A recent increase in user relationships has revealed that the Google Android System System system – a system service designed to allow content scanning on devices – has been silently installed on Android 9 and later and later Android devices since October 2024.
The application, identified by the name of the Com.Google.Android.safetycore package, has aroused many concerns about confidentiality and transparency, criticism comparing its deployment to a “stolen” installation.
While Google claims that SAFETYCORE works locally to classify sensitive content without transmitting data outside, its furtive deployment has rekindled debates on user consent and business responsibility in the era of mobile ecosystems led by AI.
Safetycore appeared for the first time as part of the November 2024 system updates from Google, grouped with reading services and the Android System Key VERIFERIE application.
SAFETYCORE APPLICATION: Silent installation
Unlike typical application installations, SafetyCore has no icon, hides in the system processes and occupies ~ 2 GB of storage – a detail highlighted in a viral x article (formerly Twitter) which accused Google of secretly allowing photo gallery scans.
Forbes reported That users only discovered the application after accessing parameters> Applications> View system processes, where it appears as a background service with Internet access, storage and peripheral sensors.
Google specifies that SafetyCore provides a “disk infrastructure” for applications such as Google Messages to implement features such as sensitive content warnings, which blurs potentially explicit images and alerts users before sending or receiving them.
“SAFETYCORE provides an infrastructure available for safe and private classification to help users detect unwanted content. Users control SAFETYCORE and SAFETYCORE only classifies specific content when an application requests it via an optional compatible functionality ”, Google
The service uses automatic learning models (ML) to classify content locally, maintaining end -to -end encryption and avoiding cloud -based data transfers.
The architecture of SafetyCore alignments with the digitization on the customer side (CSS), a technique for preserving confidentiality which processes the data locally rather than on distant servers.
However, the CSS remains controversial due to its abusive potential for use. Security experts warn that these systems could extend beyond their original scope, allowing governments or companies to monitor unrelated content.
While Google insists that SafetyCore is limited to “opt-in” features, its silent deployment undermines confidence, because users have not been informed of the installation or capacity of the service.
In particular, SafetyCore works independently of Google Play Protect, the existing malware scanner of Android and is rather focused on content moderation.
The service requires 2 GB of RAM, which makes it compatible with most of the devices after 2018. The secetycore counterposter reflects the controversy in Apple 2022 on communication safety in Imessage.
While Apple was faced with criticisms to activate the default photo scanning, it provided clear documentation and user controls – a contrast to Google’s opaque deployment.
At the end of 2024, the improved visual research function of Apple, which corresponds to the photos to the historic databases, faced criticism for activation without explicit consent.
The two cases highlight a growing break between the confidentiality commitments of technology giants and their implementation practices.
Following Post X, Google modified that Safetycore is “opt-in” and underlined its role in the fight against scams and abuses. The company has also highlighted binary transparency for the APK system, although this does not manage to approach the opacity of ML models.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
