Language Selection

English French German Italian Portuguese Spanish

Secret Back Doors in Android

Filed under
Just talk

I am everything but a Google basher and I spent a lot of my life descending deep into research of Google foes, Google smear campaigns, lawsuits by proxy, and antitrust actions by proxy. I also advocate Android, but in recent years I have been increasingly concerned about the direction it is taking. I wish to share my latest concern. It relates to what the media characterises as "anti-theft" but is actually a facility to kill phones in a protest or convert them into hostile listening devices. Technology impacts human rights and those who control technology can be tempted to control humans.

Google habitually updates my tablet. It is a Nexus 7 tablet which Google invites itself to update remotely (shame on me for not installing Replicant, but this device does not support it yet). It is not a 3G tablet and it does not have two operation systems (unlike mobile phones) or even a carrier tracking its location all the time. It's a purely Android device with no network tying. It is network-agnostic. I only bought it because in order to replace my PDA (for over a decade) I wanted a device that is not a tracking device. Phones were out of the question.

Networks don't track the tablet. Google, however, is always out there, fully able to identify the connected user (latched onto a Gmail address because of Play), modifying the software without even the user's consent (the user is sometimes prompted to boot, without being able to opt out of the core update itself).

The update in itself is not a problem. What's problematic is its effect.

Following the latest Google update (which I was given no option to reject) I noticed that Google had added a remote kill switch as an opition. It was enabed by default. "Allow remote lock and erase" is what Google calls it and it is essentially working like a back door. Google and its partners in government are gaining a lot of power not over a smartphone but over a tablet.

The significance of this is that not only phones should be assumed to be remotely accessible for modification, including for example additional back doors. What's more, some devices that were sold without this functionality silently have it added. According to the corporate press, the FBI remotely turns Android devices into listening devices and it is getting simpler to see how.

NSA and PRISM destroy our computing. We definitely need to demand Free software, but we should go further by asking for audits, rejecting user-hostile 'features' like DRM, 'secure' boot, and kill switches. I gradually lose any remaining trust that I had in Google and even Free software such as Android.

More in Tux Machines

TheSSS 20.0 Server-Oriented Linux Distro Ships with Linux Kernel 4.4.17, PHP 5.6

4MLinux developer Zbigniew Konojacki informs Softpedia today, October 26, 2016, about the release and immediate availability of version 20.0 of his server-oriented TheSSS (The Smallest Server Suite) GNU/Linux distribution. Read more

Ubuntu 17.04 (Zesty Zapus) Daily Build ISO Images Are Now Available for Download

Now that the upcoming Ubuntu 17.04 (Zesty Zapus) operating system is officially open for development, the first daily build ISO images have published in the usual places for early adopters and public testers. Read more

Today in Techrights

OSS Leftovers

  • Chain Releases Open Source Blockchain Solution for Banks
    Chain, a San Francisco-based Blockchain startup, launched the Chain Core Developer Edition, which is a distributed ledger infrastructure built for banks and financial institutions to utilize the Blockchain technology in mainstream finance. Similar to most cryptocurrency networks like Bitcoin, developers and users are allowed to run their applications and platforms on the Chain Core testnet, a test network sustained and supported by leading institutions including Microsoft and the Initiative for Cryptocurrency and Contracts (IC3), which is operated by Cornell University, UC Berkeley and University of Illinois.
  • Netflix Upgrades its Powerful "Chaos Monkey" Open Cloud Utility
    Few organizations have the cloud expertise that Netflix has, and it may come as a surprise to some people to learn that Netflix regularly open sources key, tested and hardened cloud tools that it has used for years. We've reported on Netflix open sourcing a series of interesting "Monkey" cloud tools as part of its "simian army," which it has deployed as a series satellite utilities orbiting its central cloud platform. Netflix previously released Chaos Monkey, a utility that improves the resiliency of Software as a Service by randomly choosing to turn off servers and containers at optimized tims. Now, Netflix has announced the upgrade of Chaos Monkey, and it's worth checking in on this tool.
  • Coreboot Lands More RISC-V / lowRISC Code
    As some early post-Coreboot 4.5 changes are some work to benefit fans of the RISC-V ISA.
  • Nextcloud Advances with Mobile Moves
    The extremely popular ownCloud open source file-sharing and storage platform for building private clouds has been much in the news lately. CTO and founder of ownCloud Frank Karlitschek resigned from the company a few months ago. His open letter announcing the move pointed to possible friction created as ownCloud moved forward as a commercial entity as opposed to a solely community focused, open source project. Karlitschek had a plan, though. He is now out with a fork of ownCloud called Nextcloud, and we've reported on strong signs that this cloud platform has a bright future. In recent months, the company has continued to advance Nextcloud. Along with Canonical and Western Digital, the partners have launched an Ubuntu Core Linux-based cloud storage and Internet of Things device called Nextcloud Box, which we covered here. Now, Nextcloud has moved forward with some updates to its mobile strategy. Here are details.
  • Using Open Source for Data
    Bryan Liles, from DigitalOcean, explains about many useful open source big data tools in this eight minute video. I learned about Apache Mesos, Apache Presto, Google Kubernetes and more.