

[–] [email protected] 1 points 1 year ago (1 children)

All your points are sound. The issue that I have with this is that remote disable functionality is not necessary to achieve any of these aims. Before they were connected to the internet, people were still able to rent/lease autos and the world managed to survive just fine. There were other ways for lenders to get remunerated for breaking lease terms - they could issue an additional charge, get a court order for repossession, etc. Remote disable was never needed or warranted.

So let's start by considering the due process here. Before, there was some sort of process involved in the repossession act. With remote disable however, the lender can act as judge, jury and executioner so to speak - that party can unilaterally disable the device with no oversight. And if the lender is in the wrong, there is likely no recourse. Another potential issue here is that the lender can change the terms at any time - it can arbitrarily decide that it doesn't like what you're doing with the device, decide you're in breach, and hit that remote kill switch. A lot of these things could technically happen before too, but the barriers have been dramatically lowered now.

On top of this, there are great privacy concerns as well. What kinds of additional information does the lender have? What right do they have to things like our location, our habits, when we use it, and all of the other personal details that they can infer from programs like this?

There are probably lots of other issues here, but another part of the problem is that we can't even start to imagine what kinds of nefarious behaviors they can execute with this new information and power. We are well into the age where our devices are becoming our enemies instead of our advocates. I shudder to think what the world would look like 20 years from now if this kind of behavior isn't stopped.

[–] [email protected] 1 points 1 year ago (1 children)

Perfectly stated! The moralizing story kind of serves as cover, as a complete blank check to excuse practically any behavior of the lender, without any limiting principle.

[–] [email protected] 1 points 1 year ago

Right - they say that they're just going to use it to defend their "property rights". In practice, they're going to use it for a whole lot more than just that....

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I'm using a fresh install of GrapheneOS, and this is installed too. Not sure what that suggests, except that it's possibly some core system level app.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (3 children)

Oh jesus, that's crazy that it's on GrapheneOS too.

Edit: I'm on a no-longer-supported GrapheneOS install on a Pixel 3a. I've checked and it's not there for me. I also don't live in the US (like OP). I wonder when it would've been added?

[–] [email protected] 1 points 1 year ago (1 children)

There's little to no info out there, but I did see some suggestions on a forum, that it may also be installed when setting up a Work profile. I use Shelter to create said isolated Work profile. I wonder if that's a possibile explanation.

[–] [email protected] 1 points 1 year ago

This may be the case, as I also have a work profile set up via Shelter.

Weird that it's installed in GrapheneOS also though.

In any case, even if setting up a work profile, it should just not be installed.

A potential backdoor as a ransomware exploit for anyone who has a work profile on their phone, I would guess. Unless there are other apps bundled with android that also lock you out of your phone.

[–] [email protected] 1 points 1 year ago

According to people from GrapheneOS these are two different things:

To be clear, https://play.google.com/store/apps/details?id=com.google.android.apps.devicelock is not what's included in GrapheneOS. There seems to be some confusion about that. This is the app that does what's being described.

What you see in GrapheneOS is https://android.googlesource.com/platform/packages/modules/DeviceLock/+/b1a971a6e29f5b426b13d96d7692e9dd5a7e81e2/DeviceLockController/

https://discuss.grapheneos.org/d/11639-device-lock-controller/9

load more comments (1 replies)
load more comments
view more: next ›