> should be noted that Google doesn't really like apps abusing the VPN API like this
Not really.
Only apps that use the VpnService and have VPN as their core functionality can create a secure device-level tunnel to a remote server. Exceptions include apps that require a remote server for core functionality such as:
- Parental control and enterprise management apps
- App usage tracking
- Device security apps (for example, anti-virus, mobile device management, firewall)
- Network-related tools (for example, remote access)
- Web browsing apps
- Carrier apps that require the use of VPN functionality to provide telephony or connectivity services.
> It should be noted that system applications (phone OS, Google, sometimes carrier apps) can bind to specific network interfaces bypassing this API entirely
Whilst this is true for Android (connectivity checks bypass VPNs, as do VoWiFi and Hotspot traffic) [0], other OSes are known to do the same thing: https://news.ycombinator.com/item?id=24838816
Their official policy (can't find the up-to-date link because Google's documentation bitrots faster than any other website on the net) over at https://archive.is/OPg2g clearly stated:
The VPNService cannot be used to:
•Collect personal and sensitive user data without prominent disclosure and consent.
•Redirect or manipulate user traffic from other apps on a device for monetization purposes (for example, redirecting ads traffic through a country different than that of the user).
•Manipulate ads that can impact apps monetization.
Google has also removed/threatened to remove prominent firewall VPNs for bullshit reasons (claims that apps violate random policies), though that may just as easily be random Google bullshit fallout every Android developer needs to deal with.
> Whilst this is true for Android (connectivity checks bypass VPNs, as do VoWiFi and Hotspot traffic) [0], other OSes are known to do the same thing: https://news.ycombinator.com/item?id=24838816
You're right, of course. Unless you own the kernel on every SoC running on your system (including the modem), you should always assume there's a possibility of network traffic leaking through firewall APIs.
On Android specifically, though, there is a significant chunk of users that will want to restrict the built-in apps because carrier-installed apps or shady Chinaware that come with cheap phones cannot be disabled by default. Other platforms usually don't have this type of malware baked into the OS in a way that cannot be removed. Apple's questionable privacy decisions are a lot less worse than what some people try to block with these firewalls.
> Google has also removed/threatened to remove prominent firewall VPNs for bullshit reasons (claims that apps violate random policies) ...
I co-develop one such open source "firewall app" for Android, and you're right that apps like ours have been previously removed for blocking ads out-of-the-box. But, removals also happen due to stricter rules/policies that apply to apps using VPN APIs.
Note that, of late, many a popular apps ad-blocking out-of-the-box (like the DuckDuckGo browser with app tracking protection) haven't been removed.
> Unless you own the kernel on every SoC running on your system (including the modem)
I get your point but don't think even a rooted (supervisor) Kernel gets you much guarantee as there always could be a higher privileged hypervisor controlling it.
> Apple's questionable privacy decisions are a lot less worse
They've improved post Celebgate yeah, but the duality is such that... Apple is one of the largest buyers of user data aka "market intelligence" (per folks I know who work in this domain) that (presumably) these other shady apps collect.
> Russian tech workers fleeing Russia has also elevated its "tech hub" status.
Fleeing as in seeking asylum? Or fleeing as in sanctions? If the latter, besides the Slavic nations, I'd have thought Germany, the UAE, Israel, and Canada to be more popular?
Fleeing as in "I don't want to die in Putin's war". I've heard from friends that it's actually becoming an issue with locals there (the overwhelming number of Russians who have moved there) to the point where it's beginning to strain the relationship between Russia and Serbia, who have historically been very closely aligned.
> Passing version info without code generation using linker flags can also be done in other languages & toolchains, e.g. with Go projects, the go linker exposes an -x flag
> Their bot management system is designed to push a configuration out to their entire network rapidly.
Once every 5m is not "rapidly". It isn't uncommon for configuration systems to do it every few seconds [0].
> While it’s certainly useful to examine the root cause in the code.
Believe the issue is as much an output from a periodic run (clickhouse query) caused by (on the surface, an unrelated change) causing this failure. That is, the system that validated the configuration (FL2) was different to the one that generated it (ML Bot Management DB).
Ideally, it is the system that vends a complex configuration that also vends & tests the library to consume it, or the system that consumes it, does so as if it was "tasting" the configuration first before devouring it unconditionally [1].
Of course, as with all distributed system failures, this is all easier said and done in hindsight.
Isn't rapidly more of how long it takes to get from A to Z rather than how often it is performed? You can push out a configuration update every fortnight but if it goes through all of your global servers in three seconds, I'd call it quite rapid.
> They really are shameless aren't they? Makes one think that this was the plan all along.
Not really. Sundar is still pretty bullish on GenAI, just not the investor excitement around it (bubble).
Pichai described AI as "the most profound technology" humankind has worked on. "We will have to work through societal disruptions," he said, adding that the technology would "create new opportunities" and "evolve and transition certain jobs." He said people who adapt to AI tools "will do better" in their professions, whatever field they work in.
Not really.
https://support.google.com/googleplay/android-developer/answ... / https://archive.vn/KY51z> It should be noted that system applications (phone OS, Google, sometimes carrier apps) can bind to specific network interfaces bypassing this API entirely
Whilst this is true for Android (connectivity checks bypass VPNs, as do VoWiFi and Hotspot traffic) [0], other OSes are known to do the same thing: https://news.ycombinator.com/item?id=24838816
[0] https://github.com/celzero/rethink-app/issues/224
reply