The application, which allows users to add a pin on a map to show where ICE agents have recently been spotted, has climbed to the to the top of the App Store charts.
Saw it wasn’t on F-Droid and was going to ask for source page (to get through Obtanium), but looks like they’re allergic to android and derivates. Appreciate you pointing to references.
It makes me suspect they’re not talking about the stock systems OEMs ship.
The developers of GrapheneOS, an independent, security-oriented Android distribution are probably not only talking about stock OEM Android. What they’re saying is true about stock OEM android though.
That’s a separate issue from whether users are forced to get all their software from a specific source, which is also separate from whether users will actually use other sources when given the option.
On Android, developers can offer users a way to install an app that isn’t easily traced to their identity and on iOS they can’t. Furthermore, an Android app can be both on the Play store and available from other sources; there’s no exclusivity.
You got that “tracked to their identity” opposite around.
The reason why there is no Android App is, if the phone gets “found” the data about the user/owner is an open book.
This is not one of the claims made by the ICEBlock developers; their claims are only to do with notifications.
If you want to claim that a locked Android device is substantially easier for law enforcement to break in to than a locked iPhone, please cite up-to-date (from 2025) sources.
I think he thinks HE had to store the information, and if he isn’t the one storing it, it’s anonymous.
Except, on Android, you can also do it where only google stores the information and he doesn’t have to store any. And there are no user name or passwords or accounts involved to listen to specific channels like he claims.
You can collect this information, and you’d be able to write a more custom push service, but it isn’t needed at all, but Google and Apple will always know who is getting the messages.
Think about that for a second. Immigration and Customs Enforcement by definition involves at least one border and 2 countries. Even if they only went after American citizens (which they’re trying to do), they’d be deporting you somewhere else.
As it is, I suspect a significant number of at-risk people in the US and their advocates use Android.
Incompetence and false bravado is all but guaranteed with development teams. Especially when it’s closed source, not audited, and has minimal room for feedback loops.
And how would they know that?
That would mean push notifications would go via an Apple Server. Wich
a) makes no sense
b) can be masquerade so that the server does not know who talks to whom
c) the meta information and the notification can be deleted timely
On the other hand, I guess most Android “low level” peer to peer apps go via FireBase?
The devs don’t really seem to have a clue about smartphone.
https://bsky.app/profile/grapheneos.org/post/3lt2prfb2vk2r
Thanks for the heads up.
Saw it wasn’t on F-Droid and was going to ask for source page (to get through Obtanium), but looks like they’re allergic to android and derivates. Appreciate you pointing to references.
Can’t speak to the rest of the claims, but Android practically does too. If one has to sideload an app, you’ve lost 99% of users, if not more.
It makes me suspect they’re not talking about the stock systems OEMs ship.
Relevant XKCD: https://xkcd.com/2501/
The developers of GrapheneOS, an independent, security-oriented Android distribution are probably not only talking about stock OEM Android. What they’re saying is true about stock OEM android though.
That’s a separate issue from whether users are forced to get all their software from a specific source, which is also separate from whether users will actually use other sources when given the option.
On Android, developers can offer users a way to install an app that isn’t easily traced to their identity and on iOS they can’t. Furthermore, an Android app can be both on the Play store and available from other sources; there’s no exclusivity.
You got that “tracked to their identity” opposite around. The reason why there is no Android App is, if the phone gets “found” the data about the user/owner is an open book.
This is not one of the claims made by the ICEBlock developers; their claims are only to do with notifications.
If you want to claim that a locked Android device is substantially easier for law enforcement to break in to than a locked iPhone, please cite up-to-date (from 2025) sources.
Glad others have pointed this out. Their “reasons” for not supporting 70% of worldwide smartphones via Android seemed very suspect.
I think he thinks HE had to store the information, and if he isn’t the one storing it, it’s anonymous.
Except, on Android, you can also do it where only google stores the information and he doesn’t have to store any. And there are no user name or passwords or accounts involved to listen to specific channels like he claims.
You can collect this information, and you’d be able to write a more custom push service, but it isn’t needed at all, but Google and Apple will always know who is getting the messages.
deleted by creator
Think about that for a second. Immigration and Customs Enforcement by definition involves at least one border and 2 countries. Even if they only went after American citizens (which they’re trying to do), they’d be deporting you somewhere else.
As it is, I suspect a significant number of at-risk people in the US and their advocates use Android.
Because visitors to the US don’t tend to be from the US, that’s only logical
Lol, called it.
Incompetence and false bravado is all but guaranteed with development teams. Especially when it’s closed source, not audited, and has minimal room for feedback loops.
You don’t even need to audit a closed source app to know that Apple knows which devices its sending pushes to. It works because they know.
And how would they know that? That would mean push notifications would go via an Apple Server. Wich a) makes no sense b) can be masquerade so that the server does not know who talks to whom c) the meta information and the notification can be deleted timely
On the other hand, I guess most Android “low level” peer to peer apps go via FireBase?
All push notifications go through APNS on apple. That’s Apple Push Notifications Service.
APNS requires the device to authenticate with it and can uniquely identify the device by an id. Its how it sends messages to devices.
Firebase cloud messaging acts the same way for true push notifications.
You don’t need to audit a device using APNS or FCM on Android to know that it is not anonymous.