The first time I had a samsung phone I noticed after about two weeks that every single word I typed into any application was being collected and sent to a third party whose privacy policy said it was used to collect data about my interests, my social life, to make guesses about my intelligence level and education, and that the data would be sold for "market research" among other things.
No user would ever suspect that the keyboard that came with their cell phone would be letting third parties read all their texts and emails to do those things. I'd assumed the keyboard was just a part of the OS. I only found out after I just happened to long press a key long enough to get an "about samsung keyboard" window and clicking around to find a privacy policy that said which company they were sending keystrokes to, and then reading that company's privacy policy.
I immediately found an open source keyboard to replace samsung's with. I'll say one thing for them, collecting everything everyone types into their devices meant that the samsung keyboard had really good spellchecking/predictive text capabilities. I'd never go back to using it, but there are times I wish the keyboard I replaced it with had a better spellchecker.
1. Samsung is able to sell phones like that legally.
2. People are not in jail.
3. Governments somehow think it's ok that random companies can see everything their citizens do online. National security risks maybe? Trade secret issues?
It's almost suspicious to the point where I would start thinking those third party spy companies are possibly (US/5 eyes) government run?
well websites ad-tech have been very able to track mouse movement/location, characters pressed (but not submitted) for 15 years at least; people are fine with this fact too (even if its 1 or 2 monopolies that phone home - and then share data lol)
android's have done similar for a very long time; customers have known about it, and turn a blind eye cuz its a new-shiney
Yes, but this "makes sense" considering that data is being sent to US companies that are basically integral part of the NSA by now.
So it makes sense from a US-gov perspective.
My point was that the Samsung spyware is sending data about (for example) US users to non-US companies and government (South Korea). I guess they're also integral part of the NSA by now. I have no other explanation :P
“Mind blowing” is too strong a word when every thread about Apple on HN is demanding the iPhone be opened up to the same, taking away non-tech people’s choice to buy a bloat free and privacy defaulted device designed to stay that way even if people more technically savvy try to hook in.
It’s a fine line, of course, since the same non-tech people love IAP and ad-supported, as shown by the folks opting into ads on Hulu, Netflix, and Amazon Prime decades after similarly opting into ads on paid cable. So how to let users have ad-tech supported apps, without ending up like the Android ecosystem?
> legally … not in jail
Apple’s approach was a curated ecosystem, and the level of hate for it tells you app makers aren’t worried they should be in jail, they’re worried iOS users have that sweet sweet “wallet share”. HN’s EU DMA threads tell you plenty voices don’t just want what they do legal, they want it illegal to slow their roll.
PS. A lot of big data and big analytics cross pollinates with the US government. Three letter agencies even do VC deals.
Meanwhile I'm over here on a rooted android phone with no pre installed anything and a custom build of chromium that let's me have ublock origin on my phone. And RCS still works cause I guess they can't detect my old version of magisk.
I suspect it's npt just Samsung. Both google and microsoft (SwiftKey) does the same thing.
The worst part is that the most used national ID-function now stops you from using third party "approved" keyboard due to (misguided) security reasons. Both AnySoftKeyboard and AOSP keyboard is banned.
I wouldn't mind so much of Google/Microsoft/Samsung etc collected all data in house (including subcontractor companies who won't share this information with anyone else). If they kept it to themselves and said "just trust me, bro" to advertisers and kept my data to themselves I don't think I'd mind too much. But clearly that's not what happens here. They don't have nearly enough leverage against the advertisers.
The need for stronger legislation is overdue by now.
There is already a Foss mobile OS, it's called Android, or more specifically a distribution of it like LineageOS. But installing it is so difficult that only 1% of people have the technical know how to even attempt it, and it's getting more difficult as manufacturers introduce more and more hurdles in this process.
Which is all irrelevant anyway because the vast majority of people done even realise that everything they see, do, or type on their phones is reported to hundreds of companies, processed, and te-sold to thousands of companies all over the world.
It's regulation that forces people into Google and Apple ecosystems. Due to the payment security regulation I'm no longer able to use Android phone without Google services. SMS authentication is gone and I must have a bank app that must be installed from Google Play and uses Google services, also it detects root and stops working. Also, my bank used to have an app that completely bypassed Google Pay and worked even offline, like a card would - also canceled by the regulation.
The issue here isn't that there is regulation, it's that the regulation is badly written. For essential services such as banking and government stuff, you shouldn't be forced to rely on things like the Google Play Store and Apple stuff. This kind of stuff should work even on a debloated, degoogled phone. And the regulation must be improved, not thrown away.
