Conversation

This Tweet was deleted by the Tweet author. Learn more

The benign explanation is crash reporting (though this seems like far more data than needed). Since every Android OEM builds their own system libs, if you want actionable stack traces you need a mechanism to synthesize symbols for every system lib from every OEM release you see.

Replying to

and

An interesting question is then: Are they reading *all* of them, or just the subset they use? In the latter case, I'd be much less upset.

Replying to

and

No idea, but Chrome has a whole system for this and we go to great pains to avoid it being a fingerprint mechanism. It's gated on crash reporting consent, has k-anonymity thresholds, and IIRC we synthesize the symbols on device to avoid collecting the whole library.

Replying to

and

That's great, but imagine having a browser that wasn't a bunch of inherently memory-unsafe code (note: all JIT is memory-unsafe!) that's even *capable* of crashing and "needing" this kind of invasive reporting for debugging purposes...

Replying to

and

That's just not accurate. First, public OS symbols are the norm—Android's ecosystem just currently lacks a standard here. Second, the majority of crashes are OOM or other OS signals, so language/runtime choice has literally nothing to do with the need for crash reporting.

Replying to

and

(1) even if "public OS symbols are the norm", that justifies assuming them and using them, not exfiltrating measurements of them or other OS properties without permission in ways that may fingerprint user or reveal sandboxing/emulation/etc.

Replying to

(2) if "crash" is oom or sone other valid runtime situation, not memory unsafety, need for and reporting of system libraries state is highly dubious.

Replying to

It only identifies the device model. I'm sure they already report that back. If they really wanted they could buy the devices themselves or download the factory images / updates and look at those. It's public information unless vendors try encrypting updates and that's silly.

9:28 PM · Aug 31, 2019Twitter Web App