Comment by a2tech
7 days ago
Top notch work. I assume the person picture is a test account, but it still shows how deep these companies can get.
This surveillance tech is a real problem--it's making everyone unsafe and should be regulated. I know its too convenient and useful for government/big companies so it'll never happen...but it should
This surveillance tech is a real problem--it's making everyone unsafe and should be regulated.
The other thing is that people willingly buy phones full of spyware. E.g. quite many Samsung models have the Israeli AppCloud installed (supposedly to recommend applications):
https://www.malwarebytes.com/blog/news/2025/11/budget-samsun...
Even though AppCloud itself may be for recommendations it apparently mines a lot of data and each such background application, it is another potential attack vector, and I suppose that the Isreali government can compel the company to use their software for different purposes (not sure).
In contrast to what some news articles state, some Samsung models sold in Europe also have it and nobody seems to really care about it (nor the persistent Meta services, etc.).
Or maybe, you know, we should stop writing security-critical software in memory-unsafe languages. Mobile devices not treating their owner as an adversary would also be nice.
That's only part of it. That all security issues would be gone after writing code in a memory-safe language is a fairytale (though it does help a lot).
The other parts layered defense, reducing the number of privileged/non-sandboxed applications/processes, not shipping spyware/adware, etc.
Only Apple/GrapheneOS and to a slightly lesser extend Google Pixel are good at this. Many phone manufacturers still use the TrustZone TEE on the main CPU (rather than a separate security processor), isolated radios, hardware memory tagging, and dozens of other defense-in-depth features.
How do you defend against supply chain attacks??? The problem is that Israelis and their firms have access to the full chain due to their influence.
If you mean the software supply chain, minimize third-party dependencies and carefully review any updates. I mean read and understand code diffs before you bump versions.
If you mean the hardware supply chain, has that ever actually happened? I've only ever seen it mentioned as a theoretical possibility so far.
Could you elaborate more on this?
"Regulated" in reality basically means your messages are not only read by private companies that collect them, intelligence agencies that access them, but also by people sitting in the regulation panels. When officials say regulation they basically mean "I want a piece of action, too, dumbass, otherwise I'm gonna shut you down!".
Yes, that's exactly how regulation works and is why everyone with a drivers licence are always complaining when the gu the government sent to hold the steering wheel that morning is late. /s
Regulated by whom exactly? Since you can't even read, the spyware is being exclusively used by all govts of the world. Regulation never works, if you need a secure phone use GrapheneOS.
There's always a comment for "regulation" by an ignorant HN normie under anything related to surveillance. I feel like it's mostly bots at this point.
> Regulation never works
Woah there cowboy, sure you want such a broad and strong claim? Maybe you've eaten too much asbestos, breathed too much lead-gasoline fumes or otherwise inhaled something strange, because I'm sure there are countless of examples of regulation working just fine. Not to say it isn't without problems, but come on, "never"?
Regulation never works in the interwebs*