I installed NetGuard about a month ago and blocked all internet to apps, unless they’re on a whitelist. No notifications from this particular system app (that can’t be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?
Edit 2: I bought my Pixel 6 phone outright, directly from Google’s Australian store. I have no creditors.
Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?
I don’t even live in the US, so what the actual fuck?
Edit 1: You can check it’s installed (stock Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search “DeviceLockController”.
I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it’s amazing. You can also purchase via Google Play store.
In 2020 Google claimed it was supposed to be limited to a single region in partnership with a single carrier. And was never meant to be put up on Play Store.
A spokesperson from Google reached out to clarify some details about the Device Lock Controller app. To start with, Google says they launched this app in collaboration with a Kenyan carrier called Safaricom.
Google has confirmed that the Device Lock Controller app should not be listed on the Google Play Store for users in the U.S., and they will work to take down the listing.
Source: https://www.xda-developers.com/google-device-lock-controller-banks-payments/
Of course, it was a lie since it’s still on Play Store an of today and in use.
I’m using CalyxOS and it’s pre-installed as a system app, so this seems like something that’s being built in at the AOSP level of development.
DivestOS here, it’s not in my ROM.
iodéOS here and I can’t find it on my phone either (yes I looked at the system apps)
Are you looking at system apps? It’s installed as a system app on my phone using GrapheneOS
com.android.devicelockcontroller
Looks like it’s an AOSP app
I see it on Graphene too, took away its network perms at least.
Can’t find it in OxygenOS
Did you check your system apps? It’s an AOSP app, so I would be surprised if this were the case. It could be under either
com.google
orcom.android
.Yeah I did it’s not there
Of course, it was a lie since it’s still on Play Store an of today and in use.
FWIW, I just searched it up and it’s listed as unavailable in my region (USA) 🤷♂️ so at the very least, they scoped it down a little bit
So they region locked it from US, but it can still be pre-installed as a system app from AOSP. And it’s available in EU, while was meant to be in Kenya only.
Just because it’s not in the Playstore, doesn’t mean it’s not installed.
It’s not listed in the Australian Playstore either, yet here we are with it making internet requests.
It’s definitely installed.
It’s not just you, it’s phoning home for me too. Pixel 7, also Australia, bought outright from officeworks. I don’t log network reqs so I don’t know exacts, but it’s using 25kb every 3 days or so, so it’s doing something.
It must be globally, I’m in Australia. What utter bullshit, since I would have never known if it weren’t for my NetGuard firewall app.
Being Australian this is likely one to report to the ACCC, as Aussies at least have basic consumer protection, though that get murky with overseas tech entities.
Unfortunately the ACCC gives fewer fucks than you may expect. An airline once cancelled a flight on me and kept the cancellation fee, despite producing no evidence that any government had forced them to cancel the flight (this was during COVID).
ACCC did not care one bit
So while we do have some consumer protection (better than most) I would be surprised if they cared.
It’s 5 minutes out of your life to try, as an aussie, please do, for charity if nothing else, who knows, you might benefit…
I am a serial complaint lodger, just that I’m much busier than I used to be. I may do it once I figure out what’s going on with it on my phone.
Fair cop.
Thanks for you understanding friendo 🇦🇺
If it tickles your fancy, I once lodged a complaint with the national measurement institute to get a bar to stop selling American pints.
And they now sell it by the mL, beautiful
I’m in Australia, and when I search for Device Lock Controller in Play Store, it says “This app is not available in your region”
This happens on 2 separate devices from different manufacturers. Both devices were purchased in Australia and have Australian ROMs
Also in Australia and it shows that to me as well
But going into my app list and showing system does show it
Check your installed apps (I left an edit in th post where to check). Just because it’s not listen in the Playstore for Australia, doesn’t mean it’s not installed.
Yeah, I checked installed apps (checked system apps), and I don’t have it installed on either of my devices
What model do you have, out of curiosity?
I’m surprised it would be on the play store since presumably if you were a carrier or creditor of some kind you want this installed in a pretty clandestine way and wouldn’t want to draw attention to it by having an app store listing.
I’d assume they want to be able to update it and that’s why it needs a store listing.
