• 1 Post
  • 25 Comments
Joined 1 year ago
cake
Cake day: August 6th, 2023

help-circle
  • The assumption is that legitimate companies who sell software will sign it and that signature proves it came from that company who you trust because of their publicly known legitimacy. It’s a bit of circular reasoning. But it does round back towards that legitimacy - if it is found that they violate your trust, they lose public trust and thus lose sales.

    Luckily new OSes (cough NOT WINDOWS) are able to sandbox applications and prevent them from accessing resources without declaring the need to access it.

    And as for the signing certificate, I think the MS Store will allow any signed app. They just offer the cheaper signing service.









  • That is glossing over how they process the data and transmit it to the cloud. The assistant wake word for “Hey Google” invokes an audio stream to an off site audio processor in order to handle the query. So that is easy to identify via traffic because it is immediate and large.

    The advertising-wake words do not get processed that way. They are limited in scope and are handled by the low power hardware audio processor used for listening for the assistant wake word. The wake word processor is an FPGA or ASIC - specifically because it allows the integration of customizable words to listen for in an extremely low power raw form. When an advertising wake word is identified, it sends an interrupt to the CPU along with an enumerated value of which word was heard. The OS then stores that value and transmits a batch of them to a server at a later time. An entire day’s worth of advertising wake word data may be less than 1 kb in size and it is sent along with other information.

    Good luck finding that on wireshark.