new in-depth analysis of #GoogleApple #ContactTracing apps: "[The #Google part]... seems to call home every ~20 minutes and shares the handset IMEI, SIM serial, phone number, email address and WiFi MAC address and lots of still-to-be-decoded data with Google. (Presumably more detailed app telemetry.)" https://www.scss.tcd.ie/Doug.Leith/pubs/contact_tracing_app_traffic.pdf
The governments and organizations that built their #COVID19 #ContactTracing apps on #Google/Apple Bluetooth tech are now waking up to the fact that Google requires sending them a constant stream of location data in order to use that API https://www.nytimes.com/2020/07/20/technology/google-covid-tracker-app.html
@gradle now offers complete verification of all the artifacts it downloads and uses, as of v6.2. gradle-witness and others were always limited to a small subset. It is time to switch to the built-in verification: https://docs.gradle.org/current/userguide/dependency_verification.html
Proprietary software companies and anti-end-to-end-crypto politicians are working to shutdown #OpenTechFund, the #FreeSoftware org who funded #LetsEncrypt, #CertBot, #TorProject, #NoScript, TLS ESNI/ECH, #DNSPrivacy, #ReproducibleBuilds, #Wireguard, #DeltaChat, #OpenKeychain, #pypi, #GuardianProject, #Signal Please sign to help stop it: https://saveinternetfreedom.tech
Back in 2011, @eighthave and @n8fr8 had a crazy idea to turn #Android SQLite guts into a standalone wrapper for #SQLCipher, funded by #USGovt #InternetFreedom money. #Zetetic made it a well-engineered product. Latest user: German gov's Corona Warn App. Technical projects with high risk of failure, without paths to massive profits rarely get developed in the private sector. This project highlights mixing public grants and private enterprise to deliver security and privacy in essential software.
It is proven!
Android apps can be built using only standard packages from Debian Buster!
"This project helps to document the Android tools in Debian by providing an example build, and can serve as a base template for new projects for those who would like to develop Android apps using only truly Free and Open Source software."
It seems that Google wants to make using app bundles a requirement for new apps on Google Play in 2021: https://www.youtube.com/watch?time_continue=320&v=cMr-b660Esw
This would mean developers have to upload their signing keys to google play even though there's no technical benefit in doing that. You can achieve the same efficient download sizes by using bundletool locally and uploading all generated apks. But it seems google will stop allowing that and just wants your signing keys.
#Google will require #Android App Bundles for new apps in Play, thereby forcing developers to give Google their app's private signing key. This further centralizes the ecosystem and strengthens their #monopoly by making it harder to publish outside of Play https://www.xda-developers.com/google-play-billing-v3-app-bundle-requirement-2021/
ByteHamster wrote a blog post about supporting newer TLS versions on older Android devices. Read about possible solutions to this for the F-Droid ecosystem here: https://f-droid.org/2020/05/29/android-updates-and-tls-connections.html
#tracking users and usage is an essential element of data analytics, so what exactly is tracking? Here is our first attempt at an overarching definition:
https://guardianproject.info/2020/05/20/on-the-classification-of-tracking/ #TrackingTheTrackers #CleanInsights
Am. 7. Mai hat @IzzyOnDroid einen Vortrag privatsphärefreundlichen Umgang mit #Android für unsere Schwestergruppe in #Bayreuth gehalten. Inzwischen ist auch die Aufzeichnung via #Peertube verfügbar. Viel Spaß!
Often the most surveilled work places, whether in a warehouse, a call centre or as a delivery driver - are those where people’s job security and rights are the most precarious and these tools and data, can be used as a tool to target and sanction.
Debian welcomes our 2020 Google Summer of Code #GSOC interns: https://bits.debian.org/2020/05/welcome-gsoc2020-interns.html
#fdroidserver v1.1.7 was released to have a stable version that works with the main repo (e.g. fixes the "litecoin validation" error message).
It also fixes nightly --archive-older flag.
* config including STUN, analytics, etc.
* TLS setup
* TCP traceroute
* what else?
We have started a public wiki page to gather all the gov/etc #Coronavirus #Android apps, we are also monitoring what is in those apps. Please let us know if any are missing, or direct edit if you have access.
Tue, April, 28 @k19
main channel / meetingpoint:
check out the website (see above)
Mi, April, 29 @juristische Falkultät der HU
People, apps and code you can trust