this post was submitted on 16 Oct 2024
14 points (69.4% liked)

Privacy

31604 readers
481 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago
MODERATORS
 

So as you may know, i'm an iPhone user and a hater of Google. Recenly, it has came to my attention that i am somehow being spied on, as this has been appearing lately every single day:

Now i did not open the camera at all, and somehow it's saying that's being used.

Not only that, but basically i had a qr code saved in my camera roll. Every time someone scans it, i get a notification. However, randomly at 12 am, somehow i got a notification saying that someone scanned it. The QR code was not shared anywhere or posted, and the phone was offline at that time too. Now i think that its probably the time to switch from iOS to android.

Why is android superior then iOS, why, and how is it safer then iOS and what phone should i buy? (no pixel tho)

top 29 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 minute ago

About the QR code, the code itself can't tell whether its being scanned or not. I assume the QR code is a URL to a website and the server sends you the notification. So if somebody scanned the QR code and opened the link in their browser but then closed their browser without closing the tab, each time they reopen the browser and the tab automatically refreshes it would seem like a new scan. Even if the URL itself is supposed to forward the user after the notification, some browsers screw up the forwarding process or open the forward address in a new tab, depending on the user settings.

[–] [email protected] 4 points 2 hours ago* (last edited 2 hours ago)

the grass is roughly as green on the other side, android is no better for privacy unless u are willing to put in an unreasonable amount of work into it which isnt worth it for most peoples threat profile, i recommend switching passwords on everything and maybe factory resetting ur phone. Also u should switch but only because apple makes garbage products.

[–] [email protected] 22 points 4 hours ago* (last edited 1 hour ago)

This isn’t an iPhone problem. This doesn’t happen normally. There’s one of two things going on:

  1. you jailbroke your phone/sideloaded/installed some shady app. Solution: hard reset that phone and set it up as new. Do not copy over anything, and use the phone as close to stock as possible for a bit. These notifications will stop. Then you add apps and stuff slowly until you figure out what is the offender.

  2. you’re being targeted. Somebody did something nefarious and they are probably good at it. It’s not easy to get into a stock device. I find this option possible but unlikely unless you’re a VIP or you’ve REALLY pissed off an ex lover or are married to overly attached girlfriend.

*Edit

Maybe there’s a third option. Maybe the phone’s hardware is just borked somehow - a chip or sensor or something is broke. /shrug. I suppose that’s possible too.

[–] [email protected] 35 points 6 hours ago (1 children)

You say that as if Google’s platform isn’t also riddled with spyware. “Spying,” AKA advertising, is Google’s bread & butter.

[–] [email protected] 15 points 5 hours ago

When they said Android I assumed they meant degoogled or a custom ROM, but it's good to point that out I suppose.

[–] [email protected] 17 points 5 hours ago* (last edited 4 hours ago) (2 children)

i know you said no pixel, however ... Pixel + GrapheneOS works great and easy to install.

GrapheneOS takes the google spyware out of pixel. However, it does add a slightly steeper learning curve to Android. Not too bad, just a few more options to poke at.

It doesn't cut you off from the google play store, instead sandboxing it preventing from accessing data outside its own service. This is important if you need specific apps for work, bank, etc.

For open-source apps F-Droid app store is your friend.

Unfortunately, GrapheneOS only works for pixel. There are other options you could look into such as LinageOS, but those goes beyond my personal knowlage. Specifically you want a phone that allows you unlock the bootloader.

Avoid Samsung like the plague.

Any version of Android that comes pre-installed is going to have Google Spyware and bloat. Manufactures, especially Samsung, spin up their own version of Android so then you have both Googles bloat and Samsung bloat.

[–] [email protected] 4 points 4 hours ago (1 children)

Lineage is not fully degoogled, they just give you the option to not install Google services, AFAIK, and leave the hardcoded google deps be. So, if you need something graphene-ish on a broader range of devices, you should go with divestos (developed by the same guy who makes mull/mulch). Although, it's a bummer there's no storage/contact scopes, those are pretty useful at times (sandboxed play services are cool, I just don't have a purpose for them)

[–] [email protected] 2 points 3 hours ago

Yea, I've moved to DivestOS on a couple phones, and I really like it.

Some things it does differently, like allow you to choose your Internet Heartbeat provider, so your phone isn't constantly pinging Google to check the internet connection is up. There are about 10 options, including none.

[–] [email protected] 1 points 5 hours ago (1 children)
[–] [email protected] 1 points 5 hours ago
[–] [email protected] 2 points 3 hours ago* (last edited 3 hours ago)

Are you sure you've NEVER shared the qr code with anyone? If so, what is it actually for? Because a qr code's purpose is to be shared. If you've ever shared it before, people can have copies of it. I myself take a picture of a qr code and load it from my camera roll instead of directly opening the link from my camera, because I want to keep a copy of it.

Now if you truly haven't shared it to anyone, then it is either a bug with whatever app, website, or mechanism you generated the qr code from and it's alerting you; or it's an IOS bug; with the former the more likely. Like others have said, this is absolutely not normal behavior on a non-jailbroken iphone. And to Apple's credit, the iphone is pretty secure. This should be the order of steps before going nuclear:

  • Find out if the source of the issue is the app or mechanism the QR code is using to alert you. Check if it's a bug or it's actually a malicious/rogue app.

  • If that's all good, clean up your phone. Check which apps have access to your camera and microphone, and disable anything you don't need or trust. Delete apps if necessary.

  • If that still doesn't stop it, hard reset your phone.

[–] [email protected] 22 points 6 hours ago (1 children)

Maybe fully reset/restore your phone first to wipe any malicious apps?

If anything, use a degoogled OS instead of android.

