My Android phone prevents me from taking screenshots if an app author doesn't want me to.
My Android phone prevents me from recording phone calls at the request of my carrier, even though it's totally legal for me to do so in my jurisdiction.
I'm not loving where this is all going.
> prevents me from taking screenshots if an app author doesn't want me to
The most frustrating part about this "feature" is that you don't know it's enabled until the screenshot is taken and you're left with a picture of nothing.
That and some app authors thinking they're protecting you with this (referring to banking apps in particular)
It is not for preventing you from taking screenshots, if you insist, you can do it with another camera. It is to prevent malware and "helpful" AI tools from doing it for you and then uploading the picture to who knows where. Signal does this too, though I think it is optional.
Beyond preventing screenshots, it blacks out the window content in the task switcher, which is useful if someone is looking over your shoulder. This, by the way, is a good way to check if screenshots are allowed. If the window appears black in the task switcher, screenshots won't work.
The idea is similar to the "**" password fields.
I mean if the goal is to prevent potential malicious apps from taking screenshots automatically; instead of saving a clueless user from themselves or worse getting in the way of legitimate users I believe that the proper solution is to disallow programmatic screenshots while still allowing screenshots when there is the correct button press (and ensure that this cannot be emulated). Windows reserves ctrl-alt-delete as a direct signal to the kernel for security purposes. Why can't android do the same?
> the proper solution
includes the ability from a user to take screenshots programmatically in case of need. You do not want third parties to be able to; you want the User (yourself) to be able to.
It's really stupid idea, that results in photos of sensitive information displayed on my device on other devices that I don't control and sensitive information wrote on paper in random places.
Password fields are inputs. Screens are bi-directional.
Then ask for my fingerprint after screenshot is made.
In some sense they are. But being protected either from a consequence of my own stupidity or a consequence of their lack of security. I think the worst part of all is that these "bandaids" are being used in place of actual security. I don't need to be protected from my own stupidity nor do I need security theater.
I think the threat model here is that a different, malicious app (compromised, installed accidentally or by the means of social engineering) might take screenshots of your screen and forward them to take advantage of you. You can file this under one's "own stupidity" as well, sure, but in the end they're not protecting you, they're protecting themselves, because banks might be liable for these kind of things, and by imposing these restrictions, they're reducing the amount of fraud and thus improve their bottom line.
Are you implying that Google is unable to distinguish whether a screenshot is triggered via a combination of hardware buttons vs via a software call from another app that isn't even on the foreground in their own ecosystem? That's a quite sad state of affairs, isn't it?
I've been unimpressed with Google's commitment to making the fundamentals of Android great. They seem to prefer doing the minimum required there and putting all their efforts into something more sexy, like generating fake photos that look like they were taken with a 2400mm lens.
I don't want my phone to generate fake photos; I do want it to always let me manually take screenshots, but require turning on a permission that's a little awkward to find to allow an app to do so.
When you don’t control the hardware a lot is off the table.
This is a fine excuse for most everyone, but not Google. They can control the hardware significantly and in some cases like pixel, completely.
They no longer believe in owner control. Either that or they consider themselves the device owner, which is even worse IMHO
Sounds like a marketing opportunity to sell more Pixels and get closer to their current dream of becoming Apple
I see this argument everywhere and I've never heard of a case where a bank was liable because a customer was phished. I've even asked for examples and nobody ever provided them.
It's one thing to argue in court that they should be liable because they didn't provide you with the necessary security tools (like MFA), but they all provide at least SMS 2FA these days and their apps run on iOS and Android, both of which have plenty of security features.
If a bank is required to reverse fraudulent charges (and they are), that means they're liable for those charges.
In reality what happened is that some security auditor put it into a checklist for the mobile app "Security ISO certificate++" and now everyone implements it for compliance.
Fighting against that is insane paperwork and professional exposure for software engineers that do it (since if people get phished, the C-suite will point a finger at a tech lead which went against the "professional security audit").
Most of other posts here are just post-rationalization and victim blaming.
So let's have more of these conversations so the idiots making those standards make fewer dumb rules and we can grease the wheels for anyone passionate enough to try to get it changed
Unfortunately the idiots are often the nation's security agency, or a large consulting company.
You will not have them change their policies if they do not have a good person inside, who will slowly move the boat.
I fought for audit findings because they were pissing me off at a personal level and it wirked. But the auditor did not change their procedure, just reverted the finding. Until the next year.
