@chrichri @biktorgj @martijnbraam In case you didn't saw it, we corrected the article to state that the responsible software is not executed as firmware but in the operating system. Requests to android.clients.google.com also originate from microG. https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
@nitrokey @chrichri @martijnbraam The problem is, your phone has the same binaries for izat as everyone with a qualcomm from Alcatel to ZTE. And it's OK,this is all part of Qcom SDK and unless you RE'ng all of it you must keep it in place so the phone works as a phone.But accusing others with something that their ODM provides when you are using the same stuff seems unethical.
These snaps are from the vendor partition in grapheneOS for the Sunfish (Pixel 4a)
https://releases.grapheneos.org/sunfish-factory-2023041100.zip
@nitrokey @chrichri @martijnbraam And even if grapheneOS has them bundled but doesn't actually use them (which wouldn't make much sense but I don't have the hw),the point still stands.Complain about Qualcomm not being transparent enough, but don't talk shit about other phone makers when it's someone else who wrote that piece of software, just to scrap some sales, I'm sure you can find better ways to show your phone is better for privacy than others without resorting to articles written like that
Two things I'd like to add:
* For those who might not know: @biktorgj is [this person](https://github.com/Biktorgj). They's got a reputation (not like "Paul Privacy" who didn't publish any security report I would have found through @MetaGer)
* Let's not forget that @nitrokey does a lot for [Open Source and Hardware](https://github.com/Nitrokey). In my opinion they should just step back from this kind of marketing (and probably from android) and focus on their many achievements.
