back to article Google guru: Android doesn't have malware, it has Potentially Harmful Applications™ instead

Malware doesn't exist on Android, Google says, but Potentially Harmful Applications™ do. That linguistic flip is one of many at play in the Chocolate Factory's Android security division, which has dumped various general infosec terms overboard. Lead Android engineer Adrian Ludwig told the RSA Conference in San Francisco today …

  1. Sebastian A

    When people start arguing terminology like this

    you know they're avoiding dealing with the actual issue.

    1. Kristian Walsh Silver badge

      Re: When people start arguing terminology like this

      A former employer of mine that sold AV software was threatened with a lawsuit by a spyware pusher because its AV scanner, reasonably enough, labelled that company's software as spyware.

      You'd think they'd be told to go to hell, but no:

      The spyware publisher's argument was that their software wasn't spyware, it was a way of providing the user with ads that might be of interest to them... and in order to determine what would be of interest, this software had to record search terms and browsing history. And, they continued, because this was all in the EULA, which the user had clicked through (in order to install Flash/Firefox/Acrobat/UnRAR or something else that they bundled themselves with), it was consented to, and so could not be spyware...

      And thus, the term "Potentially Unwanted Program" was born...

      I suppose Google has to be careful about clearly condemning companies that gather large amounts of a user's personal data under assumed consent, but it is not in any way in the customer's interests to allow these things to persist on Android. Yes, Google does a legal version of the same thing, but at least customers know who Google is, and have some limited form of redress against it if they find that it's stepped over a line. Not so with the shadier spyware pushers...

      1. BillG
        Joke

        Re: When people start arguing terminology like this

        “I regret that we use the word spyware. When we say it, we mean that it grabs too much data and sends it off the device. There is a profound difference between grabbing all your SMS, and grabbing all your installed apps to send off your device. It's often called 'aggressive advertising'.”

        It's also called Google.

  2. Anonymous Coward
    Anonymous Coward

    But his graph includes malware.

  3. Allan George Dyer

    So if 'aggressive advertising' means grabbing all your SMS or grabbing all your installed apps to send off your device, then 'aggressive retail' means armed robbery?

    1. Grikath
      Devil

      agressive retail

      No that'd be when they sell you stuff at gunpoint.

      I think you mean "proactive coercive asset redistribution" there.

    2. DNTP

      I don't like to think of it as me stealing things, in the much better scenario I've been reverse-robbed. In that sense, am I not the victim and therefore entitled to justice and renumeration?

  4. Mark 85

    So what does Google call their activities?

    I see some "we do it, it's ok; someone else does it, it's bad" things here.

    1. This post has been deleted by its author

  5. Anonymous Coward
    Anonymous Coward

    Clearly

    Adrian Ludwig was educated on an Apple Computer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Clearly

      How can you tell? Really?

  6. Robert Helpmann??
    Childcatcher

    When we say it, we mean...

    Google's collective ego has grown large enough that it is warping space around it. This ought to go in the Bootnotes section or wherever El Reg is dumping its more tongue-in-cheek articles these days, not because of the reporting, but because I cannot imagine how anyone could get those things out with a straight face.

    For example: "There is so much structure and connotation around the word malware that internally we don't use that word...That malware is increasing and most devices aren't protected is a myth.” Obviously, if there is no such thing as malware, it couldn't very well be on the rise, could it? Someone should have dumped a box of phones with older versions of Android on them and asked him to update the lot. A missed opportunity, to be sure, but perhaps it could be used in an encore presentation of this comedic performance.

  7. Anonymous Coward
    Anonymous Coward

    Delusional

    they are burying their heads in the sand and going 'la la la' Shows how much they care about their users. Google are happy because Android allows them to harvest and sell their users data, they do not appear to care one bit about criminals using their technology to exploit their customers.

    1. I ain't Spartacus Gold badge

      Re: Delusional

      I think Google really are Microsoft, circa late 1990s. They've got the same lax attitudes to security, although much less excuse given how the last 20 years of computer history. And they've got the same arrogance, as the money rolls in and it looks like there's endless growth over the horizon still to do. Plus they've got the same attitude to leveraging their monopolies into growth in other areas - and seemingly (from their dealings with the EU) the same contempt for government regulation.

