<!--#include virtual="/server/header.html" --> <!-- Parent-Version:1.841.96 --> <!--#set var="DISABLE_TOP_ADDENDUM" value="yes" --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Google's Software Is Malware - GNU Project - Free Software Foundation</title> <link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" /> <!--#include virtual="/proprietary/po/malware-google.translist" --> <!--#include virtual="/server/banner.html" --> <div class="nav"> <a id="side-menu-button" class="switch" href="#navlinks"> <img id="side-menu-icon" height="32" src="/graphics/icons/side-menu.png" title="Section contents" alt=" [Section contents] " /> </a> <p class="breadcrumb"> <a href="/"><img src="/graphics/icons/home.png" height="24" alt="GNU Home" title="GNU Home" /></a> / <a href="/proprietary/proprietary.html">Malware</a> / By company / </p> </div> <!--GNUN: OUT-OF-DATE NOTICE--> <!--#include virtual="/server/top-addendum.html" --> <div style="clear: both"></div> <div id="last-div" class="reduced-width"> <h2>Google's Software is Malware</h2><p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p><divclass="highlight-para"> <p> <em>Malware</em> meansclass="infobox"> <hr class="full-width" /> <p>Nonfree (proprietary) softwaredesignedis very often malware (designed tofunction in ways thatmistreator harmtheuser. (This does not include accidental errors.) This page explains how Google software is malware. </p> <p>Malware and nonfree software are two different issues. The difference between <a href="/philosophy/free-sw.html">free software</a> and nonfreeuser). Nonfree software is controlled by its developers, which puts them in<a href="/philosophy/free-software-even-more-important.html"> whether the users have control of the program or vice versa</a>. It's not directlyaquestionposition ofwhatpower over theprogram <em>does</em> when it runs. However, in practice nonfree softwareusers; <a href="/philosophy/free-software-even-more-important.html">that isoften malware, becausethedeveloper's awarenessbasic injustice</a>. The developers and manufacturers often exercise that power to the detriment of the userswould be powerlessthey ought tofix anyserve.</p> <p>This typically takes the form of maliciousfunctionalities temptsfunctionalities.</p> <hr class="full-width" /> </div> <div class="article"> <div class="important"> <p>If you know of an example that ought to be in this page but isn't here, please write to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include thedeveloperURL of a trustworthy reference or two toimpose some. </p>serve as specific substantiation.</p> </div> <divclass="summary" style="margin-top: 2em"> <h3><strong>Type of malware</strong></h3>id="TOC" class="toc-inline"> <h3>Types of Google malware</h3> <ul> <li><a href="#back-doors">Back doors</a></li> <li><a href="#censorship">Censorship</a></li> <!--<li><a href="#deception">Deception</a></li>--> <li><a href="#drm">DRM</a></li> <li><a href="#insecurity">Insecurity</a></li> <li><a href="#interference">Interference</a></li> <li><a href="#manipulation">Manipulation</a></li> <!--<li><ahref="#pressuring">Pressuring</a></li>-->href="#jails">Jails</a></li>--> <li><a href="#sabotage">Sabotage</a></li> <li><a href="#subscriptions">Subscriptions</a></li> <li><a href="#surveillance">Surveillance</a></li> <li><ahref="#drm">Digital restrictions management</a> or “DRM” means functionalities designed to restrict what users can do withhref="#tyrants">Tyrants</a></li> </ul> </div> <h3 id="back-doors">Back Doors</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202004130"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>The <a href="https://play.google.com/about/play-terms/"> Google Play Terms of Service</a> insist that thedatauser of Android accept the presence of universal back doors intheir computers.</li> <!--<li><a href="#jails">Jails</a>—systemsapps released by Google.</p> <p>This does not tell us whether any of Google's apps currently contains a universal back door, but thatimpose censorship on application programs.</li>--> <li><a href="#tyrants">Tyrants</a>—systemsis a secondary question. In moral terms, demanding thatreject any operating system not “authorized” bypeople accept in advance certain bad treatment is equivalent to actually doing it. Whatever condemnation themanufacturer.</li> <!--<li><a href="#deception">Deception</a></li>--> </ul> </div> <h3 id="back-doors">Google Back Doors</h3> <ul> <li> <p>ChromeOSlatter deserves, the former deserves the same.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201908220"> <!--#set var="DATE" value='<small class="date-tag">2019-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>ChromeBooks are programmed for obsolescence: ChromeOS has a universal backdoor. At least, Google says it does—indoor that is used for updates and <ahref="https://www.google.com/intl/en/chromebook/termsofservice.html"> section 4 ofhref="https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/"> ceases to operate at a predefined date</a>. From then on, there appears to be no support whatsoever for theEULA</a>.</p>computer.</p> <p>In other words, when you stop getting screwed by the back door, you start getting screwed by the obsolescence.