I installed NetGuard about a month ago and blocked all internet to apps, unless they’re on a whitelist. No notifications from this particular system app (that can’t be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?
Edit 2: I bought my Pixel 6 phone outright, directly from Google’s Australian store. I have no creditors.
Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?
I don’t even live in the US, so what the actual fuck?
Edit 1: You can check it’s installed (stock Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search “DeviceLockController”.
I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it’s amazing. You can also purchase via Google Play store.
In 2020 Google claimed it was supposed to be limited to a single region in partnership with a single carrier. And was never meant to be put up on Play Store.
A spokesperson from Google reached out to clarify some details about the Device Lock Controller app. To start with, Google says they launched this app in collaboration with a Kenyan carrier called Safaricom.
Google has confirmed that the Device Lock Controller app should not be listed on the Google Play Store for users in the U.S., and they will work to take down the listing.
Source: https://www.xda-developers.com/google-device-lock-controller-banks-payments/
Of course, it was a lie since it’s still on Play Store an of today and in use.
I’m using CalyxOS and it’s pre-installed as a system app, so this seems like something that’s being built in at the AOSP level of development.
DivestOS here, it’s not in my ROM.
Are you looking at system apps? It’s installed as a system app on my phone using GrapheneOS
com.android.devicelockcontrollerLooks like it’s an AOSP app
I see it on Graphene too, took away its network perms at least.
iodéOS here and I can’t find it on my phone either (yes I looked at the system apps)
Can’t find it in OxygenOS
Did you check your system apps? It’s an AOSP app, so I would be surprised if this were the case. It could be under either
com.googleorcom.android.Yeah I did it’s not there
I still would be very surprised if this were the case. Unfortunately it seems that OxygenOS does not have public repositories to actually check the source code (!), but there are apps that will actually show you all of your installed packages and I bet one of those would show that it’s installed.
It must be globally, I’m in Australia. What utter bullshit, since I would have never known if it weren’t for my NetGuard firewall app.
Being Australian this is likely one to report to the ACCC, as Aussies at least have basic consumer protection, though that get murky with overseas tech entities.
Unfortunately the ACCC gives fewer fucks than you may expect. An airline once cancelled a flight on me and kept the cancellation fee, despite producing no evidence that any government had forced them to cancel the flight (this was during COVID).
ACCC did not care one bit
So while we do have some consumer protection (better than most) I would be surprised if they cared.
It’s 5 minutes out of your life to try, as an aussie, please do, for charity if nothing else, who knows, you might benefit…
I am a serial complaint lodger, just that I’m much busier than I used to be. I may do it once I figure out what’s going on with it on my phone.
Fair cop.
Thanks for you understanding friendo 🇦🇺
If it tickles your fancy, I once lodged a complaint with the national measurement institute to get a bar to stop selling American pints.
And they now sell it by the mL, beautiful
though that get murky with overseas tech entities.
I mostly agree, but you gotta admit the EU has been sticking it to the tech giants lately.
I’m in Australia, and when I search for Device Lock Controller in Play Store, it says “This app is not available in your region”
This happens on 2 separate devices from different manufacturers. Both devices were purchased in Australia and have Australian ROMs
deleted by creator
Check your installed apps (I left an edit in th post where to check). Just because it’s not listen in the Playstore for Australia, doesn’t mean it’s not installed.
Yeah, I checked installed apps (checked system apps), and I don’t have it installed on either of my devices
What model do you have, out of curiosity?
I’m surprised it would be on the play store since presumably if you were a carrier or creditor of some kind you want this installed in a pretty clandestine way and wouldn’t want to draw attention to it by having an app store listing.
Being on the play store means it can be updated and managed like a normal app and not stuck on whatever version shipped with the OS
I’d assume they want to be able to update it and that’s why it needs a store listing.
Of course, it was a lie since it’s still on Play Store an of today and in use.
FWIW, I just searched it up and it’s listed as unavailable in my region (USA) 🤷♂️ so at the very least, they scoped it down a little bit
Just because it’s not in the Playstore, doesn’t mean it’s not installed.
It’s not listed in the Australian Playstore either, yet here we are with it making internet requests.
It’s definitely installed.
deleted by creator
So they region locked it from US, but it can still be pre-installed as a system app from AOSP. And it’s available in EU, while was meant to be in Kenya only.
Checked my pixel 6 and it’s on mine. Might not be in the store for everyone, but it’s installed on my owned device.
