Per one tech forum this week: “Google has quietly installed an app on all Android devices called ‘Android System SafetyCore’. It claims to be a ‘security’ application, but whilst running in the background, it collects call logs, contacts, location, your microphone, and much more making this application ‘spyware’ and a HUGE privacy concern. It is strongly advised to uninstall this program if you can. To do this, navigate to 'Settings’ > 'Apps’, then delete the application.”
To quote the most salient post
Which is a sorely needed feature to tackle problems like SMS scams
if the cellular carriers were forced to verify that caller-ID (or SMS equivalent) was accurate SMS scams would disappear (or at least be weaker). Google shouldn’t have to do the job of the carriers, and if they wanted to implement this anyway they should let the user choose what service they want to perform the task similar to how they let the user choose which “Android system WebView” should be used.
No, that wouldn’t make much difference. I don’t think I’ve seen a real world attack via SMS that even bothered to “forge” the from-field. People are used to getting texts from unknown numbers.
And how would you possibly implement this supposed “caller-id” for a field that doesn’t even have to be set to a number?
Carriers don’t care. They are selling you data. They don’t care how it’s used. Google is selling you a phone. Apple held down the market for a long time for being the phone that has some of the best security. As an android user that makes me want to switch phones. Not carriers.
You don’t need advanced scanning technology running on every device with access to every single bit of data you ever seen to detect scam. You need telco operator to stop forwarding forged messages headers and… that’s it. Cheap, efficient, zero risk related to invasion of privacy through a piece of software you did not need but was put there “for your own good”.
I will perhaps be nitpicking, but… not exactly, not always. People get their shit hacked all the time due to poor practices. And then those hacked things can send emails and texts and other spam all they want, and it’ll not be forged headers, so you still need spam filtering.