ML-Kit - transmission of personal data and compliance with EU GDPR - privacy

My team is considering implementing Googles on-device ML-Kit on our apps to utilize its text recognition and barcode scanning capabilities.
It has come to my attention that Google recommends iOS app distributors to declare that Network request sender IP-addresses are collected for diagnostics and usage analytics (https://developers.google.com/ml-kit/ios-data-disclosure).
This declaration is not stated on the page for Google Play Data Disclosure requirements (https://developers.google.com/ml-kit/vision/text-recognition/v2/android).
I was hoping to get an answer on these two concerns:
Will Google collect end-user IP-addresses if the on-device ML-Kit APIs are implemented in our iOS app?
o If yes, is there any way for us to mask the IP address or entirely disable the transmission of such data.
Will Google collect or in any other way process end-user IP-addresses if the on-device ML-Kit APIs are implemented in our Android app?
o If yes, is there any way for us to mask the IP address or entirely disable the transmission of such data.
With the case of Google Analytics, several EU governments have ruled utilization of the tool to be against EU laws, since Google can not guarantee that any personal data is not sent outside EU.
I am wondering if the same case would apply to application of the ML-Kit tool
Thank you in advance
I have searched through the web and seen no requests or declarations on this matter, from Google or official forums.

Related

Blocking Google Assistant during a bluetooth headset initiated voice recognition session?

I'm working on a voice recognition app that connects to custom hardware using a bluetooth handsfree profile (HFP aka headset profile) connection. The application is used to pass PCM audio data to a cloud based voice recognition server, by leveraging the Android AudioRecord class. This functionality works fine if the application initiates the SCO connection, but if the headset hardware initiates the SCO connection, by issuing the AT+BVRA HFP command to the phone, Google Assistant always hijacks the phone. Thus, my question is how can I stop this? Is there a way to programmatically tell Google Assistant to chill? I've tried many different things (AudioManager sco management, AudioRouting preferred connection, BluetoothHeadset profile class, Java Reflection & View.setAssitBlocked(true), etc...), but none of them seem able to either block Google Assistant or recapture the SCO connection. (It also seems that the handset opens up an A2DP for google assistant's audio feed). I'm hoping this is possible with a Java based solution... ?
As noted by another answer, what is likely happening is that Android is broadcasting an ACTION_VOICE_COMMAND intent, and since Google Assistant is set up to receive it, it gets priority on the connection. Your app could register for the intent and see if it gets priority on receiving it.

Use Amazon alexa or Google home compatible hardware without alexa/Google home

There are plenty of devices available, which are promoted with the phrase "compatible with alexa/google home", e.g. LightBulb or Smart socket
My question is:
Is it somehow possible to use and control these devices without using alexa or Google home? I'm specifically asking for WiFi devices like smart light bulbs or sockets. I would like to just connect them to my WiFi and then control them by sending some kind of HTTP-request to the devices, without using any alexa or google cloud whatsoever.
In my opinion if the devices are all compatible with these cloud-based services, they have to share some common API, which I should also be able to use offline just in my network, should'nt I?
Unfortunately I did not find any information about such an API that I could use.
Anyone has an idea?
It sounds like you're actually asking "do smart home devices have a local API that devices like Alexa and Google Home use?" With the implication that you can then take advantage of them as well.
While some might - the general answer is "no".
Neither Alexa nor Google Home control devices directly. Both of them send their commands to their cloud services, which relay the command to a device manufacturers cloud endpoint, which then relays the specific instruction to the device or the device's local hub or gateway.
If you only want to command your Google Home compatible devices with your voice, you can simply use the Google Home app from your phone (both iOS or Android) without having the Google Home device.

