Language Selection

English French German Italian Portuguese Spanish

Secret Back Doors in Android

Filed under
Just talk

I am everything but a Google basher and I spent a lot of my life descending deep into research of Google foes, Google smear campaigns, lawsuits by proxy, and antitrust actions by proxy. I also advocate Android, but in recent years I have been increasingly concerned about the direction it is taking. I wish to share my latest concern. It relates to what the media characterises as "anti-theft" but is actually a facility to kill phones in a protest or convert them into hostile listening devices. Technology impacts human rights and those who control technology can be tempted to control humans.

Google habitually updates my tablet. It is a Nexus 7 tablet which Google invites itself to update remotely (shame on me for not installing Replicant, but this device does not support it yet). It is not a 3G tablet and it does not have two operation systems (unlike mobile phones) or even a carrier tracking its location all the time. It's a purely Android device with no network tying. It is network-agnostic. I only bought it because in order to replace my PDA (for over a decade) I wanted a device that is not a tracking device. Phones were out of the question.

Networks don't track the tablet. Google, however, is always out there, fully able to identify the connected user (latched onto a Gmail address because of Play), modifying the software without even the user's consent (the user is sometimes prompted to boot, without being able to opt out of the core update itself).

The update in itself is not a problem. What's problematic is its effect.

Following the latest Google update (which I was given no option to reject) I noticed that Google had added a remote kill switch as an opition. It was enabed by default. "Allow remote lock and erase" is what Google calls it and it is essentially working like a back door. Google and its partners in government are gaining a lot of power not over a smartphone but over a tablet.

The significance of this is that not only phones should be assumed to be remotely accessible for modification, including for example additional back doors. What's more, some devices that were sold without this functionality silently have it added. According to the corporate press, the FBI remotely turns Android devices into listening devices and it is getting simpler to see how.

NSA and PRISM destroy our computing. We definitely need to demand Free software, but we should go further by asking for audits, rejecting user-hostile 'features' like DRM, 'secure' boot, and kill switches. I gradually lose any remaining trust that I had in Google and even Free software such as Android.

More in Tux Machines

Radeon RX 580: AMDGPU-PRO vs. DRM-Next + Mesa 17.2-dev

Last week I posted initial Radeon RX 580 Linux benchmarks and even AMDGPU overclocking results. That initial testing of this "Polaris Evolved" hardware was done with the fully-open Radeon driver stack that most Linux enthusiasts/gamers use these days. The AMDGPU-PRO driver wasn't tested for those initial articles as it seems to have a diminishing user-base and largely focused for workstation users. But for those wondering how AMDGPU-PRO runs with the Radeon RX 580, here are some comparison results to DRM-Next code for Linux 4.12 and Mesa 17.2-dev. Read more

Void GNU/Linux Operating System Adopts Flatpak for All Supported Architectures

Void Linux, an open-source, general-purpose GNU/Linux distribution based on the monolithic Linux kernel, is the latest operating system to adopt the Flatpak application sandboxing technologies. Read more

Top 4 CDN services for hosting open source libraries

A CDN, or content delivery network, is a network of strategically placed servers located around the world used for the purpose of delivering files faster to users. A traditional CDN will allow you to accelerate your website's images, CSS files, JS files, and any other piece of static content. This allows website owners to accelerate all of their own content as well as provide them with additional features and configuration options. These premium services typically require payment based on the amount of bandwidth a project uses. Read more

Bash Bunny: Big hacks come in tiny packages

Bash Bunny is a Debian Linux computer with a USB interface designed specifically to execute payloads when plugged into a target computer. It can be used against Windows, MacOS, Linux, Unix, and Android computing devices. It features a multicolor RGB LED that indicates various statuses and a three-position selector switch: Two of the positions are used to launch payloads, while the third makes Bash Bunny appear to be a regular USB storage device for copying and modifying files. Read more