I installed NetGuard about a month ago and blocked all internet to apps, unless they’re on a whitelist. No notifications from this particular system app (that can’t be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?
Edit 2: I bought my Pixel 6 phone outright, directly from Google’s Australian store. I have no creditors.
Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?
I don’t even live in the US, so what the actual fuck?
Edit 1: You can check it’s installed (stock Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search “DeviceLockController”.
I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it’s amazing. You can also purchase via Google Play store.
Requests the app made today.
This is my phone I own outright, by the way. I don’t have any creditors.
Update for those curious:
I find it interesting that yours is
com.google.android.devicelockcontroller.I checked mine on GrapheneOS and it looks like it’s the AOSP version of the package:
com.android.devicelockcontrolleradb shell pm uninstall --user 0 com.google.android.devicelockcontrollerIf you’re using Shelter, then in addition to that command, replace
--user 0with--user 10You don’t need root to do this. You can also uninstall other bloatware using this same method.
I tried this on a Pixel 7 and am getting:
panther:/ $ pm uninstall --user 0 com.google.android.devicelockcontrollerFailure [DELETE_FAILED_INTERNAL_ERROR]I also tried disable and got:
Cannot disable a protected package: com.google.android.devicelockcontrollerAh. I guess you have to have root, then and just delete the apk.
New to this depth of phone administration, where are you entering this command? Is there a developer CLI I should be looking for or is this done with a third party app or something?
Hero, I just have to get around to doing it 😅 (I will, but grumble, grumble this is why most people don’t bother battling for privacy)
Mvp comment there. I checked mine and I am in the US, on a phone I originally bought on credit. I do not have that app installed. Go figure. 🤷♂️
Definitely worth checking out your app list to make sure. I wonder if it accidentally came downstream from AOSP into the alt ROMs, and that’s why it’s not in my stock, proprietary, US market, flagship Google pixel device.
I am at such a loss, because I can see it in NetGuard, and open it’s app details from there, but it doesn’t work even appear in system apps in Shelter.
What app are you using to see this traffic?
In 2020 Google claimed it was supposed to be limited to a single region in partnership with a single carrier. And was never meant to be put up on Play Store.
A spokesperson from Google reached out to clarify some details about the Device Lock Controller app. To start with, Google says they launched this app in collaboration with a Kenyan carrier called Safaricom.
Google has confirmed that the Device Lock Controller app should not be listed on the Google Play Store for users in the U.S., and they will work to take down the listing.
Source: https://www.xda-developers.com/google-device-lock-controller-banks-payments/
Of course, it was a lie since it’s still on Play Store an of today and in use.
It must be globally, I’m in Australia. What utter bullshit, since I would have never known if it weren’t for my NetGuard firewall app.
Being Australian this is likely one to report to the ACCC, as Aussies at least have basic consumer protection, though that get murky with overseas tech entities.
Unfortunately the ACCC gives fewer fucks than you may expect. An airline once cancelled a flight on me and kept the cancellation fee, despite producing no evidence that any government had forced them to cancel the flight (this was during COVID).
ACCC did not care one bit
So while we do have some consumer protection (better than most) I would be surprised if they cared.
It’s 5 minutes out of your life to try, as an aussie, please do, for charity if nothing else, who knows, you might benefit…
I am a serial complaint lodger, just that I’m much busier than I used to be. I may do it once I figure out what’s going on with it on my phone.
Fair cop.
Thanks for you understanding friendo 🇦🇺
If it tickles your fancy, I once lodged a complaint with the national measurement institute to get a bar to stop selling American pints.
And they now sell it by the mL, beautiful
though that get murky with overseas tech entities.
I mostly agree, but you gotta admit the EU has been sticking it to the tech giants lately.
I’m in Australia, and when I search for Device Lock Controller in Play Store, it says “This app is not available in your region”
This happens on 2 separate devices from different manufacturers. Both devices were purchased in Australia and have Australian ROMs
Also in Australia and it shows that to me as well
But going into my app list and showing system does show it
Check your installed apps (I left an edit in th post where to check). Just because it’s not listen in the Playstore for Australia, doesn’t mean it’s not installed.
Yeah, I checked installed apps (checked system apps), and I don’t have it installed on either of my devices
What model do you have, out of curiosity?
I’m surprised it would be on the play store since presumably if you were a carrier or creditor of some kind you want this installed in a pretty clandestine way and wouldn’t want to draw attention to it by having an app store listing.
Being on the play store means it can be updated and managed like a normal app and not stuck on whatever version shipped with the OS
I’d assume they want to be able to update it and that’s why it needs a store listing.
I’m using CalyxOS and it’s pre-installed as a system app, so this seems like something that’s being built in at the AOSP level of development.
Can’t find it in OxygenOS
Did you check your system apps? It’s an AOSP app, so I would be surprised if this were the case. It could be under either
com.googleorcom.android.Yeah I did it’s not there
Of course, it was a lie since it’s still on Play Store an of today and in use.
FWIW, I just searched it up and it’s listed as unavailable in my region (USA) 🤷♂️ so at the very least, they scoped it down a little bit
Just because it’s not in the Playstore, doesn’t mean it’s not installed.
It’s not listed in the Australian Playstore either, yet here we are with it making internet requests.
It’s definitely installed.
It’s not just you, it’s phoning home for me too. Pixel 7, also Australia, bought outright from officeworks. I don’t log network reqs so I don’t know exacts, but it’s using 25kb every 3 days or so, so it’s doing something.
At least it’s open-source: https://android.googlesource.com/platform/packages/modules/DeviceLock/+/refs/heads/main/DeviceLockController/
And that’d be why custom roms have it. It’s part of the base Android system.
