A bit skeptical of how this article is written as it seems to be mostly written by AI. Out of curiosity, I downloaded the app and it doesn't request location permissions anywhere, despite the claims in the article.
I've noticed Claude Code is happy to decompile APKs for you but isn't very good at doing reachability analysis or figuring out complex control flows. It will treat completely dead code as important as a commonly invoked function.
The permissions snippet they show also doesn't include location, and you can't request location at runtime at all without declaring it there.
I'd verify all this stuff for myself, but Play won't install it in my phone so I can't really get the APK. Maybe because I use Graphene...? but I don't know all the ways they can restrict it, maybe it's something else (though for a pixel 9a it's rather strange if it's hardware based).
--- EDIT ---
To be specific / add what I can check, this is what my Play Store "about -> permissions" is showing:
Version 47.0.1 may request access to
Other:
run at startup
Google Play license check
view network connections
prevent phone from sleeping
show notifications
com.google.android.c2dm.permission.RECEIVE
control vibration
have full network access
which appears fairly normal, and does not include location, and I think Play includes runtime location requests there. Maybe there's a version-rollout happening, or device-type targeting?
There's a specific writing style for globalized English that AI's use. And then this post also had none of the stylistic flourishes that a real author might add. And then simple things like constructing a table of 68 libraries or whatever organized by relatively subjective categories. That is something that nobody is going to do by hand.
There is a new term "load-bearing" which is used a lot in my usage of AI. Has anyone else encountered this term being used a lot in their conversations? Or is it a quirk of personalization?
I use load-bearing all the time in conversation. People need to be careful that just because they don’t use certain phrases, it doesn’t automatically mean AI.
Both you and parent are making a lot of load-bearing assumptions.
As someone who likes to use a lot of em dashes in writing -- the 'heuristics' that AI 'hunters' like to use need a lot of further refinement before I would trust them with anything. And yet there are legions of anti-AI crusaders out there wielding them like weapons.
These folks are reinforcing a bias against all kinds of people, particularly those who are not native English speakers and were very likely taught 'globalized' English in their language training.
There are also fashions. So people could be using "load-bearing" more because it's fashionable. Like "lets double-click on that", or "spinning rust", etc
I've heard it a lot from podcasts that are towards the abundance movement. I think its common within the rationalise movement.
Personally I really like it for "load-bearing assumptions". Because it let's you work with assumptions whilst pointing out the potential issues of that assumption.
Apparently just like OP, you didn't read the article either. Just because the app doesn't ask for permission in the manifest doesn't mean it can't be acquired at runtime. It's very publicly documented [0].
> Haven't you heard? It's cool to dislike things "because AI".
There's no explicit rules against it, but I cannot stand this type of sarcastic im anti-everyone-else commentary. Super reddit-coded, and you could have made your point without it. There's a lot of discussion to have about that point actually, but I'm pretty sure we've all been collectively scrolling long enough to just kind of roll our eyes at this stuff.
I read through it. I get some AI vibes. Probably a little bit of both.
It can request with a JS call. It can't passively collect it without you approving first. The article is written like calling that JS function will turn on location tracking without consent.
That would allow you to see the local network IP (not actually sure you even get that, tbh). To get more detailed information about IP configuration, you need Location permission. Been there, done that. Most Android network information calls provide degraded information if you have not been granted Location permissions.
It doesn't have to lie: unfortunately libraries that are essentially a full application themselves (complete with their own permissions) are not uncommon on mobile.
So it could come across a manifest that includes location permissions and some code that would (if enabled) send location, but it might do a bad job properly tracing
I think you should make proper counter arguments instead of dismissing something because they used a specific tool.
Ad-HomineLLM is a logical fallacy IMO and adds little value. I would hope eventually HN and other sites add this to the guidelines similar to other claims like vote manipulation etc.
GP was arguing against the OP, not a comment, and AI written posts are fair game.
Also, the comment you responded to was criticizing the attack to the substance of the post based on who/what wrote is. The comment neologism actually fits, IMO.
I've noticed Claude Code is happy to decompile APKs for you but isn't very good at doing reachability analysis or figuring out complex control flows. It will treat completely dead code as important as a commonly invoked function.