It has been reported by TechRadar and other publications that over 100 million devices, such as smartphones, have been infected with an intrusive adware that operates in the background without the knowledge of the device owner and/or end user.
Read more at Purism: How PureOS Can Stop Devices From Being Infected With Intrusive Adware! – Purism
I’ve always considered adware to be a “stupid user” problem. Stupid users exist everywhere.
I should note that I view that link you provided was mostly-an-advertisement and I would have hoped that you would have disclosed that you are an employee of Purism. But that’s just me.
By the way, the article makes a claim:
Solving this [predatory surveillance and data mining business practices] is easy when all the source code is transparent and released for audit.
That’s oversimplifying and isn’t true. For example, many of the programs on cnet.download.com are FOSS. That hasn’t stopped people from adding adware to some of those FOSS programs and providing a download of the binary. In the end, one needs to trust an org to do the proper curation/audits — whether that is Purism, Debian, Flathub. And, I have to say, I do not trust Flathub for curation.
Yes I always found it funny that open source promotes the fact that it lets you read the source code, so in theory adware and malware should be easily found, detected, and reported.
The sad fact is nobody at the stupid user level actually reads the code they download.
Its not an issue by FLOSS its a Community issue and how FLOSS is used and run by individuals.
Who will download an apk for Android by download.com?
The big issue are Apps in the App-Store with the same Icon and a name to muddle up.
Flathub have a (software)-supply-chain Issue, like Docker-Images for Servers, or not patched python, ruby, pearl packages, managed by diverse software-management Systems. Which do not got updated to not have security-bugs like the log4j-Issue.
There are first or second level Issues. First-Level is where the User klick on something and Install trash/spyware and second Level where Admins ship Software to folks and never see an Update. But the issue with Smartphones is a designed one… because everyone like to have one, and most folks do not want to know how to administrate it the right way in the first place.
In the FLOSS Bubble the awareness about pros and cons still have a higher level of security i think… and to have ad-free Software without trackers …
I never said it was. I simply said that code being “FLOSS” does not magically solve the adware issue. Recall the article said (adding emphasis):
Solving this [predatory surveillance and data mining business practices] is easy when all the source code is transparent and released for audit.
That’s just not true. I gave examples of why that isn’t true by showing that plenty of FLOSS code has adware. The solution, IMO, is more about “curation” by people you trust than it is about “FLOSS”. Also, from my experience, “curation” within the FLOSS world is not easy.
Not download.com, but I’m sure you’re aware of apk’s on F-droid, APKMirror, … and others. It would not surprise me if there were FLOSS apk’s with adware, just like there are FLOSS desktop executables with adware on download.com.
You are right. I thought too much about source code vs closed source, and about how Alphabeth, Meta and Amazon using FOSS to maximize its profits and about the bad situation on our end user sphere. Even if its open source. It is better then full closed source, but today i saw good folks suggesting installing LineageOS (without tweaking) and off course its not secure free software without google.
I am with you, even its FLOSS we need to have to check what the software do and what data will be collected for personalized algorithms or to train AI.
If you have spyware apks, on F-droid, show me! I do not think so.
Edit: But there is allready a link to Firebase, and Debugging Information from usual (commercial) Android Packages… or about the google Push Service to collect meta Data. The Malware is less then the integrated best Practice, cause this is the way how big tech earns money.
F-droid appears to be pretty well-curated, so you’re probably right. But there is still FOSS adware for phones: I believe that Filezilla (which is FOSS) is on Android and reports show that the Windows version has adware. [ https://www.reddit.com/r/sysadmin/comments/mdg1rq/filezilla_now_contains_adware_if_you_download/ ]
I think LineageOS comes only with FOSS code and, AFAIK, is as secure as Android. That said, I do think that most people install Google Apps and LineageOS has a wiki to facilitate that ( https://wiki.lineageos.org/gapps ). But note in the wiki:
Google apps are the proprietary Google-branded applications that come pre-installed with most Android devices, such as the Play Store, Gmail, Maps, etc. Due to licensing restrictions, these apps cannot come pre-installed with LineageOS and must be installed separately.
