I agree that root is a bit of a dirty hack, but sometimes it's needed for even basic functionality. For example, if you don't have a Samsung, you can't change the default font so you need root for that. They added something in the Q beta now to change the font, but you still can't select your own font. I can change the font easily on basically any desktop OS; it's core functionality there. So it should be core functionality on Android as well, but no, you need root. And there are a few other "core" things that you can only tweak after you root your phone. So yeah, dirty hack, but sometimes it's really needed.

This is much less of an issue nowadays. You can easily use a whatsapp-like application that provides end-to-end encryption instead of the "phone" app.

As long as everyone you call is using that app to receive, anyway.

That's how anyone that wants to do it spies normal calls. NSA isn't the only player in this game.

That's why they are extremely butthurt about applications implementing end-to-end encryption over TCP/IP. Actually spying that is a whole another game.

No offence, but I really don't think changing default font is "basic functionality".

Also SMS. But still, he still has a point. It's all legacy stuff that is going to disappear or be relegated to automation (especially SMS), most modern systems rely on TCP/IP/internet, so they can encrypt on their own.

That's because you're looking at the wrong package. Disable any of the permissions for Google Play Services (com.google.android.gms), restart your device and instead of the OCR you'll get a precious stack trace yelling about a "permission denial". Pretty clever technique to fool people into thinking that Google ain't abusing your phones, eh?

Also, check Google Pay out! https://i.imgur.com/ZHgdMgO.jpg

It just means that Samsung's shitty OCR application is actually just a GUI using Google Play Services OCR/Vision API to do the actual work. https://developers.google.com/vision...etting-started

That's one of the reasons why Play Services asks so much permissions. It's also a "system library" of sorts used by other apps.

Although I don't understand why removing any permission causes breakage. I disabled all permissions on Play store and also Play services in my work phone (Huawei) and all apps I installed still work fine.

Except that the app we're talking about is Google Translate, made by Google themselves, and no Samsung is involved here I guess. Even if this API is being used there, I still fail to see how is body sensors access crucial to extract the text from a still image.

The popup screenshot I've linked to in my previous post displays the actual list of permissions the requestor wants. Some Google apps just show Storage, or Phone there, and this is completely understandable. Pay explicitly demands access to everything. What's your excuse now?

Weird, my Google Translate of realtime camera view works fine with all permissions disabled in Play Services. Can I shit-talk Samsung now? Because I really want to blame them for breaking this shit in their phone.

On my Phone it only requires Google Play Services to access to Telephone, SMS and contacts.

Telephone/SMS is usually used to identify the device through IMEI or SIM or something like that, other apps do it. Contacts is probably to send money to friends or whatever, which should not be a mandatory thing but I guess Google wants that to work?

But still, it's Google Pay. Even if it was not asking for that info it would still have payment information and your bank account or something. Anyone who remotely cares about privacy won't let Google know what they bought, when and from where anyway, so it's not terribly important.

Interesing, the AR translator seems to be working for me too. The problem comes up when you disable the instant mode or try to use the "pick from gallery" button.

Having access to any of these just to be able to send a few bytes over NFC is not required or even reasonable. Just like having to explicitly allow Google to store your location and activity history in order to get a damn weather forecast on the homescreen.

Are you okay with this?

Ah ok, that's a moot point then. That functionality works by sending the picture to Google servers anyway (I also get a popup asking if I want Google to remember the pictures I send). Won't work without internet access either. So yeah, whatever, if you do that all your data will belong to Google.

The AR translator actually works offline as long as you have the offline dictionaries, and it's pretty decent as long as you are translating from "X language" to english.

sorry what the fuck? Google Pay isn't a NFC tag reader/writer app. It's a payment processor endpoint.

It is required (and should also be a good thing) to be able to identify and authorize the device for the very least, before it can be used to pay for things.

It also runs some tampering checks through SafetyNet https://koz.io/inside-safetynet/ (which aren't terribly hard to pass if you use something like Magisk for your root and advanced functionality, which is what you should be using on your device anyway if you are a power user)

You can read the statement if you try to add a credit card to Google Pay, it tells you that it may/will give that info to the credit card provider or something.

Yeah this is stupid, but it is hardly a unique functionality so whatever, disable it and use something less stupid.

If the app is indeed requiring that information to identify the device to function, yes.