Android System SafetyCore: Difference between revisions

(2 intermediate revisions by 2 users not shown)

Line 1:

{{~~StubNotice~~}}{{InfoboxProductLine

{{Incomplete|Issue 1= The incident is based mostly on speculation and (warranted) suspiciousness with Google's actions. More sources are needed or change of scope/deletion of the incident.|Issue 2= This is currently formatted as a product page, it may be a candidate to turn into an incident}}

{{InfoboxProductLine

| Title = {{PAGENAME}}

| Release Year =2025

Line 5:

Line 7:

| In Production =Yes

| Official Website =N/A

| Logo =~~QuestionMark~~.~~svg~~

| Logo =SafetyCore.png

}}Android System SafetyCore is ~~a program~~ developed and released by [[Google]] for the [[Android]] platform. Google ~~claims that~~ the software provides on-~~device security~~ for any Android devices running version 9 (pie) or later.<ref>https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html</ref>

}}

Android System SafetyCore is an app developed and released by [[Google]] for the [[Android]] platform. According to [[Google]] the software provides locally-run nudity censoring for any Android devices running version 9 (pie) or later.<ref name=":0">{{Cite web |date=22 Oct 2024 |title=5 new protections on Google Messages to help keep you safe |url=https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html |url-status=live |access-date=15 Apr 2025 |website=Google Security Blog}}</ref>

~~Due to~~ a lack of ~~transparency~~ and open sourcing, it has brought significant amounts of concern from consumers, especially those who work in tech security. <ref>https://www.protectstar.com/en/blog/android-system-safetycore-hidden-installation-and-what-you-should-know</ref><ref>https://www.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/</ref><ref>https://forum.puppylinux.com/viewtopic.php?p=142400</ref><ref>https://forum.artixlinux.org/index.php/topic,7782.msg46658.~~html~~

==Consumer impact summary==

User Freedom: Can be uninstalled, however a lack of communication and difficulty to find the installed app should call this freedom into question.

</~~ref~~>

User Privacy: Claimed to "only scan files sent on messages app"<ref name=":0" />

==~~Consumer impact summary~~==

==Incidents==

~~{{Placeholder box|Overview~~ of ~~concerns that arise from~~ the ~~conduct towards users of the product (if applicable)~~:

This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the

* User Freedom

[[Category:Android| Arndroid category]]

* User Privacy

.

* Business Model

===Installation without informed consent (January 22, 2025)===

* Market Control}}

In January 22, 2025, Google quietly rolled out Android System SafetyCore to all Android devices. The installation of the program neither informed consumers that it was installed, nor did it request consumers to install it onto their devices.<ref>{{Cite web |last=Thitu |first=Naftary |date=10 Feb 2025 |title=Rogue or Safe App? Unmasking Android System SafetyCore |url=https://techweez.com/2025/02/07/hidden-guardian-or-unwanted-intruder-unmasking-android-system-safetycore/ |url-status=live |access-date=15 Apr 2025 |website=techweez}}</ref><ref>{{Cite web |title=Android System SafetyCore |url=https://www.reddit.com/r/antivirus/comments/1iih2ll/android_system_safetycore/ |url-status=live |access-date=15 Apr 2025 |website=[[Reddit]]}}</ref> This additionally bypassed any features consumers have enabled that blocks installations of programs without consumer approval first.

$2

Due to a lack of both transparency or open sourcing, it has brought significant amounts of concern from consumers, especially those who work in tech security. <ref>{{Cite web |date=11 Feb 2025 |title=Android System SafetyCore: Hidden Installation and What You Should Know |url=https://www.protectstar.com/en/blog/android-system-safetycore-hidden-installation-and-what-you-should-know |url-status=live |access-date=15 Apr 2025 |website=ProtectStar}}</ref><ref>{{Cite web |title=Guys help some app called android system safetycore installed automatically |url=https://www.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/ |url-status=live |access-date=15 Apr 2025 |website=[[Reddit]]}}</ref><ref>{{Cite web |last=@dancytron |date=8 Feb 2025 |title=Android System SafetyCore |url=https://www.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/ |url-status=live |access-date=15 Apr 2025 |website=Puppy Linux Discussion Forum}}</ref><ref>{{Cite web |last=@Phosphate5 |date=12 Feb 2025 |title=Android System SafetyCore is being silently installed on android devices |url=https://forum.artixlinux.org/index.php/topic,7782.msg46658.html |url-status=live |access-date=15 Apr 2025 |website=Artix Linux Forum}}

