This website uses cookies to ensure you get the best experience on our website.

33 Shares 2 comments

Elliot 'fs0c131y' Alderson reveals: Everyone is spying

The young Frenchman Robert Baptiste is exposing the shady practices of smartphone manufacturers as @fs0c131y on Twitter under the pseudonym Elliot Alderson. How does he do it? Almost every day, the account reveals new data leaks in smartphones that manufacturers intentionally or negligently left open. We talked to him about who we could ask for help with more privacy. Certainly not Google.

Robert Baptiste has attracted the attention of the tech press several times in recent weeks, as he boldly points the finger at the major smartphone manufacturers and their software bugs on Twitter under his Mr. Robot-based alias Elliot @fs0c131y Alderson. His analyses are watertight, as we and other editors have been able to confirm in independent tests.

But who is Robert Baptiste? What drives him? And what do his discoveries mean for us and for the smartphone industry? We had a conversation via email and he was kindly willing to answer most, if not all, of my questions. And it soon becomes clear that we need guys like Baptiste.

Robert, what motivates you? Why do you do what you do?

The main goal of my action is to inform people about the current state of the "Android eco-system". Today, people used to put their all life in their smartphone. They automatically give their trust to the phone constructor without any questions. As an end user, when you buy a phone, people have to understand that the privacy and the security of their data is in danger.

It's like buying a house with two doors. The second door is hidden, only the constructor of the house know that this door is here and have the key. If you know that this door is here, are you ready to buy this house anyway? And if you know that the constructor is coming regularly to your house to scan some of your confidential documents? For a smartphone this is the same thing.

Specifically, it is about discoveries in the firmware of the manufacturers Wiko or OnePlus. Other investigators have found security gaps in Asus, Xiaomi and other manufacturers based on Baptiste's revelations. Parallel to and independent of Baptiste's work, it was revealed that Google collects unsolicited location data, even if users had expressly prohibited this. The increasing number of revelations show that covert data harvesting is both widespread and increasingly a concern for the majority of tech users.

AndroidPIT android without google 9174
The Google ghost isn't the only spook in Android smartphones. / © AndroidPIT

But why should we believe Baptiste if he could be any random fantasist on the internet? So I wanted to know why he was so familiar with the matter. He tells us that he is a 28-year-old Frenchman and an independent software developer.

What got you into this game?

I'm working in the smartphone industry for years and I have the chance to have a big picture of the "Android eco-system". When you understand that there is a galaxy between a vanilla AOSP and the phone in the end user, when you have the technical knowledge to understand what is in the end user phone, you have to inform people that the privacy and the security of their data is in danger.

What do you do for a living? How did you acquire the knowledge for doing this?

I created my company 3 years ago and I'm working as a freelancer for big/medium companies. I'm used to modify/customize the AOSP for phone makers to meet the client requirements. In this position, you have to work a lot with Chinese OEMs, discuss with them, dig a lot in the deepest level of Android. This is how you got the knowledge and manage to find very surprising stuffs...  

Who are you?

I'm just an 28 years french guy. Nothing really interesting :)

What's your goal?

As said previously, my goal is to inform people. Maybe you care, maybe you don't but at least you will known. Thing is these companies need our money to survive. If they sell unsecure products and used to spy on their user, we can force them to stop these practices by telling to the world how they behave.

What's your next project?

I will continue to investigate all the phone constructors and advocate for the privacy and the security of personal data.

The example of the OnePlus 5T shows that Baptiste's revelations to date have not yet borne any discernible fruit. The manufacturer has been caught several times either intentionally spying on its users or negligently leaving an old gap in the software open, allowing it to be rooted in no time at all. Nevertheless, OnePlus enjoys record-breaking sales figures. People obviously don't care about privacy.

Baptiste is more optimistic than I am and predicts,"This is going to be a long fight." but "we live in a consumer society." Many people believe in the marketing promises of smartphone manufacturers. "We need more people who are openly advocating privacy and making it clear to the media that these are the crucial issues for our generation and the next generation."

Android: The open source system that keeps you tight

Another problem is the lack of openness of the software. Large portions of the firmware are not visible to the user or external developers such as Baptiste. Google has played a minor role in this development in the form of Project Treble: The closed-source components are banished to a separate vendor partition and controlled only with a new abstraction language. Only a patient expert can find out which code is included and executed. But...

We'll find a way. With a little time and imagination, nothing is unbreakable.

In the long term, Baptiste concludes, we must solve the problem on two fronts. On the one hand, we should support projects such as Librem 5, which aim to establish a new, privacy-oriented model for designing smartphones. On the other hand, Google should "clean up seriously." Google is well aware of what [re: espionage and data collection] smartphone manufacturers are currently doing. But on Google's side, there is no help to be reckoned with as long as they distribute their software on sufficient smartphones and thus get the data from their users.

Baptiste remains optimistic and believes he will be heard:

If the outcry is big enough, people might listen and start thinking.

What do you think? Are we on the cusp of a change in consumer attitudes towards privacy? 

33 Shares

2 comments

Write new comment:

  • I just don't think Android has had the "really big" security scare needed to shock billions of users ... yet. For PC's the WannaCry ransomware came close enough to shocking expecially enterprise users to really goose behavior. For Android, and mobile devices generally, it will not be consumers but enterprise and your boss who finally creates change after a similar or greater public panic - the Bring Your Own Device pajama party will be broken up for good.

    (I've written before, that Google's Android business model needs to be shaken up in the direction of Microsoft's Windows - permitting a high degree of OEM and user customization (unlike Apple) but maintaining control of the OS for purposes of security and system updates for compatible hardware. Only a major security panic will force that change - I salute Fancy Bear and other black hat hackers as today's "agents of change" forcing mobile security and privacy concerns.)


  • people care more about cheap hardware than their data and how it's used...
    leading to things like..
    president Trump
    which is the best example of what happens when you care more about cheap smartphones, assistants and convenience than about truth, poverty or war..

This website uses cookies to ensure you get the best experience on our website. More info