this post was submitted on 21 Mar 2024
3 points (100.0% liked)

Privacy

31128 readers
690 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod
Yayannick@lemmy.ml
ranok@sopuli.xyz
3
Google Allows Creditors to Brick Your Phone (lemmy.world)
submitted 5 months ago* (last edited 5 months ago) by MisterFrog@lemmy.world to c/privacy@lemmy.ml
76 comments fedilink hide all child comments
 

I installed NetGuard about a month ago and blocked all internet to apps, unless they're on a whitelist. No notifications from this particular system app (that can't be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?

Edit 2: I bought my Pixel 6 phone outright, directly from Google's Australian store. I have no creditors.

Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?

I don't even live in the US, so what the actual fuck?

Edit 1: You can check it's installed (~~stock~~ Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search "DeviceLockController".

I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it's amazing. You can also purchase via Google Play store.

top 50 comments
sorted by: hot top controversial new old
[–] Outtatime@sh.itjust.works 3 points 5 months ago (15 children)

This type of tech is already being put into vehicles as well. I used to get laughed at 20 years ago when I predicted this. Nobody is laughing anymore. If anything, they just accept it.

[–] MalReynolds@slrpnk.net 1 points 5 months ago (2 children)

Sigh. Way too much freeze in fight, flight or freeze...

load more comments (2 replies)
load more comments (14 replies)
[–] MisterFrog@lemmy.world 2 points 5 months ago* (last edited 5 months ago) (2 children)

Requests the app made today.

This is my phone I own outright, by the way. I don't have any creditors.

Update for those curious:

[–] refurbishedrefurbisher@lemmy.sdf.org 1 points 5 months ago (6 children)

adb shell pm uninstall --user 0 com.google.android.devicelockcontroller

If you're using Shelter, then in addition to that command, replace --user 0 with --user 10

You don't need root to do this. You can also uninstall other bloatware using this same method.

[–] MisterFrog@lemmy.world 1 points 5 months ago

Hero, I just have to get around to doing it 😅 (I will, but grumble, grumble this is why most people don't bother battling for privacy)

[–] bigkahuna1986@lemmy.ml 1 points 5 months ago

I tried this on a Pixel 7 and am getting:

panther:/ $ pm uninstall --user 0 com.google.android.devicelockcontroller

Failure [DELETE_FAILED_INTERNAL_ERROR]

I also tried disable and got:

Cannot disable a protected package: com.google.android.devicelockcontroller

load more comments (4 replies)
[–] Salix@sh.itjust.works 1 points 5 months ago

I find it interesting that yours is com.google.android.devicelockcontroller.

I checked mine on GrapheneOS and it looks like it's the AOSP version of the package: com.android.devicelockcontroller

[–] BrikoX@lemmy.zip 1 points 5 months ago (6 children)

In 2020 Google claimed it was supposed to be limited to a single region in partnership with a single carrier. And was never meant to be put up on Play Store.

A spokesperson from Google reached out to clarify some details about the Device Lock Controller app. To start with, Google says they launched this app in collaboration with a Kenyan carrier called Safaricom.

Google has confirmed that the Device Lock Controller app should not be listed on the Google Play Store for users in the U.S., and they will work to take down the listing.

Source: https://www.xda-developers.com/google-device-lock-controller-banks-payments/

Of course, it was a lie since it's still on Play Store an of today and in use.

[–] Ledivin@lemmy.world 1 points 5 months ago (4 children)

Of course, it was a lie since it's still on Play Store an of today and in use.

FWIW, I just searched it up and it's listed as unavailable in my region (USA) 🤷‍♂️ so at the very least, they scoped it down a little bit

[–] BrikoX@lemmy.zip 1 points 5 months ago

So they region locked it from US, but it can still be pre-installed as a system app from AOSP. And it's available in EU, while was meant to be in Kenya only.

load more comments (3 replies)
[–] MisterFrog@lemmy.world 1 points 5 months ago (6 children)

It must be globally, I'm in Australia. What utter bullshit, since I would have never known if it weren't for my NetGuard firewall app.

[–] noorbeast@lemmy.zip 1 points 5 months ago (7 children)

Being Australian this is likely one to report to the ACCC, as Aussies at least have basic consumer protection, though that get murky with overseas tech entities.

load more comments (7 replies)
load more comments (5 replies)
[–] gerowen@lemmy.world 1 points 5 months ago (2 children)

I'm using CalyxOS and it's pre-installed as a system app, so this seems like something that's being built in at the AOSP level of development.

[–] brb@sh.itjust.works 1 points 5 months ago (3 children)

Can't find it in OxygenOS

load more comments (3 replies)
[–] TWeaK@lemm.ee 1 points 5 months ago (2 children)

DivestOS here, it's not in my ROM.

[–] Salix@sh.itjust.works 1 points 5 months ago* (last edited 5 months ago) (1 children)

Are you looking at system apps? It's installed as a system app on my phone using GrapheneOS

com.android.devicelockcontroller

Looks like it's an AOSP app

[–] AmbiguousProps@lemmy.today 1 points 5 months ago

I see it on Graphene too, took away its network perms at least.