However, I do know people that use LineageOS, no Gapps, and F-droid only. I’m not one of them.
Yes but, it incudes defaults from Alphabet. And this software is designed to extract as many data as possible. Even if you use it without gapps, it ping too google every time your WLAN Application check if a new connected Hotspot or Mobil-Data Link, have Online capacity to reach the internet, by ping a google Server. So they have your IP in the Logs. And every Push-Message will transmitted through the google system too.
And i think, -but this one is not proofed or backuped by research i know about- they use the BLE Pings used by Covid-Tracing-Apps, to measure movement and meetings between Devices. I am not sure, but i think they do it already to measure every WLAN and near BLE Devices, like Airtags and transmit that Data too, as Telemetry or just as, you only can use our software if you let us use your device to survey the world around you in realtime.
Here is a link of a german Researcher, who looked at LineageOS:
Its only in German but feel free to translate it with DeepL (or a Dictionary - just kidding)
I think this was not fair, cause the Lineage-Folks and the Android Community on free Roms Spent Time to accomplish a working Image of actual Code, with Patches. So Lineageos have the pros an cons like every free software has. It need more care and understanding. However using it in the wrong way will teach users to understand. Instead of Microsoft in the 1990 and instead of a small aspect of focus on own needs by a small complexity of software (whatever it implies in our world today and with its million lines of unread code), it did not compete with the search of guilt, from the poison tree with the Surveillance Capitalism focus. That its more important to spread software and expose users behavior and offer future modification to third (partie)s or in AI interests.
I am not sure if we can compete with that… had a dream today about what if the next level of humanity was after they upload Minds to Computers and gain immortality - then everyone who do not deliver to that Computer System missed the Backup…(?!) and i was not at the Party.
Just a Joke. This is less probable than my/our descendants will survive in a physical world.
However, in the end it will be a hard competition for us, to spread good (whatever the definition is), free Software and Devices to our surviving mankind.
I can not see in the future, but like a muscle you do not train/use, you will lost abilities to Computers if you do not need them. And i think pushing complex Smartphones with High speed Internet Connections, is no good idea or gift for your child, if the device itself use filters and behavior changing/learning (optimizing spend time) algorithms which tune behavior for the next Dopamin boost.
I know right now my focus is too conservative and i lean towards a pessimistic sight, but the time has spread that story too long. Hope it will begin a new change with some Linux Phone. Because our possibilities grow with that device.
It was probably not a new dream. It was probably your subsconcious rememboring this old science fiction story (or subplot deriviatives added to film) of this:
http://www.thelastquestion.net/
And I can hardly believe there is a whole domain devoted to this one short story from 1956. (Trek had some end state beings like this and maybe Stargate too.)
Agreed. I had forgotten about those defaults. One should probably also remember to:
Change the DNS server defaults (Domain Name)
Change the Captive Portal defaults or just switch it off (LineageOS 16 or later)
Change the SUPL Host server defaults (GPS)
Change the NTP server defaults (Time)
You should check out a game called The Talos Principle. Extremely well crafted and all techies will enjoy it.
I am feeling lost if i send Pictures, Messages or Audio Recordings to Friends, Staff members or Families commercial phones, and that information got processed by an AI, uploaded to a Clout and stored for future analyses.
A single Phone is no solution. And it will undermine society so fast.
I am not sure if our flame of digital privacy emancipation can burn fast enough through friends to solve that. The best chance is to enable communication with single devices like islands, and have a second public involving snitching phones, which does not solve our problem. But we need time to care about. Everyone done that in the past too, but lost that memory with the upcoming internet age.
The youth can just dream about it and do not understand how dangerous it is to have the full live backuped through third-party devices without the control about it.
Every time we find a solution, there will be one more step or proof to gasp the software, like only if you change the configure in the right direction you will reach the next step. I am so tired of climbing.
P.s: Thanks Bilhe77 for that game i will have a look if i find time. Tracy, i am sick about that dream. And my memory was more like a bad dream about that may be come true and will be the important weighted step if someone from the future look back… 
A cluster phone?
(Like an old VAX cluster.)