This type of tech is already being put into vehicles as well. I used to get laughed at 20 years ago when I predicted this. Nobody is laughing anymore. If anything, they just accept it.
your self driving car will just drive itself back to the lot when your payment is late
shhhhh
Sigh. Way too much freeze in fight, flight or freeze…
https://neuroclastic.com/the-6fs-of-trauma-responses/
Don’t forget the 3 other Fs! Fawn(Friend), Flood, and Fatigue/Flop
Well, that was depressing (irony intended). Thanks for the thinking…
People laughed at Stallman, too. But I’m not comparing you to him. He’s apparently a real POS.
Nah, he’s difficult to work with for sure, and rather extremist, but unfortunately he is a lot of right on the money. I wouldn’t call that a pos
most of this “he’s a pos” comes from the misconceptions about him. he has a certain fixation to the vocabulary, and he often corrects others for it. then those people take the “attempt to correct” as “support” for the debate itself.
I think this is an extremely generous take. For anyone not in the loop, he gets called POS for famously weighing in on discussions of pedophelia by saying children 13+ aren’t children so it’s not pedophelia.
I think this goes beyond being bad at knowing when to correct semantics
Dropping ddevault’s recent post about RMS here
That’s an interesting read, and his views are more extreme than I thought. But I sort of agree that some unification of terminology and legislation would make situation better (maybe just not in a way he proposes). E.g. age of consent may differ by about 6 years in different places, that’s quite awful.
I think that even that is more bad phrasing on his end than him being a pedophile. Beyond weird opinions, there is no evidence at all that he is a pedo
But there is evidence that he defends it, and that he refused to back down after being called out. He is not a good person to look up to, and willfully makes harmful public statements, and willfully stabds by them. In other words, kinda a POS
Not that it excuses his behavior but isn’t he on the autism spectrum? People on the spectrum sometimes have no filter and are very literal. Like saying a 13 year old is more adolescent than child.
Nah, I truly believe he is that awkward and tone-deaf.
I do too, but I think being that tone deaf after being called out says a lot, and I think it’s pretty good reason to not make blanket endorsements for his statements/beliefs
he wasn’t tone dead in that case you mentioned. he has since changed his thoughts about it.
Many years ago I posted that I could not see anything wrong about sex between an adult and a child, if the child accepted it.
Through personal conversations in recent years, I’ve learned to understand how sex with a child can harm per psychologically. This changed my mind about the matter: I think adults should not do that. I am grateful for the conversations that enabled me to understand why
Sure. The only “blanket” statements I’m willing to give are limited to his work on Free Software. His statements on pretty much everything else should probably just be ignored.
Requests the app made today.
This is my phone I own outright, by the way. I don’t have any creditors.
Update for those curious:
adb shell pm uninstall --user 0 com.google.android.devicelockcontrollerIf you’re using Shelter, then in addition to that command, replace
--user 0with--user 10You don’t need root to do this. You can also uninstall other bloatware using this same method.
I tried this on a Pixel 7 and am getting:
panther:/ $ pm uninstall --user 0 com.google.android.devicelockcontrollerFailure [DELETE_FAILED_INTERNAL_ERROR]I also tried disable and got:
Cannot disable a protected package: com.google.android.devicelockcontrollerAh. I guess you have to have root, then and just delete the apk.
Hero, I just have to get around to doing it 😅 (I will, but grumble, grumble this is why most people don’t bother battling for privacy)
New to this depth of phone administration, where are you entering this command? Is there a developer CLI I should be looking for or is this done with a third party app or something?
Look up “adb” or “Android platform tools” on your favorite search engine. It’s something you do on your PC with your phone plugged in.
Right on, thank you!
You could also give Shizuku a try! Connects to android’s adb bridge over WiFi, right from your phone! From there you can use something like termux to shell straight into your phone!
I find it interesting that yours is
com.google.android.devicelockcontroller.I checked mine on GrapheneOS and it looks like it’s the AOSP version of the package:
com.android.devicelockcontrollerMvp comment there. I checked mine and I am in the US, on a phone I originally bought on credit. I do not have that app installed. Go figure. 🤷♂️
Definitely worth checking out your app list to make sure. I wonder if it accidentally came downstream from AOSP into the alt ROMs, and that’s why it’s not in my stock, proprietary, US market, flagship Google pixel device.
I am at such a loss, because I can see it in NetGuard, and open it’s app details from there, but it doesn’t work even appear in system apps in Shelter.
What app are you using to see this traffic?
At least it’s open-source: https://android.googlesource.com/platform/packages/modules/DeviceLock/+/refs/heads/main/DeviceLockController/
And that’d be why custom roms have it. It’s part of the base Android system.
