![](\"https:\/\/media.wired.com\/photos\/5a5920355451ae3d197fcf50\/master\/pass\/googleplay_spying-01.png\"\/)
<\/p>\n<\/p>\n
Credit to Author: Sean O’Brien| Date: Sun, 21 Jan 2018 13:00:00 +0000<\/strong><\/p>\n In the early <\/span>days of Android<\/a>, co-founder Andy Rubin<\/a> set the stage<\/a> for the fledgling mobile operating system. Android\u2019s mission was to create smarter mobile devices, ones that were more aware of their owner\u2019s behavior and location.\u201cIf people are smart,\u201d Rubin told Business Week<\/em><\/a> in 2003, \u201cthat information starts getting aggregated into consumer products.\u201d A decade and a half later, that goal has become a reality: Android-powered gadgets are in the hands of billions and are loaded with software shipped by Google, the world\u2019s largest ad broker.<\/p>\n Sean O\u2019Brien and Michael Kwet are visiting fellows at Privacy Lab (@YalePrivacyLab<\/a>), an initiative of the Information Society Project at Yale Law School. Contact them<\/a> securely.<\/p>\n Our work at Yale Privacy Lab, made possible by Exodus Privacy\u2019s app scanning software<\/a>, revealed a huge problem with the Android app ecosystem. Google Play is filled with hidden trackers<\/a> that siphon a sm\u00f6rg\u00e5sbord of data from all sensors, in all directions, unknown to the Android user.<\/p>\n As the profiles we've published<\/a> about trackers reveal, apps in the Google Play store share a wide variety of data with advertisers, in creative and nuanced ways. These methods can be as invasive<\/a> as ultrasonic tracking via TV speakers and microphones. Piles of information are being harvested via labyrinthine channels, with a heavy focus on retail marketing. This was the plan all along, wasn\u2019t it? The smart mobile devices that comprise the Android ecosystem are designed to spy on users<\/a>.<\/p>\n One week after our work was published and the Exodus scanner was announced<\/a>, Google said<\/a> it would expand its Unwanted Software Policy and implement click-through warnings in Android.<\/p>\n But this move does nothing to fix fundamental flaws in Google Play. A polluted ocean of apps is plaguing Android, an operating system built upon Free and Open-Source Software (FOSS) but now barely resembling those venerable roots. Today, the average Android device is not only susceptible to malware and trackers, it\u2019s also heavily locked down and loaded with proprietary components\u2014characteristics that are hardly the calling cards of the FOSS movement.<\/p>\n Though Android bears the moniker of open-source, the chain of trust between developers, distributors, and end-users is broken.<\/p>\n Google\u2019s defective privacy and security controls have been made painfully real by a recent investigation<\/a> into location tracking, massive outbreaks<\/a> of malware, unwanted cryptomining<\/a>, and our work on hidden trackers.<\/p>\n It didn\u2019t have to be this way. When Android was declared Google\u2019s answer to the iPhone, there was palpable excitement across the Internet. Android was ostensibly based on GNU\/Linux, the culmination of decades of hacker ingenuity meant to replace proprietary, locked-down software. Hackers worldwide hoped that Android would be a FOSS champion in the mobile arena. FOSS is the gold-standard for security, building that reputation over the decades because of its fundamental transparency<\/a>.<\/p>\n As Android builds rolled out, however, it became clear that Rubin\u2019s baby contained very little GNU, a vital anchor that keeps GNU\/Linux operating systems transparent via a licensing strategy called copyleft<\/a>, which requires modifications to be made available to end-users and prohibits proprietary derivatives. Such proprietary components can contain all kinds of nasty \u201cfeatures\u201d that tread upon user privacy.<\/p>\n As a 2016 Ars Technica story made clear<\/a>, there were directives inside Google to avoid copyleft code\u2014except for the Linux kernel, which the company could not do without. Google preferred to bootstrap so-called permissively licensed code on top of Linux instead. Such code may be locked down and doesn\u2019t require developers to disclose their modifications\u2014or any of the source code for that matter.<\/p>\n Google\u2019s choice to limit<\/a> copyleft\u2019s presence in Android, its disdain<\/a> for reciprocal licenses, and its begrudging use of copyleft only when it \u201cmade sense to do so\u201d<\/a> are just symptoms of a deeper problem. In an environment without sufficient transparency, malware and trackers can thrive.<\/p>\n Android\u2019s privacy and security woes are amplified by cellphone companies and hardware vendors, which bolt on dodgy Android apps and hardware drivers. Sure, most of Android is still open-source, but the door is wide open to all manners of software trickery you won\u2019t find in an operating system like Debian GNU\/Linux, which goes to great length to audit its software packages and protect user security.<\/p>\n Surveillance<\/a> is not only a recurring problem<\/a> on Android devices; it is encouraged by Google<\/a> through its own ad services<\/a> and developer tools. The company is a gatekeeper that not only makes it easy for app developers to insert tracker code, but also develops its own trackers and cloud infrastructure. Such an ecosystem is toxic for user privacy and security, whatever the results are for app developers and ad brokers.<\/p>\n Apple is currently under fire for its own lack of software transparency, admitting it had slowed down<\/a> older iPhones. And iOS users should not breathe a sigh of relief in regard to hidden trackers, either. As we at Yale Privacy Lab noted in November<\/a>: "Many of the same companies distributing Google Play apps also distribute apps via Apple, and tracker companies openly advertise Software Development Kits compatible with multiple platforms. Thus, advertising trackers may be concurrently packaged for Android and iOS, as well as more obscure mobile platforms.\u201d<\/p>\n Transparency in software development and delivery leads to better security and privacy protection. Not only is auditable source code a requirement (thought not a guarantee) for security, but a clear and open process allows users to evaluate the trustworthiness of their software. Moreover, this clarity enables the security community to take a good, hard look at software and find any noxious or insecure components that may be hidden within.<\/p>\n The trackers we\u2019ve found in Google Play are just one aspect of the problem, though they are shockingly pervasive. Google does screen apps during Google Play\u2019s app submission process, but researchers are regularly finding scary new malware<\/a> and there are no barriers to publishing an app filled with trackers<\/a>.<\/p>\n Yale Privacy Lab is now collaborating with Exodus Privacy to detect and expose trackers with the help of the F-Droid app store<\/a>. F-Droid is the best replacement for Google Play, because it only offers FOSS apps without tracking, has a strict auditing process, and may be installed on most Android devices without any hassles or restrictions. F-Droid doesn't offer the millions of apps available in Google Play, so some people will not want to use it exclusively.<\/p>\n It\u2019s true that Google does screen apps submitted to the Play store to filter out malware, but the process is still mostly automated and very quick\u2014 too quick to detect Android malware before it's published, as we've seen.<\/p>\n Installing F-Droid isn\u2019t a silver bullet, but it\u2019s the first step in protecting yourself from malware. With this small change, you\u2019ll even have bragging rights with your friends with iPhones, who are limited to Apple\u2019s App Store<\/a> unless they jailbreak their phones.<\/p>\n But why debate iPhone vs. Android, Apple vs. Google, anyway? Your privacy and security are massively more important than brand allegiance. Let\u2019s debate digital freedom and servitude, free and unfree, private and spied-upon.<\/p>\n WIRED Opinion publishes pieces written by outside contributors and represents a wide range of viewpoints. Read more opinions here<\/a>.<\/em><\/p>\n