Being on the play store means it can be updated and managed like a normal app and not stuck on whatever version shipped with the OS
This type of tech is already being put into vehicles as well. I used to get laughed at 20 years ago when I predicted this. Nobody is laughing anymore. If anything, they just accept it.
your self driving car will just drive itself back to the lot when your payment is late
Sigh. Way too much freeze in fight, flight or freeze…
https://neuroclastic.com/the-6fs-of-trauma-responses/
Don’t forget the 3 other Fs! Fawn(Friend), Flood, and Fatigue/Flop
Well, that was depressing (irony intended). Thanks for the thinking…
People laughed at Stallman, too. But I’m not comparing you to him. He’s apparently a real POS.
Nah, he’s difficult to work with for sure, and rather extremist, but unfortunately he is a lot of right on the money. I wouldn’t call that a pos
most of this “he’s a pos” comes from the misconceptions about him. he has a certain fixation to the vocabulary, and he often corrects others for it. then those people take the “attempt to correct” as “support” for the debate itself.
I think this is an extremely generous take. For anyone not in the loop, he gets called POS for famously weighing in on discussions of pedophelia by saying children 13+ aren’t children so it’s not pedophelia.
I think this goes beyond being bad at knowing when to correct semantics
Dropping ddevault’s recent post about RMS here
deleted by creator
Nah, I truly believe he is that awkward and tone-deaf.
I do too, but I think being that tone deaf after being called out says a lot, and I think it’s pretty good reason to not make blanket endorsements for his statements/beliefs
Sure. The only “blanket” statements I’m willing to give are limited to his work on Free Software. His statements on pretty much everything else should probably just be ignored.
he wasn’t tone dead in that case you mentioned. he has since changed his thoughts about it.
Many years ago I posted that I could not see anything wrong about sex between an adult and a child, if the child accepted it.
Through personal conversations in recent years, I’ve learned to understand how sex with a child can harm per psychologically. This changed my mind about the matter: I think adults should not do that. I am grateful for the conversations that enabled me to understand why
I think that even that is more bad phrasing on his end than him being a pedophile. Beyond weird opinions, there is no evidence at all that he is a pedo
But there is evidence that he defends it, and that he refused to back down after being called out. He is not a good person to look up to, and willfully makes harmful public statements, and willfully stabds by them. In other words, kinda a POS
Not that it excuses his behavior but isn’t he on the autism spectrum? People on the spectrum sometimes have no filter and are very literal. Like saying a 13 year old is more adolescent than child.
Requests the app made today.
This is my phone I own outright, by the way. I don’t have any creditors.
Update for those curious:
adb shell pm uninstall --user 0 com.google.android.devicelockcontroller
If you’re using Shelter, then in addition to that command, replace
--user 0
with--user 10
You don’t need root to do this. You can also uninstall other bloatware using this same method.
Hero, I just have to get around to doing it 😅 (I will, but grumble, grumble this is why most people don’t bother battling for privacy)
I tried this on a Pixel 7 and am getting:
panther:/ $ pm uninstall --user 0 com.google.android.devicelockcontroller
Failure [DELETE_FAILED_INTERNAL_ERROR]
I also tried disable and got:
Cannot disable a protected package: com.google.android.devicelockcontroller
New to this depth of phone administration, where are you entering this command? Is there a developer CLI I should be looking for or is this done with a third party app or something?
Look up “adb” or “Android platform tools” on your favorite search engine. It’s something you do on your PC with your phone plugged in.
Right on, thank you!
You could also give Shizuku a try! Connects to android’s adb bridge over WiFi, right from your phone! From there you can use something like termux to shell straight into your phone!
At least it’s open-source: https://android.googlesource.com/platform/packages/modules/DeviceLock/+/refs/heads/main/DeviceLockController/
And that’d be why custom roms have it. It’s part of the base Android system.
I was able to start some of its private activities with ActivityLauncher as root. Most of them just crash immediately, but the help page is available. And yikes, they got them covered against a possible bypass, no developer tools or sideloading.
Still disappointed this is shipped in LineageOS, but I suspect not for much longer with that publicity.
So, that looks like this is less insane than it sounded… This is for if you buy your phone on a payment plan? Not for creditors more generally to have a option to repossess/dispossess your phone?
This is what small claims court is for. To me there is no excuse for this.