I was able to start some of its private activities with ActivityLauncher as root. Most of them just crash immediately, but the help page is available. And yikes, they got them covered against a possible bypass, no developer tools or sideloading.
Still disappointed this is shipped in LineageOS, but I suspect not for much longer with that publicity.
So, that looks like this is less insane than it sounded… This is for if you buy your phone on a payment plan? Not for creditors more generally to have a option to repossess/dispossess your phone?
This is what small claims court is for. To me there is no excuse for this.
deleted by creator
If you look at the bottom it says once the device is paid off they can no longer access/change settings
Assuming there are no additional backdoors…
Coz we all trust in that…
if you switch providers before paying it of
Usually a financed devicd is financed through the carrier, and therefore a carrier branded device, and therefore locked to the carrier (yes they have the unlock option but compatibility tends to be far more limited than on the manufacturer unlocked version of the model)
That is both Google’s official version and what it looks like poking at it.
I haven’t dug in the code, so I don’t know if this is theoretically possible for a shady carrier to enable after the fact. But it very much looks like a dormant feature nobody uses.
I guess I could see that making sense in poorer countries where carriers might have issues of people signing up for phone plans and never paying. A carrier locked flip phone was pretty useless, but nowadays cutting your phone/data off is more of an inconvenience than a dealbreaker, you’ve still got WiFi and a nice phone.
I’m using a fresh install of GrapheneOS, and this is installed too. Not sure what that suggests, except that it’s possibly some core system level app.
Oh jesus, that’s crazy that it’s on GrapheneOS too.
Edit: I’m on a no-longer-supported GrapheneOS install on a Pixel 3a. I’ve checked and it’s not there for me. I also don’t live in the US (like OP). I wonder when it would’ve been added?
According to people from GrapheneOS these are two different things:
To be clear, https://play.google.com/store/apps/details?id=com.google.android.apps.devicelock is not what’s included in GrapheneOS. There seems to be some confusion about that. This is the app that does what’s being described.
What you see in GrapheneOS is https://android.googlesource.com/platform/packages/modules/DeviceLock/+/b1a971a6e29f5b426b13d96d7692e9dd5a7e81e2/DeviceLockController/
https://discuss.grapheneos.org/d/11639-device-lock-controller/9
There’s little to no info out there, but I did see some suggestions on a forum, that it may also be installed when setting up a Work profile. I use Shelter to create said isolated Work profile. I wonder if that’s a possibile explanation.
This may be the case, as I also have a work profile set up via Shelter.
Weird that it’s installed in GrapheneOS also though.
In any case, even if setting up a work profile, it should just not be installed.
A potential backdoor as a ransomware exploit for anyone who has a work profile on their phone, I would guess. Unless there are other apps bundled with android that also lock you out of your phone.
Seems unlikely if you outright own it, this is for bought on a plan type stuff, no ?
Edit: On further reading, apparently not. WTAF?
Using Lineage and I dont have it. Sucks for people using Google crap
Out of curiosity, you’re specifically checking in the system apps?
That’s deeply disturbing, what else could be hiding next to it? I sort of hope it’s somehow being installed by your phone company, as bad as that is, the alternative is worse!
I mean, I bought my Pixel 7a unlocked and paid in full, from Google. And my assumption has always been that when GrapheneOS is flashed, any previous stock bloat is wiped.
Righteous assumption. That it is not, requires investigation. That’s some serious BS.
I’ve installed graphene on my phone a while ago (bought from a carrier in germany) and this app does not exist.
edit: nevermind, it’s there
Remember when Google said don’t be evil. Ha
I think it was “don’t. Be evil.”
“Don’t be.” -Evil
The fun aspect to this is that some banks have forced customers to use an Android for all their banking ops. So:
① You’re late paying a bill
② Creditor locks your phone
③ You cannot access your bank to make the payment because your phone is lockedBrilliant.
I know this is a privacy community, but I’m not sure I’m onboard with the outrage on this particular one. If you rent/lease or go on a payment plan for the device you’re using, then it isn’t yours, it belongs to the entity you borrowed it from.
If I don’t make car payments, the bank can repossess my ride. If I dont pay my mortgage or rent, I can be evicted by my landlord or bank.
If I don’t make my phone payment, the company should have recourse to prevent me from using their device.
This could open up the ability for bad actors to disable my device, and I agree that’s a horrible prospect. But the idea of a legitimate creditor using this feature to reclaim their property is not something I find shocking.