</p> </li><li><!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201809140"> <!--#set var="DATE" value='<small class="date-tag">2018-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Android has a <a href="https://www.theverge.com/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change"> back door for remotely changing “user” settings</a>.</p> <p>The article suggests it might be a universal back door, but this isn't clear.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201103070"> <!--#set var="DATE" value='<small class="date-tag">2011-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>In Android, <ahref="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">href="https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html"> Google has a back door to remotely deleteapps.</a>apps</a>. (Itiswas in a program calledGTalkService).</p>GTalkService, which seems since then to have been merged into Google Play.)</p> <p>Google can also <a href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/"> forcibly and remotely install apps</a> throughGTalkService (which seems, since that article, to have been merged into Google Play).GTalkService. This is not equivalent to a universal back door, but permits various dirty tricks.</p> <p>Although Google's <em>exercise</em> of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely <em>deactivate</em> programs that it considers malicious. But there is no excuse for allowing it to <em>delete</em> the programs, and you should have the right to decide who (if anyone) to trust in thisway.</p></li>way.</p> </li> </ul> <h3id="censorship">Google Censorship</h3> <ul> <li>id="censorship">Censorship</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201703160"> <!--#set var="DATE" value='<small class="date-tag">2017-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google <a href="https://www.csmonitor.com/Technology/2017/0316/Google-Family-Link-gives-parents-a-way-to-monitor-preteens-accounts"> offers censorship software</a>, ostensibly for parents to put into their children's computers.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201701180"> <!--#set var="DATE" value='<small class="date-tag">2017-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>On Windows and MacOS, Chrome <a href="https://sites.google.com/a/chromium.org/dev/developers/extensions-deployment-faq"> disables extensions</a> that are not hosted in the Chrome Web Store.</p> <p>For example, an extension was <ahref="https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">href="https://web.archive.org/web/20170120094917/https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/"> banned from the Chrome Web Store, and permanently disabled</a> on more than 40,000computers.</p></li> <li>computers.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201602030"> <!--#set var="DATE" value='<small class="date-tag">2016-02</small>' --><!--#echo encoding="none" var="DATE" --> <p><ahref="http://www.theguardian.com/media/2016/feb/03/google-pulls-ad-blocking-app-for-samsung-phones">href="https://www.theguardian.com/media/2016/feb/03/google-pulls-ad-blocking-app-for-samsung-phones"> Google censored installation of Samsung's ad-blocker</a> on Android phones, saying that blocking ads is “interference” with the sites that advertise (and surveil users through ads).</p> <p>The ad-blocker is proprietary software, just like the program (Google Play) that Google used to deny access to install it. Using a nonfree program gives the owner power over you, and Google has exercised that power.</p> <p>Google's censorship, unlike that of Apple, is not total: Android allows users to install apps in other ways. You can install free programs fromf-droid.org.</p></li> <li>f-droid.org.</p> </li> </ul> <h3 id="drm">DRM</h3> <p>Digital restrictions management, or “DRM,” refers to functionalities designed to restrict what users can do with the data in their computers.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201705150"> <!--#set var="DATE" value='<small class="date-tag">2017-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google now allows Android apps to detect whether a device has been rooted, <ahref="http://www.csmonitor.com/Technology/2017/0316/Google-Family-Link-gives-parents-a-way-to-monitor-preteens-accounts"> offers censorship software</a>, ostensibly for parentshref="https://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and refuse toput into their children's computers.</p></li>install if so</a>. The Netflix app uses this ability to enforce DRM by refusing to install on rooted Android devices.</p> <p>Update: Google <i>intentionally</i> changed Android so that apps <a href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">can detect rooted devices and refuse to run on them</a>. The Netflix app is proprietary malware, and one shouldn't use it. However, that does not make what Google has done any less wrong.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201701300"> <!--#set var="DATE" value='<small class="date-tag">2017-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Chrome <a href="https://boingboing.net/2017/01/30/google-quietly-makes-optiona.html">implements DRM</a>. So does Chromium, through nonfree software that is effectively part of it.