      There's also the new factor of the vast quantities of data they hoover up, and how public and regulatory attitudes are evolving towards it.

      But the big question that's yet to be answered is this. Do they have the same attitude to writing everything down that MS had? IBM fought off the anti-trust charges for years/decades. I guess you're less likely to put things in witing in paper memos, than to dash off an email. Whereas MS's email archives were a smoking gun, that meant they went down in the matter of a few years. The lawyers couldn't save them. I wonder if Google have learned from that? Or if they don't see themselvesa as doing anything wrong, so write stuff down anyway?

      It'll be interesting to see their future. MS are a mostly reformed company now (or their monopoly gives them less power anyway). But their reputation is nowhere near recovering from the twin damage of the PC security nightmare of early XP and looking rapacious and evil. Vista didn't exactly help...

      1. Anonymous Coward
        Anonymous Coward

        Re: Delusional

        MS are a mostly reformed company now (or their monopoly gives them less power anyway)

        Hmm, let's just say I reserve that judgement for now. I've dealt with MS since MS-DOS 2.00. Given what I have seen and what I have experienced myself I'm a couple of years away from investing any trust in this organisation. Leopard, spots etc..

      2. Mark 85

        Re: Delusional

        They may be very well writing it down and emailing it. This article scratches the surface on how they are changing words and concept definitions to their own ends. This, given the nature of US law and lawyers, will change the landscape if they can pull it off. So, maybe they have learned something. It's like calling a Ponzi Scheme a "wonderful investment opportunity". We know what it is. They know what it is. The lawyers will fight it out.

  8. Evil Auditor Silver badge
    FAIL

    Malware

    It's bloody simple, isn't it? Malware is software on my device that does something without my (implicit or explicit) consent.

    Google is probably trying to pull the users up their own reality distortion hole. Problem is, not many will care...

  9. Anonymous Coward
    Anonymous Coward

    But, Android IS commercial_spyware... shouldn't that line be at 100%?

  10. Anonymous Coward
    Anonymous Coward

    Google Newspeak, double plus good.

  11. Anonymous Coward
    Anonymous Coward

    Semantic arguments are the realm of the back-pedalling politicians.

    1. Anonymous Coward
      Anonymous Coward

      Semantic arguments are the realm of the back-pedalling politicians.

      Maybe someone is practising to enter the Presidential race? They're arrogant enough for it, and it's not like they can't afford it. The resulting polarised search results would naturally be pure coincidence..

  12. RyokuMas
    Facepalm

    Who's next? What's next?

    Well, if I wasn't convinced already, I think this would do the trick: Google is determined to walk the same path as Microsoft did about 25 years ago - unfortunately, now we live in the age of widespread public internet availability, the stakes are much higher.

    So I guess the big questions are: "Who's the next big thing going to come from, and what will it be?"

    Let's hope - against all odds - that they're less evil than Google have turned out.

  13. Anonymous Coward
    Anonymous Coward

    "around the word malware that internally we don't use that word"

    "Because nobody understands if we are talking about our own Google software, or someone else..."

  14. Mikel

    Dispelling myths

    So much for the oft-repeated trope that Windows is a festering cesspool of malware because it is the most popular. Windows is clearly not the most popular any more, but it remains a spectacle of software abuse beyond compare.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dispelling myths

      a spectacle of software abuse beyond compare

      Umm, no, it takes a lot of work but you can get Windows to behave. Well, for a while anyway.

      If you want software that matches your description I'd vote for most Adobe products, but they have as upside that you never actually agree to their T&Cs - the convoluted way they present them makes them eligible for the unfair contract terms provision on account that you have to go on a discovery tour to find the one that actually relates to the product you're installing.

  15. Fungus Bob

    Those aren't hemorrhoids!

    They're piles!