localised ip assist + DDOS prevention + google billing

We are very new in Google Cloud and learning.
I have two question marks in my mind.
First is
Can I create localisation IP addresses for virtual instances? like I open web site with German IP range or another web site I want assign under Italian IP range.
Where is the best place to start or is it possible under cloud.
Second is
We had DDOS attack to under cloud and resources made peak while under attack, Will google charge extreme price for that peak time or will be normal billing.
Second question brings to third one,
We using cloudflare for domains, Is there stable way yo prevent DDOS attacks under google cloud?
I appreciate your time and answers.
To your first point, are you after finding the shortest path between your users and wherever you serve your content? If that's the case, you can simply put a load balancer in front of your backend services within Google Cloud, with a global public forwarding IP address, and the service itself will take care of redirecting the traffic to the nearest group of machines available. Here is an example of a HTTP(S) Load Balancer setup.
Or is localization what you are trying to achieve? In that case I'd rely on more standard forms of handling the language of choice like using browser settings (or user account settings if existing) or the Accept-Language header. This is a valuable resource from LocalizeJS.
Lastly if you are determined to having multiple versions of your application deployed for the different languages that you support, you could still have an intermediate service that determines the source of the request using IP-based lookups and redirect the user to the version of your choice. Said so, my feeling is that this is a more traditional behavior that in the world of client applications that are responsive and localized on the spot, the extra hop/redirect could get to annoy some users.
To your second point, there is a number of protections that are already built-in on some services within Google Cloud, in order to help you protect your applications and machines in different ways. On the DDoS front, you can benefit from policies and protections on the CDN side, where you get cache and scaling based preventive measures.
In addition to that, and if you have a load balancer put in front of your content, you can benefit from protections on layers 3, 4 and 7 of the OSI model. That includes typical HTTP, SYN floods, port exhaustion or NTP amplification attacks.
What this means is that in many of these situations, your infrastructure will not even notice many of these potential attacks, as they'll be alleviated before they reach your infrastructure (and therefore you will not be billed for that). Said so, I have heard and experienced situations in which these protections did not act in a timely fashion, or were triggered at all. In these scenarios, there is a possibility for your system to need to handle that extra load. However, and especially in events when the attack was obviously malicious and documented to be supposedly handled by Google Cloud, there is a chance to make a point with Google in order to get some support on the topic.
A bit more on that here.
Hope this is helpful.

Is it possible to make my own network requests to a “smart” device without an API?

What I'm asking here may not be possible at all, due to my lack of knowledge with networks.
I want to start playing around with IOT objects in my house. I would love to be able to control various objects from the touch of a button on my phone.
I have bought a "smart" plug outlet which enables me to turn the power on or off via an app over my home WiFi, however I want to be able to build my own app and control the device exactly how I want to, just for fun.
This app I'm using at the moment comes with the outlet and as far as I can see, it was not meant to be customizable in any way.
My question is, is it possible to figure out the requests being made to and from the device, and create my own API to work with it?
I am a software developer day-to-day however my knowledge in networks is very basic. Any help is really appreciated!
If there is no documented API you can, in theory, to reverse engineer the API using sniffers. If you control the device from your phone you can install sniffers on the phone and see the incoming and outgoing requests. But the bigger problem for you is if there is some kind of security mechanism that the device and the app are implementing. The protocol can be encrypted so you wont be able to understand the network traffic or maybe some kind of key that will allow the device to get orders only from a specific app.
So my suggestion, if you are not experienced with this kind of work is to approach the device vendor and ask them for the API, some vendors would be happy to expose it if you would publish your code and let other customers to use it and expand their product.

Is it possible to host telegram on my own server?

Telegram is a cloud based chat service. All of their clients are open source. I was wondering if there's a way to host a 'private' telegram service on my own server.
If not, is there anything out there that can provide all or almost all features that telegram provides?
According to the official telegram FAQ the current answer is no:
Q: Can I run Telegram using my own server?
Our architecture does not support federation yet. Telegram is a unified cloud service, so creating forks where two users might end up on two different Telegram clouds is unacceptable. To enable you to run your own Telegram server while retaining both speed and security is a task in itself. At the moment, we are undecided on whether or not Telegram should go in this direction.
So as long as the server itself is not open-source the entire Telegram eco-system cannot be considered open-source, even though there is an open API and official open-source clients.
There seem to be some unofficial telegram servers, but it's not clear how compatible they are with existing clients.
Some possible telegram alternatives
Matrix is allegedly providing "an open network for secure, decentralized communication" and has both open-source clients (Element being the 'official' one) and an open-source server that can be self-hosted. BUT while it looks good on the surface, there are indications that companies behind it have undisclosed intimate links with governmental actors (similar to Signal).
XMPP/Jabber has been around for a longer time, is an open protocol with multiple server and client implementations, and might be the least tainted by third-party interests. XMPP was the underlying protocol behind the original Google Talk messenger before it was rebranded to Google Hangouts and switched to a proprietary protocol.
Teamspeak a collaborative platform for teams, intended originally for gamers, free client and server.
Mumble a voice oriented solution which allows self-hosted servers.
You could implement a full working Telegram-API, then have hosted clients on your server via this API.
Your users would login on your web, then you sign them in via the hosted clients on your servers.
You are basically performing a proxy service to these users , and you can even integrate other value added features for you users this way.

Resources