I think you're making the naïve assumption that large organizations are heterogeneous.
The people at the top are idiots because the idiots were able to secure advisory positions. They were able to secure positions because those promoting them were either tricked or idiots themselves. This pattern repeated all the way down.
So I really do mean grease the wheels. And I really mean we won't kill the beast overnight. But we won't make any progress towards fixing things if we won't look at how the problems are created in the first place. We'll only perpetuate the problems if we oversimplify things, as that's exactly what got us into this mess in the first place.
There was a Microsoft Terminal Server "monitoring" application that worked by recording the screen through a series of JPG screenshots. It worked surprisingly well and bypassed all kinds of controls.
I think you made bad assumptions. If I installed the APK through a third party, sure, my bad. But then I agree with shmel, that there's still some blame on Google. Like why not have a default where we disable screenshots not performed by a physical action and have an advanced option for API based screenshots? It's not bulletproof but neither is the current implementation.
But if I install via the playstore like most people then no, I don't think it's the user's fault. Testing every single app seems like a big ask but we're also talking about a 3 trillion dollar company. I mean FFS a 1 trillion dollar company didn't even exist 10 years ago and 10 years before that a 500b company barely did. So I think they can stand to lose some profits and do harder work. Really, if we don't hold these companies to high standards then that bar just continues lower and it's a race to the bottom. They'll be as lazy as we let them be
> they're protecting themselves
[citation needed]
The theory here is that it provides a marginal security improvement if there is malware on the phone, but if there is malware on the phone then there are a hundred other things it can do to the same effect and you're likely screwed anyway. And by doing this, you also block the user from taking screenshots, which is bad, because screenshots are harder for computers to parse, and that's a marginal security advantage. If the user is going to send e.g. their account number to someone else (for a legitimate reason), it's better that they do it as a screenshot than that you force them to type it as text, because text is machine searchable. Which is worse when that messaging system gets compromised and then the attacker can do a text search for a pattern matching a bank routing number and be more likely to discover that message than if it was only there in a JPG.
Meanwhile the primary consequence of preventing screenshots is to inconvenience customers, which is an actual cost to the bank, because there is only a threshold amount of BS customers will put up with before switching banks and banks are constantly pushing up against that line already with all of their other BS.
But then the lower-quality banks do it anyway because there is a box they can check which sounds like it's locking something down, so they check it without thinking. Which is a great canary for customers who want to know if their bank is dumb -- if they require this then they probably do all kinds of other dumb stuff and it's a strong indication you should switch banks before you get screwed by them doing some other foolish nonsense.
>because screenshots are harder for computers to parse, and that's a marginal security advantage. If the user is going to send e.g. their account number to someone else (for a legitimate reason), it's better that they do it as a screenshot than that you force them to type it as text, because text is machine searchable. Which is worse when that messaging system gets compromised and then the attacker can do a text search for a pattern matching a bank routing number and be more likely to discover that message than if it was only there in a JPG.
Tbf it is 2025, not 2010, it isnt that hard
Tbf, one could make the argument that there would have been far fewer resources dedicated to computer vision had companies made the data more accessible and had we modified PDFs to make it easier to copy test.
People will go to great lengths to bypass annoyances. Excessive false alarms is even called "alarm fatigue"
It doesn't really protect anything though, because you can always just use an external camera to take a picture of your screen.
Its probably meant to try mitigate damage in case bad actor gets remote access to your phone or you have malware.
Sounds like they need to spend more money on security and their "good enough" solutions aren't actually good enough.
If your phone is remotely rooted, the screenshot is providing no security.
It protects less proficient users from accidentally taking a screenshot.
I want to send my new IBAN to my company, I can, no screenshot allowed on the screen with banking information. So I need to log on their website to do it. At least my new bank allows such screenshot and to copy account information directly from the app.
There is a special place in hell for people providing non copyable text information in the form of screenshots.
It's amazing how many "little" things there are like this. Like I honestly can't remember the last time I filled out a form which required something like my country and I didn't have to scroll to find it. All the information's there to make a good guess. But this is just one example of a million. There's just too many papercuts.
Modern life is full of these tiny inconveniences. It usually involves some sort of "smart" devices, like light switches, stoves, elevator buttons, etc. Each one of which could be forgivable, but in sum it's like death by a thousand paper cuts.