</p> <p><a href="https://issues.chromium.org/issues/40504000">More information</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201102250"> <!--#set var="DATE" value='<small class="date-tag">2011-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Android <a href="https://developer.android.com/reference/android/drm/package-summary.html"> contains facilities specifically to support DRM</a>.</p> </li> </ul> <h3id="insecurity">Google Insecurity</h3>id="insecurity">Insecurity</h3> <p>These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.</p><ul> <li><p><a href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"><ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202107180"> <!--#set var="DATE" value='<small class="date-tag">2021-07</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones"> The pegasus spyware used vulnerabilities on proprietary smartphone operating systems</a> to impose surveillance on people. It can record people's calls, copy their messages, and secretly film them, using a security vulnerability. There's also <a href="https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"> a technical analysis of this spyware</a> available in PDF format.</p> <p>A free operating system would've let people to fix the bugs for themselves but now infected people will be compelled to wait for corporations to fix the problems.</p> <p><small>Please note that the article wrongly refers to crackers as “<a href="/philosophy/words-to-avoid.html#Hacker">hackers</a>”.</small></p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202008110"> <!--#set var="DATE" value='<small class="date-tag">2020-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>TikTok <a href="https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html"> exploited an Android vulnerability</a> to obtain user MAC addresses.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201907080"> <!--#set var="DATE" value='<small class="date-tag">2019-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many Android apps can track users' movements even when the user says <a href="https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location"> not to allow them access to locations</a>.</p> <p>This involves an apparently unintentional weakness in Android, exploited intentionally by malicious apps.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201801260"> <!--#set var="DATE" value='<small class="date-tag">2018-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google's ad platform enabled advertisers to <a href="https://arstechnica.com/information-technology/2018/01/now-even-youtube-serves-ads-with-cpu-draining-cryptocurrency-miners/"> run cryptocurrency miner code on the computers of YouTube users through proprietary JavaScript</a>. Some people noticed this, and the outrage made Google remove the miners, but the number of affected users was probably very high.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201311120"> <!--#set var="DATE" value='<small class="date-tag">2013-11</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"> The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry</a>. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <ahref="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">href="https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/"> lots of bugs in the phones' radiosoftware</a>.</p></li>software</a>.</p> </li> </ul> <h3 id="interference">Interference</h3> <p>This section gives examples of Google software harassing or annoying the user, or causing trouble for the user. These actions are like sabotage but the word “sabotage” is too strong for them.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202106190"> <!--#set var="DATE" value='<small class="date-tag">2021-06</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://arstechnica.com/gadgets/2021/06/even-creepier-covid-tracking-google-silently-pushed-app-to-users-phones/">Google automatically installed an app on many proprietary Android phones</a>. The app might or might not do malicious things but the power Google has over proprietary Android phones is dangerous.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201907220"> <!--#set var="DATE" value='<small class="date-tag">2019-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>In 2019, <a href="https://chromestory.com/2019/07/disable-pull-to-refresh-on-chrome-for-android/"> Google revoked users' ability to turn off the “pull-to-refresh” gesture in Chrome for Android</a>. Despite <a href="https://support.google.com/chrome/thread/8152831"> thousands of protests by frustrated users</a>, Google has not reverted its decision. Proprietary software developers are known for ignoring users' requests in favor of their own gain and convenience. Only free software gives users control over their own computing.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201901230"> <!