[jraph]

This is beside the point.

The point is that many OSes include tools that you can use to do remote maintenance as long as you have the password and physical access. There's nothing to write home about.

There being inactive software somewhere to do maintenance that can be used if you have physical access and the password is as best interesting (curiosity), at worst not newsworthy, and in any case not concerning.

Now, phones sold pre-filled with junk / invasive software all over the place is gross.

[throwaway290]

Funny how you people keep making it as if bins included openly in normal Linux distributions are as bad as some weird unaudited internal tool by Verison of all things, additionally hidden from the user. I would have higher expectations of a Pixel tbh

[jraph]

We are not remotely saying this. And there are no "messengers" shouted, and there's no hatred. We are saying that tools provided in common linux distros allow you to setup remote control if you have the password and physical access. This is not being bad, it's just that the tools are powerful and included out of the box.

As for including an opaque binary, I would expect way better from Linux distros. An opaque binary would be scandalous.

But on Android? You already can't trust lineage or aosp because of the proprietary blobs you need on any smartphone for the drivers. Stock Android? Add all the crapware from the manufacturer. Add to this the crap added by the carrier. The phone is already full of inscrutable crap, it's hopeless.

Some deactivated stuff seems like a total non event in comparison to all this, including the crap you can't even disable and that does you don't know what and sends who knows what to who knows who. The whole situation is concerning and scandalous, but not much more with that additional, deactivated opaque stuff.

[jamesjamesdupre]

Most of the stuff you refer to are why a company would restrict phones (in its intranet) to only ones that were 1 vendor and not telco modified to possibly deliver the evil maid/police illegal wire tap post (short) arrest. We just discovered that there are not 2 such vendors, but one.

[throwaway290]

> tools provided in common linux distros

Again... those tools are open source, audited and have many eyes on them

This tool however is shady as heck. google dropped the ball

[jraph]

We can't seem to understand each others.

I 100% trust my open source audited rm, but it will definitely remove everything from my system if I call it with parameters "-rf" and "/" with sufficient permission. It is powerful enough, and the whole set of trusty tools I have on my linux distro lets me take control of it remotely.

That tool is shady, I agree, but it also deactivated. Do you know what it means on Android for an app to be deactivated? It basically means "not installed". It's here in the file system (on the system partition), but doesn't run. It wouldn't concern me if I had it (though I would prefer it not to be there and for the system partition to be smaller so I can use this space in the user partition), I'm way more concerned by all the craps that actually runs.

[throwaway290]

> I 100% trust my open source audited rm, but it will definitely remove everything from my system if I call it with parameters "-rf" and "/" with sufficient permission.

You're almost there. Now imagine you could not trust it to do that, and also did not ask it to be there, and also it was an internal tool for verizon written by verizon:)

And it's not like rm, it's more like teamviewer and who knows now many bugs it has. If I install linux and there is a hidden teamviewer there, even if it doesn't run by default I would wipe the system just in case because wtf.

Ask yourself, is it by design? If yes, why? If not, then the responsible person did not notice it there, so ask yourself then what else did they miss?

It just should not be there period, if it is there something somewhere went super wrong.

[jraph]

We are going circles. My comment at https://news.ycombinator.com/item?id=41270161 fully answers this.

> it's more like teamviewer and who knows now many bugs it has

My point is that it's nore like teamviewer's installer since it's deactivated, which is pretty equivalent to "not installed" in Android's world.

I feel like you are assuming I'm wrong: I find your "you are almost there" and "ask yourself" phrasings quite annoying. You are just assuming you are right and I'm wrong. We will not convince each others, our respective views seem fully made up here, this discussion will probably not progress anymore and I feel like I already wrote down every interesting point I could make on the topic, so I will stop there.

> It just should not be there period

It's not like I even disagree here. It should not be there for sure. Like all the more concerning crap that has been there since the beginning which is my core point. If you are pissed off by this Jew discovery, please do complain loudly about all that crap in our phones, we do absolutely need more people doing this. There's definitely not enough awareness around this stuff.

To me, complaining about this new thing is like complaining about some dust particle yoi just noticed in a house where housework was never made. But it's good people are beginning to see the dust, I guess...

I'm quite pissed off by the Sony phone I inherited with its impressive amount of crap you can't even all deactivate, and the lack of working lineage rom for it. Some deactivated shit in it would be the least of my concerns compared to this.

[jamesjamesdupre]

> It basically means "not installed"

This seems to be the oddity in the discussion. Not installed has a lot of equivalents in some security models, but not many things have an equivalent to installed as an Android manufacturer package. If a package is re-enabled as a manufacturer one it bypasses play checks and Advanced Protection and maybe can hide itself as a system package.

Letting stalkerware through and avoid detections via the manufacturer store exception is IMO likely to be intentional on Google's part to be able to let Android succeed via manufacturer/telco customizations in countries where laws require malware. An unlocked Pixel was expected to be clean because it wouldn't be setup to be in one of these deals.

[jamesjamesdupre]

It seems to me like a lot of it is hatred for the messengers.. But I think Palantir is a perfect organization to resentfully report a telco conspiracy to create a law enforcement back door as long as they didn't get a piece of it.

[throwaway290]

True, there's some irony in that...

[jamesjamesdupre]

No it is not besides the point. They are not supposed to ship a setup where physical access escalates to permanent spying with no warnings because they are promising things about devices not about an ecosystem's overall functionality to build any possible configuration.

Many people feel Google and Apple have ulterior motives, but that is an academic argument unless they abandon this motive, at that point they need to always ship rooted insecure boot phones for our ease of use.