All your points are sound. The issue that I have with this is that remote disable functionality is not necessary to achieve any of these aims. Before they were connected to the internet, people were still able to rent/lease autos and the world managed to survive just fine. There were other ways for lenders to get remunerated for breaking lease terms - they could issue an additional charge, get a court order for repossession, etc. Remote disable was never needed or warranted.
So let’s start by considering the due process here. Before, there was some sort of process involved in the repossession act. With remote disable however, the lender can act as judge, jury and executioner so to speak - that party can unilaterally disable the device with no oversight. And if the lender is in the wrong, there is likely no recourse. Another potential issue here is that the lender can change the terms at any time - it can arbitrarily decide that it doesn’t like what you’re doing with the device, decide you’re in breach, and hit that remote kill switch. A lot of these things could technically happen before too, but the barriers have been dramatically lowered now.
On top of this, there are great privacy concerns as well. What kinds of additional information does the lender have? What right do they have to things like our location, our habits, when we use it, and all of the other personal details that they can infer from programs like this?
There are probably lots of other issues here, but another part of the problem is that we can’t even start to imagine what kinds of nefarious behaviors they can execute with this new information and power. We are well into the age where our devices are becoming our enemies instead of our advocates. I shudder to think what the world would look like 20 years from now if this kind of behavior isn’t stopped.
Perfectly stated! The moralizing story kind of serves as cover, as a complete blank check to excuse practically any behavior of the lender, without any limiting principle.
Right - they say that they’re just going to use it to defend their “property rights”. In practice, they’re going to use it for a whole lot more than just that…
I don’t disagree with anything you say. I think it’s worth mentioning that the cost of enforcement directly informs the cost of a lease/rental situation. The cheaper they can enforce the contract, the less they can theoretically charge. If they had to get a court order to lock your phone or repo your car, they’d make it more expensive or be much more selective about who they lease/rent to. This maybe enables more people to have phones or get cars?
I swear I’m not rooting for team “aggressive manipulative business behavior widens opportunities for the less well off”. Gross. Kind of how I hear about globalization of manufacturing stuff - “they get paid pennies!” “yeah, but that’s more than before the factory came? look what they can buy now” I know that’s a overly broad generalization but you see those arguments.
Not an unreasonable thought, but my question is what is the process to disable? In your examples, there are legal steps/requirements to repossess those assets.
In this case I can’t imagine the process is longer than “press the brick button and extort money”
For every single one of those scenarios, a set of legal processes need to be exhausted. This app gives the lender the ability to do whatever they want, whenever they want, without following a set of legal processes.
That’s dystopian mentality at it’s greatest.
Oh nono no, the world is much worse than that:
-
If you make all your car payments on time except one, the bank can still repossess your car.
-
If you pay your mortgage or rent on time every time except once, the bank can initiate the process of eviction.
Remember: the power triangle points down
-
What about for people like me?
I bought my device outright. No loans, no payment plans and no reason for that functionality to exist on my phone. Yet there it is, just waiting to be taken advantage of whether there is a valid reason or not.
This is the kind of apathy that leads to phrases like, “If only we had known” but we do … and do nothing about it.
I can and will at least do my part for myself and encourage others to do the same.
I agree completely, but it’s an odd way to go about repossession.
And there’s the rub. Sure, it’s a financed phone. It doesn’t follow that we have to suspend judgment on the means they resort to, to enforce their terms.
This is classic efficient market hypothesis brain worms, the kind of cognitive dead-end that you arrive at when you conceive of people in purely economic terms, without considering the power relationships between them. It’s a dead end you navigate to if you only think about things as they are today – vast numbers of indebted people who command fewer assets and lower wages than at any time since WWII – and treat this as a “natural” state: “how can these poors expect to be offered more debt unless they agree to have their all-important pocket computers booby-trapped?”
-Cory Doctorow from his blog, unintentionally addressing you
Pixel 7 Pro reporting in. There is no DeviceLockController on my phone. Just installed the latest monthly updates a couple of days ago.
Pixel 7 Pro here and on the latest update, and I have it. Mine is from factory, so no payment plan at all.
Probably a carrier thing. I’m on TMobile
deleted by creator
anyone remember the time when google removed(!) their internal “don’t be evil” rule? guess this is part of the outcome of that “be evil” that came along with removal of the opposite. Abuse of this mechanism is IMHO veery predictable ;-)
There are plenty of google-free cellphones, one could easily stick to better products of better companies. help yourself, google’s not gonna do that for you within the next 5billion* years as they IMHO already stated they “want” to be evil now, always remember that ;-)
*) thats round about when our sun expands too much for earth, so i currently dislike doing any predictions beyond that point ;-) i do not predict google would last that long, only that they’ll keep beeing evil until their end.
anyone remember the time when google removed(!) their internal “don’t be evil” rule?