--#set var="DATE" value='<small class="date-tag">2019-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google is modifying Chromium so that <a href="https://tech.slashdot.org/story/19/01/23/0048202/google-proposes-changes-to-chromium-browser-that-will-break-content-blocking-extensions-including-various-ad-blockers"> extensions won't be able to alter or block whatever the page contains</a>. Users could conceivably reverse the change in a fork of Chromium, but surely Chrome (nonfree) will have the same change, and users can't fix it there.</p> </li> </ul> <h3 id="manipulation">Manipulation</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202501290"> <!--#set var="DATE" value='<small class="date-tag">2025-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google is <a href="https://slate.com/technology/2025/01/google-gemini-ai-workspace-default-opt-in.html"> forcing its bullshit generator, Gemini, on many users of Gmail</a> without asking them, and not even offering the users a way to deactivate it.</p> <p>Workplace IT managers, whose employees are forced to use Gmail, can get it turned off after a laborious procedure, followed by waiting—the darkest of dark patterns.</p> </li> </ul> <h3id="sabotage">Google Sabotage</h3>id="sabotage">Sabotage</h3> <p>The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Google actions that harmtothe users of specific Google software.</p><ul> <li><ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202011060"> <!--#set var="DATE" value='<small class="date-tag">2020-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>A new app published by Google <a href="https://www.xda-developers.com/google-device-lock-controller-banks-payments/">lets banks and creditors deactivate people's Android devices</a> if they fail to make payments. If someone's device gets deactivated, it will be limited to basic functionality, such as emergency calling and access to settings.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201604050"> <!--#set var="DATE" value='<small class="date-tag">2016-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Revolv isan IoTa devicewhichthat managed “smart home” operations: switchingthelights, operate motion sensors, regulating temperature, etc. Its proprietary software depends on a remote server to do these tasks. On May 15th, 2016,Google saidGoogle/Alphabet <a href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be">intentionally broke itwould shutby shutting down theservice linked to the device, makingserver</a>.</p> <p>If itunusable.</p> <p>Although you may own the device, its functioning depended onwere free software, users would have theserver that never belongedability toyou. So you never really had controlmake it work again, differently, and then have a freedom-respecting home instead ofit. This unjust design is called <a href="/philosophy/network-services-arent-free-or-nonfree.html"> Service asaSoftware Substitute (SaaSS)</a>. That is what gave the company the power to convert it“smart” home. Don't let proprietary software control your devices and turn them intoa$300 out-of-warrantybrick, for your “dumb home”.</p>bricks. Insist on self-contained computers that run free software!</p> </li><li><p>Google<!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201511244"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google has long had <ahref="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">ahref="https://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a back door to remotely unlock an Android device</a>, unless its disk is encrypted (possible since Android 5.0 Lollipop, but still not quite thedefault).</p></li>default).</p> </li> </ul> <h3id="surveillance">Google Surveillance</h3> <ul> <li><p>Tracking softwareid="subscriptions">Subscriptions</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit inpopularmalware-google.html. --> <li id="M202309050"> <!--#set var="DATE" value='<small class="date-tag">2023-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Nest snooper/surveillance cameras are always tethered to Google servers, record videos 24/7, and are <a href="https://arstechnica.com/gadgets/2023/09/google-nest-cameras-get-a-25-33-subscription-price-hike/"> subscription-based, which is an injustice to people who use them</a>. The article discusses the rise in prices for “plans” you can buy from Google, which include storing videos in the “cloud”—another word for someone else's computer.</p> </li> </ul> <h3 id="surveillance">Surveillance</h3> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202411040"> <!--#set var="DATE" value='<small class="date-tag">2024-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Pixel 9 “smart”phone <a href="https://cybernews.com/security/google-pixel-9-phone-beams-data-and-awaits-commands/"> frequently updates Google servers with its location and current configuration</a> along with personally identifiable data, raising concerns about user privacy. Moreover, it communicates with services that are not in use, and periodically attempts to download experimental, possibly insecure software. The system does not inform the user that it is doing all this.</p> <p>There is hope, however: it is possible to <a href="https://doc.e.foundation/devices"> replace the original Androidappsoperating system with a deGoogled version</a> in Pixel phones up to 8a, and in phones from many other brands. No doubt that the Pixel 9 will be supported soon.