this post was submitted on 21 Mar 2024
1119 points (97.3% liked)

Privacy

29764 readers
838 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
1119
Google Allows Creditors to Brick Your Phone (lemmy.world)
submitted 3 months ago* (last edited 3 months ago) by MisterFrog to c/[email protected]
364 comments fedilink hide all child comments
 

I installed NetGuard about a month ago and blocked all internet to apps, unless they're on a whitelist. No notifications from this particular system app (that can't be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?

Edit 2: I bought my Pixel 6 phone outright, directly from Google's Australian store. I have no creditors.

Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?

I don't even live in the US, so what the actual fuck?

Edit 1: You can check it's installed (~~stock~~ Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search "DeviceLockController".

I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it's amazing. You can also purchase via Google Play store.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 232 points 3 months ago (6 children)

In 2020 Google claimed it was supposed to be limited to a single region in partnership with a single carrier. And was never meant to be put up on Play Store.

A spokesperson from Google reached out to clarify some details about the Device Lock Controller app. To start with, Google says they launched this app in collaboration with a Kenyan carrier called Safaricom.

Google has confirmed that the Device Lock Controller app should not be listed on the Google Play Store for users in the U.S., and they will work to take down the listing.

Source: https://www.xda-developers.com/google-device-lock-controller-banks-payments/

Of course, it was a lie since it's still on Play Store an of today and in use.

[–] MisterFrog 88 points 3 months ago (7 children)

It must be globally, I'm in Australia. What utter bullshit, since I would have never known if it weren't for my NetGuard firewall app.

[–] [email protected] 73 points 3 months ago (2 children)

Being Australian this is likely one to report to the ACCC, as Aussies at least have basic consumer protection, though that get murky with overseas tech entities.

[–] MisterFrog 30 points 3 months ago (1 children)

Unfortunately the ACCC gives fewer fucks than you may expect. An airline once cancelled a flight on me and kept the cancellation fee, despite producing no evidence that any government had forced them to cancel the flight (this was during COVID).

ACCC did not care one bit

So while we do have some consumer protection (better than most) I would be surprised if they cared.

[–] [email protected] 20 points 3 months ago (5 children)

It's 5 minutes out of your life to try, as an aussie, please do, for charity if nothing else, who knows, you might benefit...

load more comments (5 replies)
load more comments (1 replies)
load more comments (6 replies)
[–] gerowen 40 points 3 months ago (11 children)

I'm using CalyxOS and it's pre-installed as a system app, so this seems like something that's being built in at the AOSP level of development.

load more comments (11 replies)
[–] Ledivin 19 points 3 months ago (3 children)

Of course, it was a lie since it's still on Play Store an of today and in use.

FWIW, I just searched it up and it's listed as unavailable in my region (USA) 🤷‍♂️ so at the very least, they scoped it down a little bit

[–] [email protected] 16 points 3 months ago

So they region locked it from US, but it can still be pre-installed as a system app from AOSP. And it's available in EU, while was meant to be in Kenya only.

[–] MisterFrog 15 points 3 months ago (5 children)

Just because it's not in the Playstore, doesn't mean it's not installed.

It's not listed in the Australian Playstore either, yet here we are with it making internet requests.

It's definitely installed.

load more comments (5 replies)
load more comments (1 replies)
load more comments (3 replies)
[–] [email protected] 123 points 3 months ago (20 children)

This type of tech is already being put into vehicles as well. I used to get laughed at 20 years ago when I predicted this. Nobody is laughing anymore. If anything, they just accept it.

[–] [email protected] 28 points 3 months ago (2 children)

Sigh. Way too much freeze in fight, flight or freeze...

load more comments (2 replies)
load more comments (19 replies)
[–] MisterFrog 108 points 3 months ago* (last edited 3 months ago) (11 children)

Requests the app made today.

This is my phone I own outright, by the way. I don't have any creditors.

Update for those curious:

[–] [email protected] 45 points 3 months ago (7 children)

adb shell pm uninstall --user 0 com.google.android.devicelockcontroller

If you're using Shelter, then in addition to that command, replace --user 0 with --user 10

You don't need root to do this. You can also uninstall other bloatware using this same method.

load more comments (7 replies)
[–] [email protected] 16 points 3 months ago

I find it interesting that yours is com.google.android.devicelockcontroller.

I checked mine on GrapheneOS and it looks like it's the AOSP version of the package: com.android.devicelockcontroller

load more comments (9 replies)
[–] [email protected] 93 points 3 months ago (1 children)

At least it's open-source: https://android.googlesource.com/platform/packages/modules/DeviceLock/+/refs/heads/main/DeviceLockController/

And that'd be why custom roms have it. It's part of the base Android system.