User hostile UI in the name of security is particularly bad: we are supposed to type unique and complicated passwords in text fields without being able to see what we type, and if we get it wrong, we are put in timeout for two seconds. Citrix Netscaler nowadays apparently wants to be extra secure and shows you the most generic error message if you have a typo in either your password or user name and just tells you to "try again later", so you do until you lock yourself out. It's madness.
And PDF documents in image form. Usually scans of printed copies.
It is fine for historical documents, but doing today means you really want to piss people off. And by the way, PDF files support signatures, both handwritten and digital. There are ways other than printing a 100+ page document and scanning it just so that your signature shows up on a single one of these pages.
The other day I wanted to send someone proof that a transaction has gone through. A screenshot would have been the obvious choice, but of course, my banking app wouldn't let me do it.
A screenshot would also be trivial to counterfeit. That being said, I am not aware of any banks that provide any actually tamper-proof, shareable transaction confirmations.
Why does a third party want to know the transaction occured?
These seems a bit like a scam. Why can't they ask the recevier?
Perhaps true, but some modern OSes (like macOS and iOS) allow you to copy text from screenshots. And since the text quality of screenshots is typically good, it works well.
Windows with power toys and android have it too.
The Penny supermarkt app on android disables both screenshots and text selection with the error that it is disabled by admin.
At least the days of those screenshot being pasted into a Microsoft Word document are mostly behind us now...
At this point you can just use google lens or something like that to copy text from images.
[dead]
Do you prefer a voice message instead? /s
They literally had me photocopy the phone screen because of the same issue.
I have checked all my mobile banking apps (3 czech, 1 slovak, 1 lithuanian bank) and all of them can copy my IBAN.
Why not copy it from the App?
Two mirrors will make it allowed.
Pretty sure Twitch on iOS does this now. Screen recording still works though.
> The most frustrating part about this "feature" is that you don't know it's enabled until the screenshot is taken and you're left with a picture of nothing.
That's doesn't sound right. On mine, a message is displayed saying that the app does not allow screenshots, and no image is written to the device.
Jesus Christ!
Who are the product designers of the present with these single-minded attitude not checking how the implementation affects the life of paying customers< Children?! Most take pride - on paper! - about what one can do 'so easily' with their product, just to raise barricades getting there, using it, or those pop up suddenly while using it, bumping into it like into a bollard ona highway. Or just chain them to it against will! I am not aiming at Android only here as this is a generic attitude I found from organization being so self obsessed about what THEY want that no-one else benefits, no-one else have real benefits - only mixed ones with sizeable drawbacks -, defying the purpose of having modern technology. When the life becomes differently complicated, then that is no progress at all, just messing around. I am thinking three, four, or more times nowadays buying any technology, which is sad, as I was so enthusiastic only one but especially two decades ago, discovering advances and gadgets. Not anymore. I spend my money - and TIME! - on things bringing benefit or joy instead, or on those I am FORCED into. Yes, this obsession of providing non-technology services (banking, bureaucracy, identification, ...) apps first (sometimes only, at least to various, sometimes important details of the use/access) which is a hugely demanding matter on users (choose, purchase, pay, setup, learn, re-learn, update, maintain, subscribe, know and accept terms, charge, protect, both physically and data wise, click away suggestions and self promotions while busy with something important) that it is a very bitter pill to swallow.
You're tech savvy enough, you're not the target for such a feature. The target is the grandmas and grandpas, and other people who have no idea about such things.
Now consider the fact that an arbitrary other app can take a screenshot clandestinely, via API. Would you like it to happen when you're looking at the summary of your accounts? your list of credit card numbers?
The problem is that certain actions should only be acceptable if initiated by the user, physically. Think of the way Ctrl+Alt+Del works in Windows. This, of course, is not possible if you don't have enough fingers for the action, or something; here comes the loophole of assistive technologies, widely (ab)used for that on most platforms.
That’s why taking screenshots should be a runtime permission thing.
It's not just phones. Try asking ChatGPT/Gemini anything the hive mind in SV doesn't want you to ask. Try asking it anything the hive mind as decided has only one possible answer. It's only going to get worse
At least with LLMs you have more options (Deepseek, Grok, offline models, etc.). It's still far from perfect, but it's not as bad as phones where you basically only have a choice of Android or iPhone if you don't want to have to live with major inconvenience (such as being unable to do online banking or pay for parking). It's also a lot easier to launch a competitor in the AI market: you just need capital. With phone OS's it's essentially impossible. The barriers to entry are too high.
