It supposedly works on deep links, so a fully rogue (interaction-less) installation can be possible if that's true.

Most notorious form of bypassing Google Play (outside of core GMS apps) is obviously the Facebook updater, there's a lot of stock ROMs that come with it and it's quite privileged, other than the ability of installing stuff.

Better context
https://twitter.com/topjohnwu/status/1451282578514735131

A good measure of education on security and privacy is proof of the design implications. Simply assuming complete scrapability of publicly accessible (probeable) data lets you avoid many upcoming fuckups.
https://github.com/tejado/telegram-nearby-map

Nekogram has been removed by Google from Play Store for not providing them a phone number to login and review.

I really want to know what Google has reviewed before, without a phone number to login

https://www.theverge.com/22811740/qualcomm-snapdragon-8-gen-1-always-on-camera-privacy-security-concerns

No, it isn't, it serves a specific purpose just like a fingerprint sensor. Both can be abused to read plain data, just like camera stack or Android framework can be abused to capture a photo unknowingly to user. After all, a well-compromised device can use camera any time, this feature doesn't compromise it by itself. In the official words, this feature can be configured to work as a poorman's (as sadly Android doesn't flush the keys with a screen lock, even with the "lockdown" one) deadman switch. Features like Smart Lock should indeed work both ways: letting you to nerf protections in trusted environment (pun not intended), and lock tightly in case of anything risky.


The real privacy concern premiered with an earlier generation, and became showcased also on the current one. Basically, it's the idea of using an embedded, permanent unit/device-unique private key that is meant to be unaccessible to user. By default, that's easily meaningless, just a string of random letters. The problem starts when all of the companies trust only that key, never the one made by you, no matter how much you're able to attest yourself. Such a tactic is dubious both for the security of a key and privacy, since the key involuntarily confirms your device model and/or the exact unit, without letting you to ever make it "clean", since its recognition is based on such authority in the first place. The only way of getting rid of a key bound to you in that scenario is changing your device unit to another, that is if such key is permanently unit-unique. While in case of a key shared among many devices, this idea simply becomes ridiculous. Why? In case of just one leak or successful extraction, all of the trust of a key is lost, while the truth is that you'll never know if it didn't already occur.

As much as it's hard to shortly explain everything that can go bad with the idea of using corp-provisioned permanent key to verify authenticity, the actual biggest concern is big market adoption. The risks of fingerprinting a person become enormous. Unnecessary trust in such architecture increases the incentives to paralyze a service that became used to trusting uncompromised state of a key. Devices containing revoked keys effectively become trash. You can go on, but let's simplify this. Imagine that to register for a social media account, you need to sign your account creation request with your digital-capable ID card. Both the government and social media page may say it's safe, that government doesn't get to know you created a social media account (because your key can be verified offline to come from the government by being signed) and that social media only sees the signed gibberish without your name. The problem starts when this data gets collected (as it has to be). Access to gov's data bound to your ID card's public key + possibility of checking collected public key at a social media page gets you absolutely direct de-anonimizing capabilities no matter what they promised you. Very similar principles apply to more disposable metadata. If you can't easily get rid of your key pair, you're more vulnerable to getting your identities linked by a malicious actor. There's no way around it.

Tl;dr: corp-provisioned attestation system for multimedia has similar security and privacy risks to hardware-backed SafetyNet implementation. Stuff like this enables fingerprinting, while making the companies lazier due to trust in legitimacy of received data. And the more bulletproof the implementation becomes, the more privacy-invasive it gets, still not guaranteeing that goals are completely met, as every existing plain text private key can get compromised, resulting in loss by the company choosing to trust them and loss by the end user, whose hw-bound key becomes revoked.

The hall of anti-examples (with typically actually too much marketing gibberish to understand how tight or lame the process is in reality):
https://www.prnewswire.com/news-releases/truepic-breakthrough-charts-a-path-for-restoring-trust-in-photos-and-videos-at-internet-scale-301152998.html
https://www.youtube.com/watch?v=_7Ny8wGtsAk
https://truepic.com/technology/
https://www.xda-developers.com/hands-on-qualcomm-snapdragon-8-gen-1/ (NFT app segment)
https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/

U.S. indicts two men for running a $20M YouTube content ID scam
Article, Comments

Public service announcement: recently someone shared malware in the PinePhone channel and asked people to install it. The malware uses the vulnerability CVE-2021-31698 to corrupt the modem and to purge the local files. Do not install software from unknown sources and report any incident to us.

Early PinePhone Pro runs on Android Pie. A nice, unadvertised feature that can help to have the best of both worlds: conventional Linux distro flexibility and popular qualities of Android. Not forgetting about Waydroid tho :>

Italian Courts Find Open Source Software Terms Enforceable
Article, Comments

In 2022 I wish all of us more of the open ecosystems, more of the free devices, more of sensible, sustainable decentralisation. I wish all of us meet with positive changes personally and around. Despite the enormous motivation required to make another TP real, I hope to come closer to that goal, even though it's not the most important matter that I have to face. Ironically or not, everything non-TP is influencing TP more than actual TP stuff. On TP1803, we finished proving that the idea is viable, that the right people can be brought into an initiative that makes sense. What's left is new contacts, organization, management and engineering burdens, money. To this date, it seems that most of this mission remains directly on me. I consider it as natural state of being, but that also means there's no ETA or deadline of any sort. Again, for me and all of you, I wish that I'll be able to follow up with the idea and bring some actual hardware sooner or later. It's possible, but can't be rushed.

https://www.phonearena.com/news/oneplus-rotating-camera-patent_id137837
https://patentscope.wipo.int/search/en/detail.jsf?docId=CN329347688

Considering that even the most ridiculous stuff gets patented, it's not surprising, but I really hope that this idea won't get implemented in real world. Mechanical elements occupy exactly the place that can be directly used for a custom, square camera sensor, with smaller engineering requirements, smaller risk of fail and the advantage of complete multi-aspect shooting.

To be clear, rotational stabilisation is a good idea itself, but you don't have to exactly move the whole camera module to achieve it. Lenses are already round, but the sensors aren't covering the whole image area. Filling it is a quick fix with more benefits than rotational stabilisation of extreme angles. I expect multi-aspectness to be a trend some day on phone cameras.