Language Selection

English French German Italian Portuguese Spanish

Secret Back Doors in Android

Filed under
Just talk

I am everything but a Google basher and I spent a lot of my life descending deep into research of Google foes, Google smear campaigns, lawsuits by proxy, and antitrust actions by proxy. I also advocate Android, but in recent years I have been increasingly concerned about the direction it is taking. I wish to share my latest concern. It relates to what the media characterises as "anti-theft" but is actually a facility to kill phones in a protest or convert them into hostile listening devices. Technology impacts human rights and those who control technology can be tempted to control humans.

Google habitually updates my tablet. It is a Nexus 7 tablet which Google invites itself to update remotely (shame on me for not installing Replicant, but this device does not support it yet). It is not a 3G tablet and it does not have two operation systems (unlike mobile phones) or even a carrier tracking its location all the time. It's a purely Android device with no network tying. It is network-agnostic. I only bought it because in order to replace my PDA (for over a decade) I wanted a device that is not a tracking device. Phones were out of the question.

Networks don't track the tablet. Google, however, is always out there, fully able to identify the connected user (latched onto a Gmail address because of Play), modifying the software without even the user's consent (the user is sometimes prompted to boot, without being able to opt out of the core update itself).

The update in itself is not a problem. What's problematic is its effect.

Following the latest Google update (which I was given no option to reject) I noticed that Google had added a remote kill switch as an opition. It was enabed by default. "Allow remote lock and erase" is what Google calls it and it is essentially working like a back door. Google and its partners in government are gaining a lot of power not over a smartphone but over a tablet.

The significance of this is that not only phones should be assumed to be remotely accessible for modification, including for example additional back doors. What's more, some devices that were sold without this functionality silently have it added. According to the corporate press, the FBI remotely turns Android devices into listening devices and it is getting simpler to see how.

NSA and PRISM destroy our computing. We definitely need to demand Free software, but we should go further by asking for audits, rejecting user-hostile 'features' like DRM, 'secure' boot, and kill switches. I gradually lose any remaining trust that I had in Google and even Free software such as Android.

More in Tux Machines

Rugged mini-PC runs Android on Via’s Cortex-A9 SoC

Via debuted a rugged fanless low-power Android mini-PC based on Via’s dual-core Cortex-A9 Elite E1000 SoC, and offering mini-PCIe, mSATA, HDMI, and GbE I/O. Via designed the “Artigo A900″ mini-PC for use in Android-based interactive kiosks, home automation devices, signage, and other HMI solutions. The 125 x 125 x 30mm mini-PC can be configured to “blend locally-captured real-time video streams with cloud-delivered content to create visually-compelling interactive displays for retail, banking, museums, and other environments,” says Via Technologies. The device can integrate peripherals including sensors, cameras, ticket printers, and barcode and fingerprint scanners, adds the company. Read more

Newest Androids will join iPhones in offering default encryption, blocking police

The next generation of Google’s Android operating system, due for release next month, will encrypt data by default for the first time, the company said Thursday, raising yet another barrier to police gaining access to the troves of personal data typically kept on smartphones. Android has offered optional encryption on some devices since 2011, but security experts say few users have known how to turn on the feature. Now Google is designing the activation procedures for new Android devices so that encryption happens automatically; only somebody who enters a device's password will be able to see the pictures, videos and communications stored on those smartphones. Read more

X.Org Server Shatter Project Fails

Earlier this summer was the start of an X.Org-funded project to develop Shatter. Shatter has long been talked about as a new feature for the X.Org Server to replace Xinerama. Shatter comes down to allowing the X.Org Server to split the rendering between multiple GPUs with each GPU covering different areas of a larger desktop. A student from Cameroon hoped to develop the Shatter support after such feature was talked about for years. The student, Nyah Check, was being funded by the X.Org Foundation through the foundation's Endless Vacation of Code project that's similar in nature to Google's GSoC but runs year-round and is much more loose about requirements. Read more

today's howtos