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202109210"> <!--#set var="DATE" value='<small class="date-tag">2021-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google's proprietary Chrome web browser <a href="https://www.techrepublic.com/article/new-chrome-feature-can-tell-sites-and-webapps-when-youre-idle/"> added a surveillance API (idle detection API)</a> which lets websites ask Chrome to report when a user with a web page open ispervasiveidle.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202102160"> <!--#set var="DATE" value='<small class="date-tag">2021-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google <a href="https://www.indiatoday.in/technology/news/story/disha-ravi-arrest-puts-privacy-of-all-google-india-users-in-doubt-1769772-2021-02-16">handed over personal data of Indian protesters andsometimes very clever. Some trackers canactivists to Indian police</a> which led to their arrest. The cops requested the IP address and the location where a document was created and with that information, they identified protesters and activists.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202008030"> <!--#set var="DATE" value='<small class="date-tag">2020-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Nest <ahref="https://theintercept.com/2017/11/24/staggering-variety-of-clandestine-trackers-found-in-popular-android-apps/"> followhref="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/"> is taking over ADT</a>. Google sent out a software update to its speaker devices using their back door <a href="https://web.archive.org/web/20240123114737/https://www.protocol.com/google-smart-speaker-alarm-adt"> that listens for things like smoke alarms</a> and then notifies your phone that an alarm is happening. This means the devices now listen for more than just their wake words. Google says the software update was sent out prematurely and on accident and Google was planning on disclosing this new feature and offering it to customers who pay for it.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202004301"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Proprietary programs Google Meet, Microsoft Teams, and WebEx <a href="https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex-a7383469308/">are collecting user's personal and identifiable data</a> including how long a call lasts, who's participating in the call, and the IP addresses of everyone taking part. From experience, this can even harm users physically if those companies hand over data to governments.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M202004131"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google, Apple, and Microsoft (and probably some other companies) <a href="https://www.lifewire.com/wifi-positioning-system-1683343">are collecting people's access points and GPS coordinates (which can identify people's precise location) even if their GPS is turned off</a>, without the person's consent, using proprietary software implemented in person's smartphone. Though merely asking for permission would not necessarily legitimize this.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201907210"> <!--#set var="DATE" value='<small class="date-tag">2019-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google “Assistant” records users' conversations <a href="https://arstechnica.com/information-technology/2019/07/google-defends-listening-to-ok-google-queries-after-voice-recordings-leak/">even when it is not supposed to listen</a>. Thus, when one of Google's subcontractors discloses a thousand confidential voice recordings, users were easily identified from these recordings.</p> <p>Since Google “Assistant” uses proprietary software, there is no way to see or control what it records or sends.</p> <p>Rather than trying to better control the use of recordings, Google should not record or listen to the person's voice. It should only get commands that the user wants to send to some Google service.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201906220"> <!--#set var="DATE" value='<small class="date-tag">2019-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Chrome is an <a href="https://www.mercurynews.com/2019/06/21/google-chrome-has-become-surveillance-software-its-time-to-switch/"> instrument of surveillance</a>. It lets thousands of trackers invade users' computers and report the sites they visit to advertising and data companies, first of all to Google. Moreover, if users have a Gmail account, Chrome automatically logs them in to the browser for more convenient profiling. On Android, Chrome also reports their location to Google.</p> <p>The best way to escape surveillance is to switch to <a href="/software/icecat/">IceCat</a>, a modified version of Firefox with several changes to protect users' privacy.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201904130"> <!--#set var="DATE" value='<small class="date-tag">2019-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google tracks the movementsaroundof Android phones and iPhones running Google apps, and sometimes <a href="https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html"> saves the data for years</a>.