Politicians of course have hard time with technology, so of course the regulation will be terrible for users, especially given the Big Tech lobbying, but still. We should do better.
I'm a citizen of a small EU country that has voting power in the EU parliament near zero percent. They should do better, indeed, but what can I do. Much bigger fishes (even the banks) tried to convince the EU this is bad, it probably didn't even register on their radar. From my perspective, the regulation will always be bad, I can't do anything about it however hard I try, and so it shouldn't exist at all.
> I'm a citizen of a small EU country that has voting power in the EU parliament near zero percent. They should do better, indeed, but what can I do.
You can bring this to the attention of other EU citizens so that they too badger their representatives about this. It's not like any individuals vote in a larger EU country is worth more than yours.
The regulation says that system integrity has to be verified. Some banks don't comply, but many (every one I use) do.
BTW magisk has a way to hide from the apps, so that might be the reason - that doesn't mean there isn't a problem with the regulation. But 2 of my 3 banks see through that. And one of them doesn't want to load on LineageOS even if it's not rooted because it's compiled in some dev mode that might allow something...
> ...like LineageOS. But installing it is so difficult that only 1% of people have the technical know how to even attempt it...
Aside: there is also /e/OS (or MurenaOS - their naming is inconsistent). It is basically LineageOS that someone else installs for you so you get everything in a package [0].
They sell many phones, but it also runs nicely on Fairphones if you want a phone that you can repair (there is of course a compromise in price / performance there - depends on what matters to you the most).
What do you mean incompatible with LineageOS? In LineageOS you have to choice to install Google services like Google Play, or use the Aurora store.
In /e/os/ they have their own app store, App Lounge, with which you can install apps from Google Play through the Google Play API, similar to how the Aurora store does it. And you can also find open-source and PWA apps in it.
I use fdroid and aurora store for installing apps, and push notifications work nicely using microg. Of course microg needs to connect to G servers (no way around it), but at least it works and there is no G app running on the phone.
Ye it is strange that they abandon the simple, safe, cheap and idiot proof key device and go for some convoluted 2FA app that is run on the same device anyways.
I did the mistake of trying to find one via Google Play. It pushes so much malware to the top and wont allow you to filter the search. Discoverability there is zero.
It is like I always forgot I need to use fdroid and open Play by muscle memory.
Other alternatives: OpenBoard, FlorisBoard and HeliBoard (OpenBoard fork). Excluding FlorisBoard beta and HeliBoard, these also have quite infrequent releases like ASK.
Hmm, seems to not be available for my Pixel 6. The github looks very active but there hasnt been a release there (or Google Play or Fdroid) in over 2 years.
If you buy a laptop and the OEM has pre-installed a keylogger then it is still a keylogger. Most people don't choos their Android keyboard but use whatever is the default on the device they bought.
NoRoot Firewall app (I'm not affiliated). I must have brought it up in every Android security related post in HN that I've came across.
I use it on all my Android devices. I block all traffic in most apps.
Some Android phones allow you to allow/block Data and/or WiFi separately. My Samsung 4G tablet doesn't allow me to switch off Data or WiFi for some apps, especially the system ones.
This is where NoRoot Firewall does all its good work. It has Global Block list (all ads/trackers go there) and for each app I individually block or allow certain IPs.
So if "Samsung Keyboard" app wants to send your typing home, you block Data/WiFi and leave it trying :)
Indeed. 99% of people will never even realise this is happening. Its crazy that "reading everything typed in a person's device without that person's awareness" is not something that has been legislated into oblivion.
But there is no "privacy policy" on the Samsung keyboard about page.
The Samsungs privacy policy on the web states this:
Samsung Keyboard information: The words that you type when you enable “Predictive text”. This feature may be offered in connection with your Samsung account to synchronise the data for use on your other Samsung mobile devices. You can clear the data by going to the “Predictive text” settings.
I wouldn't doubt if it's changed a few times. The phone was a 2016 Galaxy J3 V. I no longer remember the name of the 3rd party they were using for predictive text at the time, but I know that in the past they've used SwiftKey and Grammarly
No user would ever suspect that the keyboard that came with their cell phone would be letting third parties read all their texts and emails to do those things. I'd assumed the keyboard was just a part of the OS. I only found out after I just happened to long press a key long enough to get an "about samsung keyboard" window and clicking around to find a privacy policy that said which company they were sending keystrokes to, and then reading that company's privacy policy.
I immediately found an open source keyboard to replace samsung's with. I'll say one thing for them, collecting everything everyone types into their devices meant that the samsung keyboard had really good spellchecking/predictive text capabilities. I'd never go back to using it, but there are times I wish the keyboard I replaced it with had a better spellchecker.