> you just need capital
The capital itself isn't going to do anything sitting in the bank. It's used to procure a team of PhDs, an team of SWEs, DevOps, business people, HR, marketing, access to a GPU supercomputer (renting a couple of 5090s off Vast.ai ain't gonna cut it). For, say, $50 million, you could get the blueprints to an Android phone and port your choice of Linux userland and get drivers working, and then do a run of 20,000, sell them for $1100. Compared to training GPT5, $50 million is cheap. If we use an estimate of $1 billion for the whole thing, making a Linux phone running a hypervisor with an Android VM to run banking apps seems not-impossible. (Based on AVF.)
This reminds me of a story of my bank that at some point told me to send them a screenshot.
I told them that their app prevents this. To their surprise.
I told them that I would use the web site and they were happy that there is a workaround for their own limitation.
I had other wild stories with this otherwise good bank.
I tried to debug a google pay issue with a Bank once:
- Bank told me to go to Google.
- Google support told me to go to the Bank.
- (... few emails later...)
- Google support told me to make screenshots of the banking app and google pay.
So have a second phone ready, or stop complaining :) A few years later and 3 phones later... it works again!
Google Pay requires SafetyNet verification, which means it only works with a Google-approved hard & software combination, so not with GrapheneOS for example...
I hate that banks use this proprietary "standard" for NFC payments
Netherland used to have its own system for NFC payments, and it worked perfectly. Last year, all banks suddenly abandoned it and forced people to use Google Wallet instead. Of course I refused, because I don't want to share my financial transactions with an advertising company, so no NFC payments for me.
It's ridiculous the EU allows this.
SafetyNet works in GrapheneOS. What Google Pay requires is that the attested signature is trusted by them, a lot of apps, including many banking apps (at least in the UK) use safetynet but do not require the signature is trusted.
I get where that one is coming from though - tap-to-pay is considered second-factor-authenticated, aka no PIN entry is necessary at the PoS terminal because the user already entered their PIN or presented biometric credentials to the smartphone.
If a malware were able to snatch the key material that represents the credit card outright or it could (by running as root) act to the TEE like it were Google Pay's NFC controller app, it would enable the actor controlling the malware to spoof the credit card on their own phone... and since tap-to-pay is considered authenticated, chances are next to zero you can dispute the payment.
There's already a better way to check whether an Android phone is secure enough and it is independent of any proprietary OS certification: basicIntegrity [1].
Most banking apps in Germany use this API and thus work on GrapheneOS and other non-Google controlled ROMs with a locked bootloader.
PlayIntegrity is unnecessary and mostly offers vendor lock in to Google's ecosystem.
[1] https://grapheneos.org/usage#banking-apps
>If a malware were able to snatch the key material that represents the credit card
I'm pretty sure that data is stored in the secure enclave, which is impossible to access by design, root, no root, bootloader unlocked, google approved or not.
Only your carrier is supposed to record the calls.
Edit: apparently the /s is obligatory on this one
iphone now allows phone call recording.
I don't know if it is geolocked somehow, I wouldn't be surprised if it was. for example, Japanese iphones always make a shutter sound in japan or in airplane mode
There is a waveform thing in the corner you can press during a call. It will say "this call is being recorded" and waits 5 seconds, then records the call.
strangely... the recording doesn't end up in voice memos, it ends up in notes.
Absolute lies, where I live it is one party consent. I can still record with another device on speakerphone.
I think the person you were replying to might have intended sarcasm.
Yes this was sarcastic, I should have put a /s
I also live in a one party consent state.
My government (Denmark) refusing to let me use their digital identity app because I don't want to accept Google's or Apple's TOS, and Google helping them enforce that via remote attestation services.
Luckily there are alternatives in the form of code displays and NFC chips. However, next year I won't be able to watch porn unless I verify my age using a smartphone, no alternatives are planned. Or rather, I have the "free choice" to choose between a privacy preserving ZKP solution operating in the kingdom of Google or uploading my face to a porn site.
Dark times.
During covid I was not allowed to leave house. Permits were only issued to local SIMs, which I did not had!
If I respected the rules, I would starve to death!
I assume you’re talking about another country, because in Denmark there was no general curfew under Covid (attendance to events might have required proof of negative COVID test or vaccination, but shops never did).