[–] BentiGorlich@thebrainbin.org 1 points 5 months ago

iodéOS here and I can't find it on my phone either (yes I looked at the system apps)

load more comments (3 replies)
[–] Max_P@lemmy.max-p.me 1 points 5 months ago (4 children)

At least it's open-source: https://android.googlesource.com/platform/packages/modules/DeviceLock/+/refs/heads/main/DeviceLockController/

And that'd be why custom roms have it. It's part of the base Android system.

load more comments (4 replies)
[–] wesker@lemmy.sdf.org 1 points 5 months ago* (last edited 5 months ago) (1 children)

I'm using a fresh install of GrapheneOS, and this is installed too. Not sure what that suggests, except that it's possibly some core system level app.

[–] communism@lemmy.ml 1 points 5 months ago* (last edited 5 months ago) (3 children)

Oh jesus, that's crazy that it's on GrapheneOS too.

Edit: I'm on a no-longer-supported GrapheneOS install on a Pixel 3a. I've checked and it's not there for me. I also don't live in the US (like OP). I wonder when it would've been added?

[–] Bronco1676@lemmy.ml 1 points 5 months ago

According to people from GrapheneOS these are two different things:

To be clear, https://play.google.com/store/apps/details?id=com.google.android.apps.devicelock is not what's included in GrapheneOS. There seems to be some confusion about that. This is the app that does what's being described.

What you see in GrapheneOS is https://android.googlesource.com/platform/packages/modules/DeviceLock/+/b1a971a6e29f5b426b13d96d7692e9dd5a7e81e2/DeviceLockController/

https://discuss.grapheneos.org/d/11639-device-lock-controller/9

[–] wesker@lemmy.sdf.org 1 points 5 months ago (1 children)

There's little to no info out there, but I did see some suggestions on a forum, that it may also be installed when setting up a Work profile. I use Shelter to create said isolated Work profile. I wonder if that's a possibile explanation.

[–] MisterFrog@lemmy.world 1 points 5 months ago

This may be the case, as I also have a work profile set up via Shelter.

Weird that it's installed in GrapheneOS also though.

In any case, even if setting up a work profile, it should just not be installed.

A potential backdoor as a ransomware exploit for anyone who has a work profile on their phone, I would guess. Unless there are other apps bundled with android that also lock you out of your phone.

[–] MalReynolds@slrpnk.net 1 points 5 months ago* (last edited 5 months ago)

Seems unlikely if you outright own it, this is for bought on a plan type stuff, no ?

Edit: On further reading, apparently not. WTAF?

[–] rockstarmode@lemmy.world 1 points 5 months ago (1 children)

I know this is a privacy community, but I'm not sure I'm onboard with the outrage on this particular one. If you rent/lease or go on a payment plan for the device you're using, then it isn't yours, it belongs to the entity you borrowed it from.

If I don't make car payments, the bank can repossess my ride. If I dont pay my mortgage or rent, I can be evicted by my landlord or bank.

If I don't make my phone payment, the company should have recourse to prevent me from using their device.

This could open up the ability for bad actors to disable my device, and I agree that's a horrible prospect. But the idea of a legitimate creditor using this feature to reclaim their property is not something I find shocking.

[–] namingthingsiseasy@programming.dev 1 points 5 months ago (1 children)

All your points are sound. The issue that I have with this is that remote disable functionality is not necessary to achieve any of these aims. Before they were connected to the internet, people were still able to rent/lease autos and the world managed to survive just fine. There were other ways for lenders to get remunerated for breaking lease terms - they could issue an additional charge, get a court order for repossession, etc. Remote disable was never needed or warranted.

So let's start by considering the due process here. Before, there was some sort of process involved in the repossession act. With remote disable however, the lender can act as judge, jury and executioner so to speak - that party can unilaterally disable the device with no oversight. And if the lender is in the wrong, there is likely no recourse. Another potential issue here is that the lender can change the terms at any time - it can arbitrarily decide that it doesn't like what you're doing with the device, decide you're in breach, and hit that remote kill switch. A lot of these things could technically happen before too, but the barriers have been dramatically lowered now.

On top of this, there are great privacy concerns as well. What kinds of additional information does the lender have? What right do they have to things like our location, our habits, when we use it, and all of the other personal details that they can infer from programs like this?

There are probably lots of other issues here, but another part of the problem is that we can't even start to imagine what kinds of nefarious behaviors they can execute with this new information and power. We are well into the age where our devices are becoming our enemies instead of our advocates. I shudder to think what the world would look like 20 years from now if this kind of behavior isn't stopped.

[–] abbenm@lemmy.ml 1 points 5 months ago (1 children)

Perfectly stated! The moralizing story kind of serves as cover, as a complete blank check to excuse practically any behavior of the lender, without any limiting principle.

[–] namingthingsiseasy@programming.dev 1 points 5 months ago

Right - they say that they're just going to use it to defend their "property rights". In practice, they're going to use it for a whole lot more than just that....

load more comments
view more: next ›