</p> <p>Nonfree software in the phone has to be responsible for sending the location data to Google.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201902040"> <!--#set var="DATE" value='<small class="date-tag">2019-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google invites people to <a href="https://www.commondreams.org/views/2019/02/04/google-screenwise-unwise-trade-all-your-privacy-cash?cd-origin=rss"> let Google monitor their phone use, and all internet use in their homes, for an extravagant payment of $20</a>.</p> <p>This is not aphysical storemalicious functionality of a program with some other purpose; this is the software's sole purpose, and Google says so. But Google says it in a way that encourages most people to ignore the details. That, we believe, makes it fitting to list here.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201811230"> <!--#set var="DATE" value='<small class="date-tag">2018-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>An Android phone was observed to track location even while in airplane mode. It didn't send the location data while in airplane mode. Instead, <a href="https://www.thesun.co.uk/tech/7811918/google-is-tracking-you-even-with-airplane-mode-turned-on/"> it saved up the data, and sent them all later</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201809121"> <!--#set var="DATE" value='<small class="date-tag">2018-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Tiny Lab Productions, along with online ad businesses run bynoticing WiFi networks</a>.</p>Google, Twitter and three other companies are facing a lawsuit <a href="https://www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-privacy-google-twitter.html">for violating people's privacy by collecting their data from mobile games and handing over these data to other companies/advertisers</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201808131"> <!--#set var="DATE" value='<small class="date-tag">2018-08</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.theverge.com/2018/8/13/17684660/google-turn-off-location-history-data">Google will track people even if people turn off location history</a>, using Google Maps, weather updates, and browser searches. Google basically uses any app activity to track people.</p> </li><li><p>Android<!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201808130"> <!--#set var="DATE" value='<small class="date-tag">2018-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Since the beginning of 2017, <a href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled">Android phones have been collecting the addresses of nearby cellular towers</a>, even when location services are disabled, and sending that data back to Google.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201808030"> <!--#set var="DATE" value='<small class="date-tag">2018-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some Google apps on Android <a href="https://www.theguardian.com/technology/2018/aug/13/google-location-tracking-android-iphone-mobile"> record the user's location even when users disable “location tracking”</a>.</p> <p>There are other ways to turn off the other kinds of location tracking, but most users will be tricked by the misleading control.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201711210"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Android tracks location for Google <ahref="https://www.techdirt.com/articles/20171121/09030238658/investigation-finds-google-collected-location-data-even-with-location-services-turned-off.shtml">href="https://www.techdirt.com/2017/11/21/investigation-finds-google-collected-location-data-even-with-location-services-turned-off/"> even when “location services” are turned off, even when the phone has no SIMcard</a>.</p></li> <li><p>Google Chrome contains a key logger thatcard</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201704131"> <!--#set var="DATE" value='<small class="date-tag">2017-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Low-priced Chromebooks for schools are <ahref="http://www.favbrowser.com/google-chrome-spyware-confirmed/"> sendshref="https://www.eff.org/wp/school-issued-devices-and-student-privacy"> collecting far more data on students than is necessary, and store it indefinitely</a>. Parents and students complain about the lack of transparency on the part of both the educational services and the schools, the difficulty of opting out of these services, and the lack of proper privacy policies, among other things.</p> <p>But complaining is not sufficient. Parents, students and teachers should realize that the software Googleevery URL typed in</a>, one keyuses to spy on students is nonfree, so they can't verify what it really does. The only remedy is to persuade school officials to <a href="/education/edu-schools.html"> exclusively use free software</a> for both education and school administration. If the school is run locally, parents and teachers can mandate their representatives at the School Board to refuse the budget unless the school initiates atime.