[–] [email protected] 14 points 5 hours ago (1 children)

This is the answer. No way you get MORE security switching to Google. (There's loads of Apple Haters here though, so watch out). I'm also an Apple hater. I just hate Microsoft and google more.

[–] [email protected] 3 points 3 hours ago* (last edited 3 hours ago)

You can easily get far more privacy with Android than iOS, even using a factory, unrooted, rom.

Though I'd say iOS is more private out of the gate than Android.

Once you start installing apps, it's arguable which is worse - while Apple restricts a lot of stuff, I've had apps on iOS that eat battery to pull ads constantly (specifically one Solitaire game, but others too) and lots of Android apps are notorious for wanting every permission and to run at boot. "Free" games on both platforms are notably guilty.

At least with Android you can choose a lot of apps that don't collect data, and don't even want a network connection. Unrooted, you can use a VPN full time, that can block network access for apps, or even specific network connections (NoRoot Firewall is one, and ThinkDNS can do this too, IIRC). Like free games - on Android (even unrooted), I can block their network access. And I know it's effective because it breaks some games.

I've used a stock, unrootable phone, and stripped down a lot of stuff using the Universal Android Debloat Utility. It can disable bloatware like all the Facebook components.

Though if OP wants to have a more private and more secure device, I'd go Android with a custom rom, especially Graphene, but Lineage and DivestOS can get you close to Graphene, especially is you manage your layers of privacy and security.

[–] [email protected] 2 points 3 hours ago

If someone scanned that QR code, it means they have a copy. If they, or someone else then scanned it (or copied the text from it and pasted in a browser), it would function as if they scanned it.

I mean really, this is how QR codes work. It's shorthand for text, typically used to URL's.

[–] [email protected] 8 points 5 hours ago* (last edited 5 hours ago) (1 children)

These things you are experiancing are not normal. A spyware may have got to your phone somehow and if you dont know how did that happen it will likely happen again with your new android phone. What I would do if I was in your place is taking the phone to apple and ask if they coukd scan it for me.

are you someone politically important? Someone in comments mentioned israeli spyware called pigasaus and it can target both iphone and android

[–] [email protected] 4 points 4 hours ago (1 children)
[–] [email protected] 2 points 50 minutes ago* (last edited 6 minutes ago)
[–] [email protected] 4 points 4 hours ago

iOS has Lockdown Mode which it sounds like you could benefit from.

[–] [email protected] 4 points 4 hours ago

For the camera app, it could be as simple as accidentally swiping left on the Lock Screen even just a tiny enough amount to activate the camera, even if released before the full quick shot mode is displayed. That at least is plausible from within a pocket and is not a security concern. Other apps cannot pretend to be the camera app when accessing it.

[–] [email protected] 6 points 5 hours ago

Have you rebooted? The current Israeli malware all the state actors use allegedly can get in sans interaction but can't survive a reboot...

[–] [email protected] 11 points 6 hours ago* (last edited 6 hours ago)

Have you tried wiping the phone and being careful about what apps you install?

The camera specifically says it was accessed by the camera app which seems perfectly normal. The microphone being unknown is odd.

You can't get notifications while offline, so that sounds more like a bug of some kind in an app you have installed maybe?

[–] [email protected] 4 points 4 hours ago

This being displayed as "Unknown" is likely just a bug or an app you (very) recently uninstalled. And you probably opened the camera app by accidentally swiping right to left on the lock screen. Even just a slight swipe will launch the app so it's ready when you're done swiping.

And I'm not even sure what you're talking about regarding your QR code.

Android is not de facto superior to iOS, nor is the opposite the case.

If you're really that paranoid, even GrapheneOS on a Pixel shouldn't calm you down because it also requires proprietary firmware by Google (and possibly other vendors) to run on these proprietary devices. In this case my advice would be to stop using smartphones altogether and rely on open source computers (couple of RISC-V options out there I think) for your computing needs.

[–] [email protected] 6 points 5 hours ago (1 children)

You should get a Fairphone and use a degoogled custom ROM. If you really want to get away from Google at the expense of some functionality, you can try a Linux ROM, but I'd recommend one based on Android such as Lineage OS. The benefits are mostly freedom adjacent. You have the freedom to run any app you want, whether it's from the app store or not. You have the freedom to use any browser engine you like, and download extensions to Firefox. You have the freedom to root your device and make simple full backups of your device to any local storage that you own by accessing the root storage folder. You have the freedom to use apps like Rethink DNS to block ads device-wide, and there are generally a lot more FOSS apps written for Android than iOS as you don't have to jump through all the hoops of the app store to make your apps available for others.

[–] [email protected] 0 points 5 hours ago

That's where I think android's biggest advantage lies: the staggering amount of high quality, no bullshit FOSS apps available.

[–] [email protected] 4 points 5 hours ago

Buy an Android phone that you can flash to change the OS to remove all Google dependancies and use F-Droid to get all of your apps.

[–] [email protected] 5 points 5 hours ago

Non-google android is the way to go unless you're looking to be even more adventurous. Which phone you should look for depends which of the OS options you prefer. No pixel means no grapheneOS. LineageOS is the one I chose, runs on quite a few mostly older phones. There are many others.

[–] [email protected] 2 points 5 hours ago

Why is android superior then iOS, why, and how is it safer then iOS

It isn't superior or safer. Whatever you did to your phone to install spyware will not project you any bette by using android.

I'm not even sure what you could have installed that would break out of the app sandbox. It's likely to I have some device management profile installed, but even that seems unlikely. It's also possible your phone compromised but that's typically requires a state level attack.

I'm actually leaning towards drug use or carbon monoxide poisoning. Yeah, it is that weird and you sound that paranoid.

[–] [email protected] 1 points 4 hours ago

Do a DFS of all (non-app-specific) settings. Disable almost everything, for the time being.