  16. Anonymous Coward
    Anonymous Coward

    av companies have dubious motives

    Whilst every week there's another "story" about android malware, most of those stories emanate from companies that sell av products. I've had a dim view of them since one that approached me for investment offered to demonstrate how their av product picked up viruses the others missed. He wanted to install a virus on my PC to show me. When I asked where he got the virus the others could not detect he (eventually) admitted to having had it written for the purpose of showing how the others were flawed.

    1. Phil Koenig

      Re: av companies have dubious motives

      Oh, well that anecdote proves it then, all A/V companies must be frauds. [rolleyes]

      As for Google, clearly their talking-heads read Orwell - too bad they somehow took the wrong message from him tho.

  17. razorfishsl

    It is like 'Porn' we all know it when we see it, and there are many subcategories.

    But pornographers like to have it classified differently so that can use legal loopholes, a bit like google.

    We all know they are upto the same shit, but now they can re-classify their shenanigans as something else.

  18. oneeye

    gee,that Ludwig is a real piece of work!

    Hi all,

    Google has to downplay the infection rates and the language because of the push on enterprise. And Apple had more things patched in their last update than Android has in the same period. Seems all the big players are being deliberately obtuse!

    Now,I just read a very long thread at Malwarebytes about Android users with RANSOMWARE on their phones. The thread was only a few months or weeks old. I know it was fairly recent. And in an interview with Android Central,Ludwig said similar things when discussing the webview problem,which millions still have. HTC did a pretty good job of patching my Evo 4g lte. They fixed the four masterkey vulns,fake id,Heartbleed, and updated some apps. I do use Firefox and Chrome which are safe from Freak attack. And I am pretty sure that HTC fixed the Webview (one of them) problem if the test online is to be believed. But any Browsers that run on webview are screwed For Freak Attack. Oh ya,don't forget the research by Palo Alto network's,and the App highjacking malware vulnerability. With other vulns this one is probably the worst of them all.

    So as a consequence,I am one of those with multiple security apps. I use Avast,because its free,and has a ton of other useful features. Very easy on the battery,and I think it actually helps manage battery usage. Because of their battery saver app,I think they incorporated some code.

    Next up, OS Monitor ,which shows me app cpu usage, app connections with ip address' , and geolocates them. And other things like battery,charging,temperatures of phone. IPV 4 & 6 connections,and a log at the end of features.

    Thirdly, Lostnet NO-ROOT firewall. This one is great,because it give you lots of control. $.99 Pro version does packet capture,and analysis at Cloudshark.com

    It uses the native VPN to to filter all connections. No external servers involved. Also,least amount of permissions in its class,which is very small group right now.

    And the fourth is Nowsecure app. El Reg wrote about them recently during the RSA Conference. This one tells me what apps are connecting to,like countries,and organizations. Tells you which apps and their connections are secure or not. Unfortunately,Avast is connecting over insecure http about 10%-15% of the time. For the most part,my phone is connecting over https about 86% globally.

    And last but not least, Google's own security checks,which dutifully tells me ,or warns me that downloading apps like Disconnect Me,and Adgaurd will damage my device ;-)

    And finally,I have uninstalled almost every app with a banner,except for apps that were preloaded. I have everything backed up,thanks to Commanders file manager. I used to have ES file Explorer,but there were too many bad things I found out about it,namely,it connects to Baidu for analytics,and over http no less. I always used two factor sign ins when offered. And practice safe browsing,never click links in Gmail,or elsewhere unless trusted. You get the idea, I don't trust Google or Android to keep me safe.

  19. Anonymous Coward
    Anonymous Coward

    Douglas Adams called it ....

    Reading that, I was immediately reminded of this snippet from the HHGTTG radio series:

    "This problem taxed the minds, first of the cloning engineers, then of the priests, then of the letters page of ’The Sidereal Record Straigtener’, and finally of the lawyers, who experimented vainly with ways of redefining murder, re-evaluating it, and in the end, even respelling it, in the hope that no one would notice."

    It would appear that The Chocolate Factory has it's collective head wedged thoroughly up it's collective arse.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like