</p>switch to free software. If education is run nation-wide, they need to persuade legislators (e.g., through free software organizations, political parties, etc.) to migrate the public schools to free software.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201609210"> <!--#set var="DATE" value='<small class="date-tag">2016-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google's new voice messaging app <a href="https://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logs all conversations</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201609140"> <!--#set var="DATE" value='<small class="date-tag">2016-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Play (a component of Android) <a href="https://www.extremetech.com/mobile/235594-yes-google-play-is-tracking-you-and-thats-just-the-tip-of-a-very-large-iceberg"> tracks the users' movements without their permission</a>.</p> <p>Even if you disable Google Maps and location tracking, you must disable Google Play itself to completely stop the tracking. This is yet another example of nonfree software pretending to obey the user, when it's actually doing something else. Such a thing would be almost unthinkable with free software.</p> </li><li><p>Google<!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201507280"> <!--#set var="DATE" value='<small class="date-tag">2015-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Chrome makes it easy for an extension to do <a href="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total snooping on the user's browsing</a>, and many of them do so.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201506180"> <!--#set var="DATE" value='<small class="date-tag">2015-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Chrome includes a module that <ahref="https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/">href="https://www.privateinternetaccess.com/blog/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/"> activates microphones and transmits audio to its servers</a>.</p> </li><li><p>Spyware is present<!-- Copied from workshop/mal.rec. Do not edit insome Android devices when they are sold. Some Motorola phones modify Android to <a href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">malware-google.html. --> <li id="M201407170"> <!--#set var="DATE" value='<small class="date-tag">2014-07</small>' --><!--#echo encoding="none" var="DATE" --> <p id="nest-thermometers">Nest thermometers sendpersonal<a href="https://bgr.com/general/google-nest-jailbreak-hack/">a lot of datato Motorola</a>.</p>about the user</a>.</p> </li><li><p>Spyware<!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201308040"> <!--#set var="DATE" value='<small class="date-tag">2013-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Chrome <a href="https://web.archive.org/web/20151018132125/http://www.brad-x.com/2013/08/04/google-chrome-is-spyware/"> spies on browser history, affiliations</a>, and other installed software.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201308010"> <!--#set var="DATE" value='<small class="date-tag">2013-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked from us by a paywall) reports that <ahref="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">href="https://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj"> the FBI can remotely activate the GPS and microphone in Android phones andlaptops</a>. (I suspect this meanslaptops</a> (presumably Windowslaptops.)laptops). Here is <ahref="http://cryptome.org/2013/08/fbi-hackers.htm">morehref="https://cryptome.org/2013/08/fbi-hackers.htm">more info</a>.</p> </li><li><p>Google's new voice messaging app<!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201307280"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Spyware is present in some Android devices when they are sold. Some Motorola phones, made when this company was owned by Google, use a modified version of Android that <a href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html"> sends personal data to Motorola</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201307250"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>A Motorola phone <ahref="http://www.theverge.com/2016/9/21/12994362/allo-privacy-message-logs-google">logshref="https://web.archive.org/web/20170629175629/http://www.itproportal.com/2013/07/25/motorolas-new-x8-arm-chip-underpinning-the-always-on-future-of-android/"> listens for voice allconversations</a>.</p>the time</a>.</p> </li> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <liid="nest-thermometers"> <p>Nest thermometers sendid="M201302150"> <!--#set var="DATE" value='<small class="date-tag">2013-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Play intentionally sends app developers <ahref="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lothref="https://gadgets360.com/apps/news/google-play-store-policy-raises-privacy-concerns-331116"> the personal details ofdata aboutusers that install theuser</a>.</p>app</a>.</p> <p>Merely asking the “consent” of users is not enough to legitimize actions like this. At this point, most users have stopped reading the “Terms and Conditions” that spell out what they are “consenting” to. Google should clearly and honestly identify the information it collects on users, instead of hiding it in an obscurely worded EULA.