The amount of things you can't do in Denmark without a smart phone is terrifying. Technically you can still manage, but it's becoming increasing difficult. Way everything needs to be a fucking app is beyond me. Accessibility and alternatives for the elderly, or just people who doesn't want a smartphone is pretty much just ignored.
I'm glad to know that I'm not the only one who hates MitID. I really don't think that any software that has so much trust in the user has a good security model. What are they protecting against exactly? If someone else wanted to impersonate you with your consent you could just tell them your login credentials!
LOL, what? My (teenage) kids use my phone all the time, especially in the car, when I'm driving, but also at home. It's not like I have porn or banking apps on it, but what is the age verification going to help there? If the kids would install an app or used browser to see naked people, then my face would be available to these services, right? Better mine than the kids', I suppose!
(We're not in Denmark, but I wonder how it is going in our jurisdiction ...)
The Danish MitID identity "service" is actually pretty clever, except for the app used to approve actions or requests on your behalf. It's designed in a way that ensure that it can verify your age, but reveal nothing else about you. It isn't going to be used for "Porn ID" though. Instead it will provide your age information, basically 15+ or 18+ (I think those are the options), to an identity wallet, which in term will validate your age to the porn sites. Unlike the UK version there's no reason to have your face scanned, because the Danish government already knows your age and can provide that information via a trusted channel, MitID.
That's probably the issue the other post aludes to. The identity wallet will only be available via Google Play or the Apple App Store (as far as we know). So without a phone and a Google or Apple account, you're won't be able to provide your age information to e.g. PornHub.
Exactly this. Except the new service is not released as part of MitID but as part of the new digital wallet app (den digitale tegnebog). This is a separate and "voluntary" app which is meant to be offered as a convenience. Except it isn't really voluntary when the app is introduced together with new regulation that requires you to verify your age in places where you were previously anonymous, and the only way to actually stay anonymous and retain access is via the app.
route everything through a vps?
It's not a full solution. I've seen UK sites that, following the Online Safety Act, simply require all users to verify their age rather than bother to figure out whether you are actually a UK customer or not. I guess it's easier to implement and many sites mainly rely on domestic customers anyway so they don't care if international users are affected.
Also, this isn't just about porn. For example, I can barely use Reddit now if I connect with a UK IP address: the merest hint that there might be some NSFW angle to a post is enough to trigger their algorithm into requiring age verification.
It's a temporary solution though. It's only going to get more draconian. Next thing you know the talk is about punishing VPN users, because now they can be painted as evading the law.
i mean yeah but you cannot do shit all about a vps. commercial vpns yeah you can ban and monitor. a vps is your own device just elsewhere
> i mean yeah but you cannot do shit all about a vps
Of course you can. The AS numbers of major hosting providers are well known and it is already common practice to ban associated IP addresses for stuff that should only be done by legitimate users.
you cannot ban aws or linenode my dude
Why not?
because half of the internet is there
That's why I explicitly wrote: "for stuff that should only be done by legitimate users".
That means Netflix et al can (and do) ban everything that even remotely smells like a datacenter IP range and not a residential one, because that is a common method of evading regional bans or undermine pricing structure.
And on top of that... if the focus of your website is humans, you might want to cut off all datacenter originating traffic as well. Save yourself the hassle of dealing with AI scrapers.
I would much rather fight this and retain my rights instead of participating in some kind of privacy and censorship arms race.
[dead]
> or uploading my face to a porn site.
I assume that in the pornography you've decided to consume, the participants are not clad in balaclavas.
They're showing their faces to everyone, in perpetuity, which many may no longer want to, and - considering the exploitative nature of the pornography industry, where rape is endemic - some didn't consent to in the first place.
So maybe consider that when you're complaining that your own face may be linked with pornography. Is what you're doing ethical? Do you reasonably have any right to complain?
Yes I do, and you argument is ridiculous. First of all, porn actors are operating legally and consent to what they are doing. There are real problems with the industry, but the fact that porn actors have their face shown does (of course) not mean that consumers of porn should logically have to also disclose theirs to online services.
Second, porn is just the beginning. This will also be rolled out to social media, and I wouldn't be surprised if in a few years this will be required in lots of places where children could be exposed to something that politicians find offensive.
What kind of argumentation is this? Just because someone decides to show stuff, everybody else is also required to show themselves? e.g. If I go to a theater where the actors are clearly identified, I have to be okay to get a facial scan as well?
