[jraph]

We can't seem to understand each others.

I 100% trust my open source audited rm, but it will definitely remove everything from my system if I call it with parameters "-rf" and "/" with sufficient permission. It is powerful enough, and the whole set of trusty tools I have on my linux distro lets me take control of it remotely.

That tool is shady, I agree, but it also deactivated. Do you know what it means on Android for an app to be deactivated? It basically means "not installed". It's here in the file system (on the system partition), but doesn't run. It wouldn't concern me if I had it (though I would prefer it not to be there and for the system partition to be smaller so I can use this space in the user partition), I'm way more concerned by all the craps that actually runs.

[throwaway290]

> I 100% trust my open source audited rm, but it will definitely remove everything from my system if I call it with parameters "-rf" and "/" with sufficient permission.

You're almost there. Now imagine you could not trust it to do that, and also did not ask it to be there, and also it was an internal tool for verizon written by verizon:)

And it's not like rm, it's more like teamviewer and who knows now many bugs it has. If I install linux and there is a hidden teamviewer there, even if it doesn't run by default I would wipe the system just in case because wtf.

Ask yourself, is it by design? If yes, why? If not, then the responsible person did not notice it there, so ask yourself then what else did they miss?

It just should not be there period, if it is there something somewhere went super wrong.

[jraph]

We are going circles. My comment at https://news.ycombinator.com/item?id=41270161 fully answers this.

> it's more like teamviewer and who knows now many bugs it has

My point is that it's nore like teamviewer's installer since it's deactivated, which is pretty equivalent to "not installed" in Android's world.

I feel like you are assuming I'm wrong: I find your "you are almost there" and "ask yourself" phrasings quite annoying. You are just assuming you are right and I'm wrong. We will not convince each others, our respective views seem fully made up here, this discussion will probably not progress anymore and I feel like I already wrote down every interesting point I could make on the topic, so I will stop there.

> It just should not be there period

It's not like I even disagree here. It should not be there for sure. Like all the more concerning crap that has been there since the beginning which is my core point. If you are pissed off by this Jew discovery, please do complain loudly about all that crap in our phones, we do absolutely need more people doing this. There's definitely not enough awareness around this stuff.

To me, complaining about this new thing is like complaining about some dust particle yoi just noticed in a house where housework was never made. But it's good people are beginning to see the dust, I guess...

I'm quite pissed off by the Sony phone I inherited with its impressive amount of crap you can't even all deactivate, and the lack of working lineage rom for it. Some deactivated shit in it would be the least of my concerns compared to this.

[throwaway290]

> My point is that it's nore like teamviewer's installer since it's deactivated

Same question: wtf is it doing on this phone? Is it on purpose? Is it a fuckup? Etc.

You saying that phones contain junk we did not ask for and so it is not news is not true. Some phones do. Pixel was assumed to be a good reference Android device. Now it turns out Pixel also does. It is news.

[jraph]

Okay, now I get it: you are disappointed by the Pixel specifically.

I don't trust Google's proprietary stuff neither, so I didn't have that in mind: I assume that any stock Android is going to phone home and should I receive a Pixel, I would replace the stock Android on it to one of the FOSS roms anyway, without Google Play services.

> wtf is it doing on this phone?

Again, nothing, I agree with you on this.

[throwaway290]

> you are disappointed by the Pixel specifically.

Not just me apparently, the company in the article too:)

[jamesjamesdupre]

> It basically means "not installed"

This seems to be the oddity in the discussion. Not installed has a lot of equivalents in some security models, but not many things have an equivalent to installed as an Android manufacturer package. If a package is re-enabled as a manufacturer one it bypasses play checks and Advanced Protection and maybe can hide itself as a system package.

Letting stalkerware through and avoid detections via the manufacturer store exception is IMO likely to be intentional on Google's part to be able to let Android succeed via manufacturer/telco customizations in countries where laws require malware. An unlocked Pixel was expected to be clean because it wouldn't be setup to be in one of these deals.