==~~Incidents~~==

</ref> With [[Google]] directly stating that the program scans photos that are sent on the messages app, it has set a precedent for this concern as well, since malicious actors or [[Google]] themselves could theoretically hijack this product for illicit purposes, such as setting the app to scan for more than just mature photos, or scanning files beyond just what the messages app is allowed.

~~This is a list of all consumer protection incidents related to this product~~. ~~Any incidents not mentioned here can be found in the~~ [[~~:Category:~~{{~~PAGENAME~~}}|{{~~PAGENAME~~}} ~~category]].~~

{{Placeholder box|* [[~~Example incident one~~]] ~~(date): Short summary of~~ the ~~incident (could be~~ the ~~same~~ as ~~the summary preceding the article).~~

* [[~~Example incident two~~]] ~~(date):~~

~~Incidents affecting the entire~~ product ~~line can be found in~~ the ~~product line article: [[Product line article~~, or ~~company article if there~~ is ~~no product line]]}}~~

==~~= Installation without informed consent (January 22,~~ 2025) ===

This lack of transparency has been also cited as a concern from GrapheneOS maintainers, stating that because it is not open source, they will not be including the app inside their operating system.<ref>{{Cite web |last=@GrapheneOS |date=8 Feb 2025 |title=The functionality provided by Google's new Android System SafetyCore app available through the Play Store is covered here: https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html Neither this app or the Google Messages app using it are part of GrapheneOS and neither will be, but GrapheneOS users can choose to install and use both. Google Messages still works without the new app. The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users. It's unfortunate that it's not open source and released as part of the Android Open Source Project and the models also aren't open let alone open source. It won't be available to GrapheneOS users unless they go out of the way to install it. We'd have no problem with having local neural network features for users, but they'd have to be open source. We wouldn't want anything saving state by default. It'd have to be open source to be included as a feature in GrapheneOS though, and none of it has been so it's not included. Google Messages uses this new app to classify messages as spam, malware, nudity, etc. Nudity detection is an optional feature which blurs media detected as having nudity and makes accessing it require going through a dialog. Apps have been able to ship local AI models to do classification forever. Most apps do it remotely by sharing content with their servers. Many apps have already have client or server side detection of spam, malware, scams, nudity, etc. Classifying things like this is not the same as trying to detect illegal content and reporting it to a service. That would greatly violate people's privacy in multiple ways and false positives would still exist. It's not what this is and it's not usable for it. GrapheneOS has all the standard hardware acceleration support for neural networks but we don't have anything using it. All of the features they've used it for in the Pixel OS are in closed source Google apps. A lot is Pixel exclusive. The features work if people install the apps. |url=https://x.com/GrapheneOS/status/1888280836426084502?mx=2 |url-status=live |access-date=15 Apr 2025 |website=[[X]]}}</ref>

~~In January 22, 2025,~~ Google ~~quietly released~~ Android System SafetyCore to ~~all~~ Android ~~devices~~. ~~The installation~~ of the ~~program neither informed consumers that~~ it ~~was installed~~, ~~nor did~~ it ~~request consumers~~ to ~~install~~ it ~~onto~~ their ~~devices~~. ~~This additionally bypassed any features consumers~~ have ~~enabled that blocks installations~~ of ~~programs without consumer approval first~~.

