Malware in Mobile Devices


Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; that is the basic injustice. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.

This typically takes the form of malicious functionalities.


Nearly all mobile phones do two grievous wrongs to their users: tracking their movements, and listening to their conversations. This is why we call them “Stalin's dream”.

Tracking users' location is a consequence of how the cellular network operates: it needs to know which cell towers the phone is near, so it can communicate with the phone via a nearby tower. That gives the network location data which it saves for months or years. See below.

Listening to conversations works by means of a universal back door in the software of the processor that communicates with the phone network.

In addition, the nonfree operating systems for “smart” phones have specific malicious functionalities, described in Apple's Operating Systems are Malware and Google's Software Is Malware respectively.

Many phone apps are malicious, too. See below.

If you know of an example that ought to be in this page but isn't here, please write to <webmasters@gnu.org> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.

Network location tracking

This section describes a malicious characteristic of mobile phone networks: location tracking. The phone network tracks the movements of each phone.

Strictly speaking, this tracking is not implemented by any specific software code; it is inherent in the cellular network technology. The network needs to know which cell towers the phone is near, so it can communicate with the phone via a nearby tower. There is no technical way to block or avoid the tracking and still have cellular communication with today's cellular networks.

Networks do not limit themselves to using that data momentarily. Many countries (including the US and the EU) require the network to store all location data for months or years, and while stored it is available for whatever use the network permits, or the State requires. This can put the user in great danger.

  • 2022-08

    US states that ban abortion talk about making it a crime to go to another state to get an abortion. They could use various forms of location tracking, including the network, to prosecute abortion-seekers. The state could subpoena the data, so that the network's “privacy” policy would be irrelevant.

    That article explains why wireless networks collect location data, one unavoidable reason and one avoidable (emergency calls). It also explains some of the many ways the location data are used.

    Networks should never do localization for emergency calls except when you make an emergency call, or when there is a court order to do so. It should be illegal for a network to do precise localization (the kind needed for emergency calls) except to handle an emergency call, and if a network does so illegally, it should be required to inform the owner of the phone in writing on paper, with an apology.

  • 2021-01

    The authorities in Venice track the movements of all tourists using their portable phones. The article says that at present the system is configured to report only aggregated information. But that could be changed. What will that system do 10 years from now? What will a similar system in another country do? Those are the questions this raises.

  • 2020-06

    Network location tracking is used, among other techniques, for targeted advertising.

Designs for networks that wouldn't track phones have been developed, but using those methods would call for new networks as well as new phones.

Addictions

  • 2024-11

    Dating apps exploit their users; fundamental features require an expensive subscription, and they are designed to be addictive.

  • 2016-04

    Many popular mobile games include a random-reward system called gacha which is especially effective on children. One variant of gacha was declared illegal in Japan in 2012, but the other variants are still luring players into compulsively spending inordinate amounts of money on virtual toys.

Back Doors

Almost every phone's communication processor has a universal back door which is often used to make a phone transmit all conversations it hears.

The back door may take the form of bugs that have gone 20 years unfixed. The choice to leave the security holes in place is morally equivalent to writing a back door.

The back door is in the “modem processor”, whose job is to communicate with the radio network. In most phones, the modem processor controls the microphone. In most phones it has the power to rewrite the software for the main processor too.

A few phone models are specially designed so that the modem processor does not control the microphone, and so that it can't change the software in the main processor. They still have the back door, but at least it is unable to turn the phone unto a listening device.

The universal back door is apparently also used to make phones transmit even when they are turned off. This means their movements are tracked, and may also make the listening feature work.

Deception

  • 2020-02

    Many Android apps fool their users by asking them to decide what permissions to give the program, and then bypassing these permissions.

    The Android system is supposed to prevent data leaks by running apps in isolated sandboxes, but developers have found ways to access the data by other means, and there is nothing the user can do to stop them from doing so, since both the system and the apps are nonfree.

DRM

Digital restrictions management, or “DRM,” refers to functionalities designed to restrict what users can do with the data in their computers.

  • 2015-01

    The Netflix Android app forces the use of Google DNS. This is one of the methods that Netflix uses to enforce the geolocation restrictions dictated by the movie studios.

Insecurity

These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.

Interference

This section gives examples of mobile apps harassing or annoying the user, or causing trouble for the user. These actions are like sabotage but the word “sabotage” is too strong for them.

Manipulation

  • 2019-05

    The Femm “fertility” app is secretly a tool for propaganda by natalist Christians. It spreads distrust for contraception.

    It snoops on users, too, as you must expect from nonfree programs.

Sabotage

Surveillance

See above for the general universal back door in essentially all mobile phones, which permits converting them into full-time listening devices.

Jails

Jails are systems that impose censorship on application programs.

Tyrants

Tyrants are systems that reject any operating system not “authorized” by the manufacturer.