I was able to start some of its private activities with ActivityLauncher as root. Most of them just crash immediately, but the help page is available. And yikes, they got them covered against a possible bypass, no developer tools or sideloading.
Still disappointed this is shipped in LineageOS, but I suspect not for much longer with that publicity.
So, that looks like this is less insane than it sounded… This is for if you buy your phone on a payment plan? Not for creditors more generally to have a option to repossess/dispossess your phone?
This is what small claims court is for. To me there is no excuse for this.
I’m worried about the “if you stop using their SIM” part. It’s one thing if you switch providers before paying it off, but that’s already covered with the skipped payments part. This implies that even after you finish paying it off, you can get locked out. Either way, I’m curious if the app even has any way of knowing whether the creditor really is using it “as intended,” or just trusting that a creditor wouldn’t want to lock the phone of an active, paying customer. I don’t have time to dig through the code myself though, so I’ll just hope this blows up enough for somebody else to figure it out.
If you look at the bottom it says once the device is paid off they can no longer access/change settings
Assuming there are no additional backdoors…
if you switch providers before paying it of
Usually a financed devicd is financed through the carrier, and therefore a carrier branded device, and therefore locked to the carrier (yes they have the unlock option but compatibility tends to be far more limited than on the manufacturer unlocked version of the model)
The fun aspect to this is that some banks have forced customers to use an Android for all their banking ops. So:
① You’re late paying a bill
② Creditor locks your phone
③ You cannot access your bank to make the payment because your phone is lockedBrilliant.
This type of tech is already being put into vehicles as well. I used to get laughed at 20 years ago when I predicted this. Nobody is laughing anymore. If anything, they just accept it.
your self driving car will just drive itself back to the lot when your payment is late
shhhhh
I’m using a fresh install of GrapheneOS, and this is installed too. Not sure what that suggests, except that it’s possibly some core system level app.
That’s deeply disturbing, what else could be hiding next to it? I sort of hope it’s somehow being installed by your phone company, as bad as that is, the alternative is worse!
I mean, I bought my Pixel 7a unlocked and paid in full, from Google. And my assumption has always been that when GrapheneOS is flashed, any previous stock bloat is wiped.
Righteous assumption. That it is not, requires investigation. That’s some serious BS.
Using Lineage and I dont have it. Sucks for people using Google crap
Out of curiosity, you’re specifically checking in the system apps?
Remember when Google said don’t be evil. Ha
I think it was “don’t. Be evil.”
I know this is a privacy community, but I’m not sure I’m onboard with the outrage on this particular one. If you rent/lease or go on a payment plan for the device you’re using, then it isn’t yours, it belongs to the entity you borrowed it from.
If I don’t make car payments, the bank can repossess my ride. If I dont pay my mortgage or rent, I can be evicted by my landlord or bank.
If I don’t make my phone payment, the company should have recourse to prevent me from using their device.
This could open up the ability for bad actors to disable my device, and I agree that’s a horrible prospect. But the idea of a legitimate creditor using this feature to reclaim their property is not something I find shocking.
Oh nono no, the world is much worse than that:
-
If you make all your car payments on time except one, the bank can still repossess your car.
-
If you pay your mortgage or rent on time every time except once, the bank can initiate the process of eviction.
Remember: the power triangle points down
-
For every single one of those scenarios, a set of legal processes need to be exhausted. This app gives the lender the ability to do whatever they want, whenever they want, without following a set of legal processes.
That’s dystopian mentality at it’s greatest.
All your points are sound. The issue that I have with this is that remote disable functionality is not necessary to achieve any of these aims. Before they were connected to the internet, people were still able to rent/lease autos and the world managed to survive just fine. There were other ways for lenders to get remunerated for breaking lease terms - they could issue an additional charge, get a court order for repossession, etc. Remote disable was never needed or warranted.
So let’s start by considering the due process here. Before, there was some sort of process involved in the repossession act. With remote disable however, the lender can act as judge, jury and executioner so to speak - that party can unilaterally disable the device with no oversight. And if the lender is in the wrong, there is likely no recourse. Another potential issue here is that the lender can change the terms at any time - it can arbitrarily decide that it doesn’t like what you’re doing with the device, decide you’re in breach, and hit that remote kill switch. A lot of these things could technically happen before too, but the barriers have been dramatically lowered now.
On top of this, there are great privacy concerns as well. What kinds of additional information does the lender have? What right do they have to things like our location, our habits, when we use it, and all of the other personal details that they can infer from programs like this?
There are probably lots of other issues here, but another part of the problem is that we can’t even start to imagine what kinds of nefarious behaviors they can execute with this new information and power. We are well into the age where our devices are becoming our enemies instead of our advocates. I shudder to think what the world would look like 20 years from now if this kind of behavior isn’t stopped.
What about for people like me?
I bought my device outright. No loans, no payment plans and no reason for that functionality to exist on my phone. Yet there it is, just waiting to be taken advantage of whether there is a valid reason or not.
This is the kind of apathy that leads to phrases like, “If only we had known” but we do … and do nothing about it.
I can and will at least do my part for myself and encourage others to do the same.
Not an unreasonable thought, but my question is what is the process to disable? In your examples, there are legal steps/requirements to repossess those assets.
In this case I can’t imagine the process is longer than “press the brick button and extort money”
I agree completely, but it’s an odd way to go about repossession.
And there’s the rub. Sure, it’s a financed phone. It doesn’t follow that we have to suspend judgment on the means they resort to, to enforce their terms.