==See also==

~~{{Placeholder box|Link to relevant theme articles or products with similar incidents.}}~~

- [[Android]]

*[[Android]]

*[[Google]]

~~- [[Google]]~~

==References==

[[Category:~~{{PAGENAME}}~~]]

[[Category:Android]]

@@ Line 1: / Line 1: @@
-{{StubNotice}}{{InfoboxProductLine
+{{Incomplete|Issue 1= The incident is based mostly on speculation and (warranted) suspiciousness with Google's actions. More sources are needed or change of scope/deletion of the incident.|Issue 2= This is currently formatted as a product page, it may be a candidate to turn into an incident}}
+{{InfoboxProductLine
 | Title = {{PAGENAME}}
 | Release Year =2025
@@ Line 5: / Line 7: @@
 | In Production =Yes
 | Official Website =N/A
-| Logo =QuestionMark.svg
+| Logo =SafetyCore.png
-}}Android System SafetyCore is a program developed and released by [[Google]] for the [[Android]] platform. Google claims that the software provides on-device security for any Android devices running version 9 (pie) or later.<ref>https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html</ref>
+}}
+Android System SafetyCore is an app developed and released by [[Google]] for the [[Android]] platform. According to [[Google]] the software provides locally-run nudity censoring for any Android devices running version 9 (pie) or later.<ref name=":0">{{Cite web |date=22 Oct 2024 |title=5 new protections on Google Messages to help keep you safe |url=https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html |url-status=live |access-date=15 Apr 2025 |website=Google Security Blog}}</ref>
-Due to a lack of transparency and open sourcing, it has brought significant amounts of concern from consumers, especially those who work in tech security. <ref>https://www.protectstar.com/en/blog/android-system-safetycore-hidden-installation-and-what-you-should-know</ref><ref>https://www.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/</ref><ref>https://forum.puppylinux.com/viewtopic.php?p=142400</ref><ref>https://forum.artixlinux.org/index.php/topic,7782.msg46658.html
+==Consumer impact summary==
+User Freedom: Can be uninstalled, however a lack of communication and difficulty to find the installed app should call this freedom into question.
-</ref>
+User Privacy: Claimed to "only scan files sent on messages app"<ref name=":0" />
-==Consumer impact summary==
+==Incidents==
-{{Placeholder box|Overview of concerns that arise from the conduct towards users of the product (if applicable):
+This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the
-* User Freedom
+[[Category:Android| Arndroid category]]
-* User Privacy
+.
-* Business Model
+===Installation without informed consent (January 22, 2025)===
-* Market Control}}
+In January 22, 2025, Google quietly rolled out Android System SafetyCore to all Android devices. The installation of the program neither informed consumers that it was installed, nor did it request consumers to install it onto their devices.<ref>{{Cite web |last=Thitu |first=Naftary |date=10 Feb 2025 |title=Rogue or Safe App? Unmasking Android System SafetyCore |url=https://techweez.com/2025/02/07/hidden-guardian-or-unwanted-intruder-unmasking-android-system-safetycore/ |url-status=live |access-date=15 Apr 2025 |website=techweez}}</ref><ref>{{Cite web |title=Android System SafetyCore |url=https://www.reddit.com/r/antivirus/comments/1iih2ll/android_system_safetycore/ |url-status=live |access-date=15 Apr 2025 |website=[[Reddit]]}}</ref> This additionally bypassed any features consumers have enabled that blocks installations of programs without consumer approval first.
-$2
+Due to a lack of both transparency or open sourcing, it has brought significant amounts of concern from consumers, especially those who work in tech security. <ref>{{Cite web |date=11 Feb 2025 |title=Android System SafetyCore: Hidden Installation and What You Should Know |url=https://www.protectstar.com/en/blog/android-system-safetycore-hidden-installation-and-what-you-should-know |url-status=live |access-date=15 Apr 2025 |website=ProtectStar}}</ref><ref>{{Cite web |title=Guys help some app called android system safetycore installed automatically |url=https://www.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/ |url-status=live |access-date=15 Apr 2025 |website=[[Reddit]]}}</ref><ref>{{Cite web |last=@dancytron |date=8 Feb 2025 |title=Android System SafetyCore |url=https://www.reddit.com/r/antivirus/comments/1gpdhwz/guys_help_some_app_called_android_system/ |url-status=live |access-date=15 Apr 2025 |website=Puppy Linux Discussion Forum}}</ref><ref>{{Cite web |last=@Phosphate5 |date=12 Feb 2025 |title=Android System SafetyCore is being silently installed on android devices |url=https://forum.artixlinux.org/index.php/topic,7782.msg46658.html |url-status=live |access-date=15 Apr 2025 |website=Artix Linux Forum}}
