I'm looking into this Android System SafetyCore thing, because I'm not convinced there's anything actually there and it's not just another version of that old email chain letter about deleting some EXE from system32 because it was spying on you or something
and google's apk transparency says it's "an Android system component that provides privacy-preserving on-device user protection infrastructure for apps."
https://developers.google.com/android/binary_transparency/google1p/overview
an internal name seems to be "Persephone" which doesn't seem to be publicly mentioned anywhere
I'm reasonably sure the "it is supposed to blur nudes with an on-device AI!" bit is wrong. I searched through the deassembly for any calls you'd expect if it looks at images, and found nothing. I don't think this thing does that.
it talks to ondevicesafety-pa.googleapis.com
the thread I found searching that is people talking about rooted phones not able to use certain apps, like google wallet.
I think this is just a device integrity framework to allow apps to go "nah, this phone is rooted, I don't wanna run"
hades and persephone, it seems:
com.google.android.libraries.abuse.hades.safetycore
it is definitely doing the kind of integrity metrics you'd expect, like reporting crashes back to google
fun fact: java obfuscators don't check for dirty words!
sadly, the cum{} class was empty
and can I say it's a got a CVE in it, if there's a cve{} class?
"Package %s cannot be registered both with and without stickyAccountSupport"
are you telling me some google accounts are marked as STICKY?
I'm apparently on Safetycore__build_id_6222725286390552415
it checks if you're using the "robolectric" build fingerprint, on the "goldfish" or "ranchu" hardware, with a build type of "eng" or "userdebug"
com.google.common.flogger.util.StackWalkerStackGetter
flogger is an interesting name. is this a BDSM app?
ahh, it's their logging API:
https://github.com/google/flogger
there's a obfuscated version of an opensource API. so silly
another internal codename is "primes", which seems to be a performance measurement system
I hope the google engineer who obfuscated this can reclaim that 3-letter slur
the apk contains only 1 gec
yeah, no. I'm done skimming all the code. This is not an AI censor-app, this is a security framework
mmm. wait. I found tensorflow. It's running some kind of GPU-backed tensor flow as part of libtartarus
it's got openCV in it, so it's definitely doing something image-based.
some strings match the ODAD apk for the Pixel3, which is the on-device malware detection.
Maybe they're detecting URLs in images?
the models are downloaded at runtime, so I don't have them here to test against
@noiob pointed me at this, which does indicate they're going to be doing some nudes-detection. So this may very well be a nude-detector!
https://www.androidauthority.com/google-messages-nudes-3499420/