</p> <p>However, to truly protect people's privacy, we must prevent Google and other companies from getting this personal information in the first place!</p> </li><li><p>Many<!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201208210"> <!--#set var="DATE" value='<small class="date-tag">2012-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Many web sites report all their visitors to Google by using the Google Analytics service, which <ahref="http://www.pcworld.idg.com.au/article/434164/google_analytics_breaks_norwegian_privacy_laws_local_agency_said/">href="https://www.pcworld.com/article/460787/google_analytics_breaks_norwegian_privacy_laws_local_agency_said.html"> tells Google the IP address and the page that wasvisited.</a></p>visited</a>.</p> </li><li><p>Google<!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M200809060"> <!--#set var="DATE" value='<small class="date-tag">2008-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Chromemakes it easy for an extension to docontains a key logger that <ahref="https://labs.detectify.com/2015/07/28/how-i-disabled-your-chrome-security-extensions/">total snooping on the user's browsing</a>, and many of them do so.</p>href="https://web.archive.org/web/20190126075111/http://www.favbrowser.com/google-chrome-spyware-confirmed/"> sends Google every URL typed in</a>, one key at a time.</p> </li> </ul> <h3id="drm">Google DRM</h3> <ul> <li id="netflix-app-geolocation-drm"><p>The Netflix Android app <a href="http://torrentfreak.com/netflix-cracks-down-on-vpn-and-proxy-pirates-150103/"> forces the use of Google DNS</a>. This is one of the methodsid="tyrants">Tyrants</h3> <p>Tyrants are systems thatNetflix uses to enforce the geolocation restrictions dictatedreject any operating system not “authorized” by themovie studios.</p> </li> <li> <p>Google now allows Android apps to detect whether a device has been rooted, <a href="http://www.androidpolice.com/2017/05/13/netflix-confirms-blocking-rootedunlocked-devices-app-still-working-now/">and refuse to install if so</a>.</p> <p>Update: Google <i>intentionally</i> changed Android so that apps <a href="https://torrentfreak.com/netflix-use-of-google-drm-means-rooted-android-devices-are-banned-170515/">can detect rooted devices and refuse to run on them</a>.</p> </li> <li> <p>Chrome <a href="http://boingboing.net/2017/01/30/google-quietly-makes-optiona.html">implements DRM</a>. So does Chromium, through nonfree software that is effectively part of it.</p> <p><a href="https://bugs.chromium.org/p/chromium/issues/detail?id=686430">More information</a>.</p> </li> <li><p>Androidmanufacturer.</p> <ul class="blurbs"> <!-- Copied from workshop/mal.rec. Do not edit in malware-google.html. --> <li id="M201304080"> <!--#set var="DATE" value='<small class="date-tag">2013-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Motorola, then owned by Google, made <ahref="https://developer.android.com/reference/android/drm/package-summary.html">contains facilities specifically to support DRM.</a></p> </li> </ul> <h3 id="tyrants">Google Tyrants</h3> <ul> <li> <p><ahref="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html">SomeAndroid phonesmade by Googlethat are tyrants</a> (though someone found a way to crack therestriction). Fortunately, most Android devices are not tyrants. </p>restriction).</p> </li> </ul></div><!-- for id="content", starts in the include above</div> </div> <!--#include virtual="/proprietary/proprietary-menu.html" --> <!--#include virtual="/server/footer.html" --> <divid="footer">id="footer" role="contentinfo"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating andsubmittingcontributing translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating andsubmittingcontributing translations of this article.</p> </div> <!-- Regarding copyright, in general, standalone pages (as opposed to files generated as part of manuals) on the GNU web server should be under CC BY-ND 4.0. Please do NOT change or remove this without talking with the webmasters or licensing team first. Please make sure the copyright date is consistent with the document. For web pages, it is ok to list just the latest year the document was modified, or published. If you wish to list earlier years, that is ok too. Either "2001, 2002, 2003" or "2001-2003" are ok for specifying years, as long as each year in the range is in fact a copyrightable year, i.e., a year in which the document was published (including being publicly visible on the web or in a revision control system). There is more detail about copyright years in the GNU Maintainers Information document, www.gnu.org/prep/maintain. --> <p>Copyright ©2017, 20182017-2025 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license"href="http://creativecommons.org/licenses/by-nd/4.0/">Creativehref="http://creativecommons.org/licenses/by/4.0/">Creative CommonsAttribution-NoDerivativesAttribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2025/03/16 17:37:46 $ <!-- timestamp end --> </p> </div></div></div><!-- for class="inner", starts in the banner include --> </body> </html>