I remember when media falsely reported clickbait articles that they did and people bring that up to this day. They moved it from the introduction to the closing statement. Which you can argue makes it less prominent or whatever, but it was never removed.
Of course it makes no difference, it wasn’t followed either way, and definitely isn’t followed now. But no, it was never removed. You can see it yourself right here at the end: https://abc.xyz/investor/google-code-of-conduct/
hm you have a point that it might not have been removed completely, but the problem with that point that i personally have is that this reached me too late to just believe it was really never removed. For some reasons i would not believe blindly in “evidences” that are in control of the one that is in question and could manipulate it later for such claims and also was experienced to not be trustworthy for what they say…
saying that, there are ways to check if something was there at a time or not. the one source i know that could help here only seems to store records from 29th jun 2023 18:44:33 onwards which is too late for this.
https://web.archive.org/web/20240000000000*/https://abc.xyz/investor/google-code-of-conduct/
you are right, it does not make a difference in if they can be trusted, but it makes a difference in why not and what to expect if you do so despite the red flags or -as a gov- just let things go on. A person who by accident was speeding should maybe be treated differenrly than a person who intentionally(!) does so while risking others lifes. and what would be more proof of intention than a written statement or removed canary? thus such a statement does make a difference in terms of they just cannot handle their stuff, don’t care at all or maybe even have evil intentions.
examples:
some kids making a fire in the forest cause they don’t know the risks
vs.
some young adults making a fire in the woods cause they just don’t care despite knowing the risks
vs.
a company making fire in the woods because its cheaper to do stuff there and they lack the resouces to do it safe and someone else will pay the firefighters anyway.
vs.
a company stating to want to do so cause they like it despite they could afford doing it secure but just no one could or would sue them anyway.
while i don’t want to say google is like no.4 here, to me these examples all make huge differences, no matter if the woods actually cought fire or not.
Devs still need to eat so we will need a better alternative to adsense. As long as we depend on these corporate services their stranglehold will only continue strengthen like this.
Google-free phones? What are they? I know only Pinephone and Librem 5.
ok, i have to admit, that i was thinking of google-“services” free phones like the new ones from huawei. but sure android is made by google (but not “owned” by them). however i can try to “rescue” my argument by saying something like “just use a nokia 3310! they’re still working and the batterie should still last a week if not more” ;-)
however projects like lineage os might be a good choice to have threeth (as in more than “both”), more security, less dependency from google, and also more influence on the actual software included in the build, if it’s not even possible to just compile it yourself and have freedom of changing every line of code as you wish.
Huawei doesn’t even provide possibility to unlock bootloader, so it’s big NO. Currently I’m using Lineage OS on my primary phone and Linux on secondary phone. But the main problem is big amount of proprietary staff like modems, that can even work bypassing SOC and OS. I found only one phone with truly open-source hardware. It’s Liberty phone from Purism. It costs 2000$ and has perfomance comparable to 50$ Android phone.
my idea currently is to finish some projects that have priority and afterwards then look for lineage os on raspberry pi, combined with gsm modem and maybe a gps module, all powered by a slim powerbank. might make up a huge bulky phone but i almost want to start building it now. On the other hand if i wait until my other projects are finished, the whole thing might be ready made available for self assembly…
I thought about it too, but I want to make a tablet based on RPI 5. I have a 3D printer, so I hope to be able to make an adequately sized case.
Love the Chinese phones. None of this crap US stuff is enabled. It’s baked into the system ROM so it is there. But on mine it has never transfered any data, not even ever been active. It’s just dead code taking up a few megabytes.
Unlike Japan in the 80s, I wouldn’t trust the CCP more than products made in Democratic nations.
That being said, I am now VERY glad I switched to Graphene OS the moment I got this phone. Fuck this kind of shit, I bought this phone.
It’s not about trust. It’s about what are they going to do with the data. I have been to China, it’s cool. I also don’t have any long term plans there. I do have long term plans in 5 eye countries. Therefore I want none of my data in government spy databases where I actually do things.
Root the phone and remove insane garbage like that. Rip and tear until it is done.
Since when are they allowed to lock you out of your purchased property without a court order?
That’s an oxymoron. Creditors have the ability to lock you out of a device you haven’t paid for yet. Standard terms and conditions in B2C and B2B; you don’t own it until you’ve paid for it in full.
Also locking you out of a device you don’t own yet is cheaper than taking you to court.