Some people tend to demonize porn, and it might be unethical in their eyes, but fact is: it is not illegal (in most countries). I don't argue that there are issues in the porn industry, but this is an issue with the platforms, that they don't allow the upload of non-consentual material, or and have processes to take it down. This is a 'THEIR' problem (the platform not the victims).
There some of these issues also exist in the standard movie and music industry as well. Hell, it even goes up to company executives and politics. But this is up to law enforcement do their job and to remove the illegal stuff and prosecute the involved persons, not by branding everyone as a suspect.
< recording phone calls
FWIW the default phone app on GrapheneOS supports recording phone calls.
Did a nation state ask GrapheneOS to add that feature?
Why is it always "nation state" when this is brought up, do states and nations that aren't congruous not represent a perceived threat?
"nation state" has a particular meaning and it's not just "a smart-sounding way to say country" but it tends to get used that way.
It does have a particular meaning, but it is one that's not relevant in this context, and it's probably narrower than what the poster intended. For example, Belgium is not a nation state, but I'm sure the GGP would be surprised by an answer like "no, it wasn't a nation state, Belgium asked them to do it".
What do you mean by 'Belgium is not a nation state', if i may ask?
They probably mean that Belgium consists of French-speaking and Dutch-speaking (and German-speaking) groups, which the person counts as separate nations, hence Belgium not being one nation.
This is mostly a language confusion for non-native English speakers. Nation, country, state, a people, nationality, ethnicity, citizenship etc. are used in confusing ways for speakers of other languages.
For many, "nation state" just means an independent state (roughly speaking, a UN member, note also that the UN is called United Nations), because just saying "state" could mean a subdivision, such as a US state. And "country" can be confused with the subdivision of the UK (they call, e.g. Scotland a "country").
In more precise contexts of political history, "nation state" mostly refers to modern (post-World War I) countries that more or less correspond to a people speaking the same language and having the same ethnic identity. It delineates nation states from the previously more common multi-ethnic empires and kingdoms, such as Austria-Hungary or the Holy Roman Empire etc.
Similarly, in English, nationality is often an exact synonym for citizenship, while speakers of other languages expect it to mean ethnicity, e.g. an ethnic Hungarian in Romania with Romanian citizenship would be considered a "Romanian national" in English-language news. This often makes people confused/angry. Also, in some contexts in English, "ethnicity" is more like a euphemism for something like "race", but not quite (e.g. in the US "Latino" is considered an "ethnicity" but not a race). In that sense "Hungarian" would not count as an "ethnicity" at all, but still phrases like "ethnic Slovak" refer to a minority group in a different country than Slovakia. But also "ethnic" can also just mean with "exotic foreign origin", e.g. "ethnic food" or "an ethnic woman" (this was really weird when I first read it). But I digress.
I think you're spot on with this:
> ... because just saying "state" could mean a subdivision, such as a US state ...
I mean that there is no Belgian nation - native Belgian citizens are mostly either Dutch-speaking Flemish people or French-speaking Wallons, and generally don't have any significant notion of a shared national identity.
Note that this doesn't mean that a state with multiple ethnicities/languages can't be a nation state. Indians, for example, generally have a clear national identity, despite being citizens of a huge federal republic with dozens if not hundreds of languages spoken, some of which don't even share a common language family. So, India is a nation state, unlike Belgium.
Belgium may be used as a stand-in for Brussels, i.e. the European Union.
I think the author of the post was referring to the fact that Belgium is a multinational state, comprised of Dutch-speaking Flanders and French-speaking Wallonia.
I've heard Brussels as a stand-in for the EU.
I've never heard Belgium as a stand-in-for-Brussels-as-a-stand-in for EU.
But it isn't, here. The state of Belgium created itself by secession from the United Kingdom of the Netherlands, and its populace generally comprises two nations, Flanders (Flemish) and Wallonia (French), neither of which are continguous with the state, nor particularly interested in sharing a national identity with each other.
In short, a state is about turf, and a nation is a people, and you need them both to look similar on a map to make a nation-state.
TIL
Why?
I would very much like to record phone calls made by me.
When the company on the other end denies what we agreed a recording would be useful.
My friend, your phone might snitch on you depending what pictures or files you save. Your messages and calls can be saved at will without your knowledge. Even your notifications are being watched. Your apps have backdoors to spy on you.