-==Incidents==
+</ref> With [[Google]] directly stating that the program scans photos that are sent on the messages app, it has set a precedent for this concern as well, since malicious actors or [[Google]] themselves could theoretically hijack this product for illicit purposes, such as setting the app to scan for more than just mature photos, or scanning files beyond just what the messages app is allowed.
-This is a list of all consumer protection incidents related to this product. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]].
-{{Placeholder box|* [[Example incident one]] (date): Short summary of the incident (could be the same as the summary preceding the article).
-* [[Example incident two]] (date):
-Incidents affecting the entire product line can be found in the product line article: [[Product line article, or company article if there is no product line]]}}
-=== Installation without informed consent (January 22, 2025) ===
+This lack of transparency has been also cited as a concern from GrapheneOS maintainers, stating that because it is not open source, they will not be including the app inside their operating system.<ref>{{Cite web |last=@GrapheneOS |date=8 Feb 2025 |title=The functionality provided by Google's new Android System SafetyCore app available through the Play Store is covered here: https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html Neither this app or the Google Messages app using it are part of GrapheneOS and neither will be, but GrapheneOS users can choose to install and use both. Google Messages still works without the new app. The app doesn't provide client-side scanning used to report things to Google or anyone else. It provides on-device machine learning models usable by applications to classify content as being spam, scams, malware, etc. This allows apps to check content locally without sharing it with a service and mark it with warnings for users. It's unfortunate that it's not open source and released as part of the Android Open Source Project and the models also aren't open let alone open source. It won't be available to GrapheneOS users unless they go out of the way to install it. We'd have no problem with having local neural network features for users, but they'd have to be open source. We wouldn't want anything saving state by default. It'd have to be open source to be included as a feature in GrapheneOS though, and none of it has been so it's not included. Google Messages uses this new app to classify messages as spam, malware, nudity, etc. Nudity detection is an optional feature which blurs media detected as having nudity and makes accessing it require going through a dialog. Apps have been able to ship local AI models to do classification forever. Most apps do it remotely by sharing content with their servers. Many apps have already have client or server side detection of spam, malware, scams, nudity, etc. Classifying things like this is not the same as trying to detect illegal content and reporting it to a service. That would greatly violate people's privacy in multiple ways and false positives would still exist. It's not what this is and it's not usable for it. GrapheneOS has all the standard hardware acceleration support for neural networks but we don't have anything using it. All of the features they've used it for in the Pixel OS are in closed source Google apps. A lot is Pixel exclusive. The features work if people install the apps. |url=https://x.com/GrapheneOS/status/1888280836426084502?mx=2 |url-status=live |access-date=15 Apr 2025 |website=[[X]]}}</ref>
-In January 22, 2025, Google quietly released Android System SafetyCore to all Android devices. The installation of the program neither informed consumers that it was installed, nor did it request consumers to install it onto their devices. This additionally bypassed any features consumers have enabled that blocks installations of programs without consumer approval first.
 ==See also==
-{{Placeholder box|Link to relevant theme articles or products with similar incidents.}}
-- [[Android]]
+*[[Android]]
+*[[Google]]
-- [[Google]]
 ==References==
 {{reflist}}
-[[Category:{{PAGENAME}}]]
+[[Category:Android]]