[–] [email protected] 113 points 3 months ago (2 children)

I was able to start some of its private activities with ActivityLauncher as root. Most of them just crash immediately, but the help page is available. And yikes, they got them covered against a possible bypass, no developer tools or sideloading.

Still disappointed this is shipped in LineageOS, but I suspect not for much longer with that publicity.

[–] [email protected] 35 points 3 months ago (8 children)

So, that looks like this is less insane than it sounded... This is for if you buy your phone on a payment plan? Not for creditors more generally to have a option to repossess/dispossess your phone?

[–] MisterFrog 41 points 3 months ago

This is what small claims court is for. To me there is no excuse for this.

[–] SirQuackTheDuck 19 points 3 months ago* (last edited 3 months ago)

Yeah, this is likely something that's configured on an OS level to talk to some server when being sold.

However, note that SIM cards can have a flag that might enable this app (given how much power sim cards have over phones)

Note: no source, just assumptions

Edit: second note: this app isn't present on my EU OnePlus Nord.

load more comments (6 replies)
load more comments (1 replies)
[–] [email protected] 82 points 3 months ago* (last edited 3 months ago) (10 children)

I'm using a fresh install of GrapheneOS, and this is installed too. Not sure what that suggests, except that it's possibly some core system level app.

[–] [email protected] 30 points 3 months ago* (last edited 3 months ago) (3 children)

Oh jesus, that's crazy that it's on GrapheneOS too.

Edit: I'm on a no-longer-supported GrapheneOS install on a Pixel 3a. I've checked and it's not there for me. I also don't live in the US (like OP). I wonder when it would've been added?

[–] [email protected] 17 points 3 months ago (2 children)

There's little to no info out there, but I did see some suggestions on a forum, that it may also be installed when setting up a Work profile. I use Shelter to create said isolated Work profile. I wonder if that's a possibile explanation.

load more comments (2 replies)
load more comments (2 replies)
load more comments (9 replies)
[–] [email protected] 76 points 3 months ago (4 children)

Remember when Google said don't be evil. Ha

[–] [email protected] 54 points 3 months ago (3 children)

I think it was "don't. Be evil."

[–] [email protected] 34 points 3 months ago

"Don't be." -Evil

load more comments (2 replies)
load more comments (3 replies)
[–] rockstarmode 50 points 3 months ago (13 children)

I know this is a privacy community, but I'm not sure I'm onboard with the outrage on this particular one. If you rent/lease or go on a payment plan for the device you're using, then it isn't yours, it belongs to the entity you borrowed it from.

If I don't make car payments, the bank can repossess my ride. If I dont pay my mortgage or rent, I can be evicted by my landlord or bank.

If I don't make my phone payment, the company should have recourse to prevent me from using their device.

This could open up the ability for bad actors to disable my device, and I agree that's a horrible prospect. But the idea of a legitimate creditor using this feature to reclaim their property is not something I find shocking.

[–] [email protected] 61 points 3 months ago (4 children)

All your points are sound. The issue that I have with this is that remote disable functionality is not necessary to achieve any of these aims. Before they were connected to the internet, people were still able to rent/lease autos and the world managed to survive just fine. There were other ways for lenders to get remunerated for breaking lease terms - they could issue an additional charge, get a court order for repossession, etc. Remote disable was never needed or warranted.

So let's start by considering the due process here. Before, there was some sort of process involved in the repossession act. With remote disable however, the lender can act as judge, jury and executioner so to speak - that party can unilaterally disable the device with no oversight. And if the lender is in the wrong, there is likely no recourse. Another potential issue here is that the lender can change the terms at any time - it can arbitrarily decide that it doesn't like what you're doing with the device, decide you're in breach, and hit that remote kill switch. A lot of these things could technically happen before too, but the barriers have been dramatically lowered now.

On top of this, there are great privacy concerns as well. What kinds of additional information does the lender have? What right do they have to things like our location, our habits, when we use it, and all of the other personal details that they can infer from programs like this?

There are probably lots of other issues here, but another part of the problem is that we can't even start to imagine what kinds of nefarious behaviors they can execute with this new information and power. We are well into the age where our devices are becoming our enemies instead of our advocates. I shudder to think what the world would look like 20 years from now if this kind of behavior isn't stopped.

[–] [email protected] 21 points 3 months ago (1 children)

Perfectly stated! The moralizing story kind of serves as cover, as a complete blank check to excuse practically any behavior of the lender, without any limiting principle.

load more comments (1 replies)
load more comments (3 replies)
[–] [email protected] 19 points 3 months ago* (last edited 3 months ago) (3 children)

Oh nono no, the world is much worse than that:

  • If you make all your car payments on time except one, the bank can still repossess your car.

  • If you pay your mortgage or rent on time every time except once, the bank can initiate the process of eviction.