It is already here.
> My Android phone prevents me from taking screenshots if an app author doesn't want me to.
It's worse. An app author can even be notified if a screenshot was taken.
The issue is bigger than that.
Why not two people share a device, and when passed from one person to another, delete applications and install all apps and profiles from scratch using verified checksums saved on a blockchain. An OS which could do that is something like Nix. When passed to the previous person same thing, delete and install everything from scratch.
Using smartphones in a smart way, not a dumb way, like timesharing mainframes of the past. Same procedure could be applied to cars and other devices.
Android's Multiple Users feature does exactly this. Multiple users accounts with all user data completely sandboxed and restricted to each user. All user data is cryptographically protected on storage devices.
The actual SE filesystem available to a logged in user is pretty complicated. But the short story is that user-data is completely isolated. Presumably application binaries (which require digital signatures by default) are shared; although the "installed" state is not. Successive releases of Android have restricted access to any legacy "shared" data on the device (media folders particularly; pictures and video taken by the camera device have been strongly protected since Forever).
Verified checksums on a blockchain are only useful if they are verified by some provider who associates a blockchain ID with a real-world identity. Not sure what "blockchain" really adds. If anyone can create a blockchain ID, then "verification" doesn't really provide useful information.
> Multiple users accounts with all user data completely sandboxed and restricted to each user.
User data and user programs. Clean installation kind of user programs.
> Verified checksums on a blockchain are only useful if they are verified by some provider who associates a blockchain ID with a real-world identity.
Nix associates a unique id to each program version or package or config file. The verification happens on the Nix package manager.
The user uploads his exact config of OS somewhere, in his own home server, at a goverment server, at AWS, on a blockchain, somewhere. A blockchain seems like the best solution to me.
This assumes that these two persons will never need to use a smartphone at the same moment, which is a bit of a logistical puzzle.
Installing apps is the trivial part; isolating, or removing / reinstalling user data is much harder. Especially a few gigabytes of it. An SD card could work maybe.
This all goes against the grain of the smarthpone UX, the idea of a highly personal device that you can use for anything, and might need (or benefit from) at an arbitrary moment.
If the point is reducing e-waste, the solution would rather be opening up the hardware enough to provide long-term software support, LineageOS-style.
> This assumes that these two persons will never need to use a smartphone at the same moment, which is a bit of a logistical puzzle.
In general no one wants to share anything with anyone, but when two people cannot afford a device individually, but it is within reach when they buy it together, time-sharing becomes a totally acceptable solution.
> Installing apps is the trivial part; isolating, or removing / reinstalling user data is much harder. An SD card could work maybe.
Checksums might overlap by quite a bit. No need to remove programs installed by both users. If the total installation of each user is 10 GB, but the installation diverges 300MB only, not a big deal in most cases.
[dead]
The first part also happens on desktop thanks to DRM, unfortunately. Like on Android, it can be worked around, but it's a massive pain to do so.
I'm curious about the second part, though. How do carriers influence the call recording feature on your phone? Is it because you run a carrier ROM or is there some kind of integration with the mobile network/SIM card that I'm not aware of?
See https://source.android.com/docs/core/connect/uicc. UICC is the software component of a SIM card.
I think this might be a longstanding "bug", but I have also not had any luck on my android using the screen recorder to record device audio from a browser (either chromium or firefox). It used to partially work using the mic to record the speakers, but currently it sounds like it does processing to subtract away the original signal; I hear mostly silence with occasional garbled artifacts resembling the original audio.
Maybe this depends on the site? I have definitely recorded video with audio off YouTube and other popular video sites, on a stock Samsung phone, even yesterday.
Fortunately we still have the analog loophole.
Is not your phone and it probably never will be.
These petty measures are as self damaging to reputation as futile: one can easily make screenshot or do recording with an other device, which is soooo commonplace nowadays. It is just ruining user experience with small-minded measures, driving people away.
run a custom rom. Infinity X (the gsi one) does both
Custom ROMs do not work with remote attestation (typically), so that means saying bye bye to a lot of apps, including some banking apps.
please research before spreading missinformation. the specific gsi rom passes strong out of the box
Saying that custom roms typically fail attestation is not spreading misinformation, it is very correct, and google is closing the door on it fast.
It's possible that this one random rom that you mentioned passes it today, but it might not pass tomorrow.