That is both Google’s official version and what it looks like poking at it.
I haven’t dug in the code, so I don’t know if this is theoretically possible for a shady carrier to enable after the fact. But it very much looks like a dormant feature nobody uses.
I guess I could see that making sense in poorer countries where carriers might have issues of people signing up for phone plans and never paying. A carrier locked flip phone was pretty useless, but nowadays cutting your phone/data off is more of an inconvenience than a dealbreaker, you’ve still got WiFi and a nice phone.
I know this is a privacy community, but I’m not sure I’m onboard with the outrage on this particular one. If you rent/lease or go on a payment plan for the device you’re using, then it isn’t yours, it belongs to the entity you borrowed it from.
If I don’t make car payments, the bank can repossess my ride. If I dont pay my mortgage or rent, I can be evicted by my landlord or bank.
If I don’t make my phone payment, the company should have recourse to prevent me from using their device.
This could open up the ability for bad actors to disable my device, and I agree that’s a horrible prospect. But the idea of a legitimate creditor using this feature to reclaim their property is not something I find shocking.
All your points are sound. The issue that I have with this is that remote disable functionality is not necessary to achieve any of these aims. Before they were connected to the internet, people were still able to rent/lease autos and the world managed to survive just fine. There were other ways for lenders to get remunerated for breaking lease terms - they could issue an additional charge, get a court order for repossession, etc. Remote disable was never needed or warranted.
So let’s start by considering the due process here. Before, there was some sort of process involved in the repossession act. With remote disable however, the lender can act as judge, jury and executioner so to speak - that party can unilaterally disable the device with no oversight. And if the lender is in the wrong, there is likely no recourse. Another potential issue here is that the lender can change the terms at any time - it can arbitrarily decide that it doesn’t like what you’re doing with the device, decide you’re in breach, and hit that remote kill switch. A lot of these things could technically happen before too, but the barriers have been dramatically lowered now.
On top of this, there are great privacy concerns as well. What kinds of additional information does the lender have? What right do they have to things like our location, our habits, when we use it, and all of the other personal details that they can infer from programs like this?
There are probably lots of other issues here, but another part of the problem is that we can’t even start to imagine what kinds of nefarious behaviors they can execute with this new information and power. We are well into the age where our devices are becoming our enemies instead of our advocates. I shudder to think what the world would look like 20 years from now if this kind of behavior isn’t stopped.
Perfectly stated! The moralizing story kind of serves as cover, as a complete blank check to excuse practically any behavior of the lender, without any limiting principle.
Right - they say that they’re just going to use it to defend their “property rights”. In practice, they’re going to use it for a whole lot more than just that…
I’m using a fresh install of GrapheneOS, and this is installed too. Not sure what that suggests, except that it’s possibly some core system level app.
Oh jesus, that’s crazy that it’s on GrapheneOS too.
Edit: I’m on a no-longer-supported GrapheneOS install on a Pixel 3a. I’ve checked and it’s not there for me. I also don’t live in the US (like OP). I wonder when it would’ve been added?
According to people from GrapheneOS these are two different things:
To be clear, https://play.google.com/store/apps/details?id=com.google.android.apps.devicelock is not what’s included in GrapheneOS. There seems to be some confusion about that. This is the app that does what’s being described.
What you see in GrapheneOS is https://android.googlesource.com/platform/packages/modules/DeviceLock/+/b1a971a6e29f5b426b13d96d7692e9dd5a7e81e2/DeviceLockController/
https://discuss.grapheneos.org/d/11639-device-lock-controller/9
Seems unlikely if you outright own it, this is for bought on a plan type stuff, no ?
Edit: On further reading, apparently not. WTAF?
There’s little to no info out there, but I did see some suggestions on a forum, that it may also be installed when setting up a Work profile. I use Shelter to create said isolated Work profile. I wonder if that’s a possibile explanation.
This may be the case, as I also have a work profile set up via Shelter.
Weird that it’s installed in GrapheneOS also though.
In any case, even if setting up a work profile, it should just not be installed.
A potential backdoor as a ransomware exploit for anyone who has a work profile on their phone, I would guess. Unless there are other apps bundled with android that also lock you out of your phone.
Root the phone and remove insane garbage like that. Rip and tear until it is done.