Remember: the power triangle points down

load more comments (3 replies)
load more comments (11 replies)
[–] lemmy_at_em 50 points 3 months ago (10 children)

Version 14 is installed on my Pixel 7 in the USA. I bought this phone outright, no credit, directly from the Google store.

load more comments (10 replies)
[–] BombOmOm 46 points 3 months ago

That entire idea is terrifying.

[–] [email protected] 45 points 3 months ago* (last edited 3 months ago) (15 children)

anyone remember the time when google removed(!) their internal "don't be evil" rule? guess this is part of the outcome of that "be evil" that came along with removal of the opposite. Abuse of this mechanism is IMHO veery predictable ;-)

There are plenty of google-free cellphones, one could easily stick to better products of better companies. help yourself, google's not gonna do that for you within the next 5billion* years as they IMHO already stated they "want" to be evil now, always remember that ;-)

*) thats round about when our sun expands too much for earth, so i currently dislike doing any predictions beyond that point ;-) i do not predict google would last that long, only that they'll keep beeing evil until their end.

[–] [email protected] 59 points 3 months ago* (last edited 3 months ago) (6 children)

anyone remember the time when google removed(!) their internal "don't be evil" rule?

I remember when media falsely reported clickbait articles that they did and people bring that up to this day. They moved it from the introduction to the closing statement. Which you can argue makes it less prominent or whatever, but it was never removed.

Of course it makes no difference, it wasn't followed either way, and definitely isn't followed now. But no, it was never removed. You can see it yourself right here at the end: https://abc.xyz/investor/google-code-of-conduct/

load more comments (6 replies)
load more comments (14 replies)
[–] [email protected] 43 points 3 months ago (1 children)

you will own nothing and be happy

[–] [email protected] 36 points 3 months ago (6 children)

Hey man, quit repeating that. Each time we do it becomes closer to truth. Reality is what we make of it and we if tell these fucks no means no, it'll stop.

We'll own things, and we'll be unhappy about people trying to take away the things we own and paid for.

[–] DannyMac 19 points 3 months ago (12 children)

I think the point of the phrase is to generate outrage to push against it

load more comments (12 replies)
load more comments (5 replies)
[–] [email protected] 34 points 3 months ago* (last edited 3 months ago)

The fun aspect to this is that some banks have forced customers to use an Android for all their banking ops. So:

① You’re late paying a bill
② Creditor locks your phone
③ You cannot access your bank to make the payment because your phone is locked

Brilliant.

[–] [email protected] 33 points 3 months ago* (last edited 3 months ago) (8 children)

Yeah it's because they ship the same OS image for everyone, be it US on a carrier plan or otherwise. Google services has complete control over your device (more than just locking it down), and that's what you should be upset about. For you that app is just harmless bloat, what's actually spooky is google play services as a system app. Do yourself a favor and install grapheneOS.

load more comments (8 replies)
[–] [email protected] 26 points 3 months ago (16 children)

That's just disgusting, but still so normal in the market religion. Google act as judge and executioner above all local laws. Never ever buy a phone that can't be rooted and reconfigured. ..oh, and never again deal with anything Google.. ..oh, or any other big US tech for that matter. ..fuckit, never deal with ANY Capitalist cheater/scumbag unless you have to.

load more comments (16 replies)
[–] [email protected] 23 points 3 months ago* (last edited 3 months ago) (1 children)

Have you tried Universal Android Debloat to disable it?

https://github.com/0x192/universal-android-debloater

Stuff like this is why I root or just flash my phones.

load more comments (1 replies)
[–] [email protected] 22 points 3 months ago (1 children)

Apparently this is the app. https://play.google.com/store/apps/details?id=com.google.android.apps.devicelock

[–] MisterFrog 22 points 3 months ago (7 children)

Says it's not available in my country, but yet it is install and unremovable.

load more comments (7 replies)
[–] BadNewsNobody 20 points 3 months ago (7 children)

Root the phone and remove insane garbage like that. Rip and tear until it is done.

load more comments (7 replies)
[–] GroundedGator 19 points 3 months ago (3 children)

I checked to see if this was on my pixel 6 pro. It wasn't but I found this.

Not something I installed and not something I would allow.

The uninstall did not appear to work UNTIL I disabled the app and cleared the data.

[–] [email protected] 27 points 3 months ago (1 children)

this is installed by default in case you want/need to enable it (company phone). it is a system app so it cannot be uninstalled, after disableing it (which probably does not do anything when it was not setup in the first place) you can uninstall the updates (so the 'old' version that's sitting in the system image is still there)

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 19 points 3 months ago* (last edited 3 months ago) (1 children)

Is 3+ the age restriction?

load more comments (1 replies)
load more comments
view more: next ›