back to article Google scolded for depriving the poor of privacy as Chinese malware bundled on phones for hard-up Americans

On Wednesday, more than 50 advocacy groups accused Google of exploiting poor people by failing to police misbehaving Android apps on cheap phones. The advocacy groups, including the American Civil Liberties Union, Amnesty International, the Electronic Frontier Foundation, and Privacy International, to name a few, published an …

  1. GnuTzu Silver badge

    Google Executives Not Who They Used To Be

    We already know that the top executives are leaving behind the "don't be evil" mantra. I mean, have already left it behind.

    So, pre-installed apps that can't be uninstalled and have control over permissions isn't the real news. The real news is that they are overtly visible apps and not something hidden behind the scenes. So, now it's brazen evil.

  2. Dvon of Edzore

    Lawyers going for the Big Money as usual

    Yeah, don't go after the ones who actually manufactured the devices and chose to put the suspect software on them - go after the Big Company and claim Big Damages to enlarge your Big Law Office because Alphabet was dumb enough to release Android as Free/Open software that anyone can use for any purpose without paying the Apple tax. How very Prenda of you!

    1. IGotOut

      Re: Lawyers going for the Big Money as usual

      If these have Googles binary blobs on them, they are effectively endorsed Google.

    2. jelabarre59 Silver badge

      Re: Lawyers going for the Big Money as usual

      The problem is Google's crap design is making it difficult/impossible to remove unwanted apps, be they from Google or some other predatory vendor.

    3. joekhul

      Re: Lawyers going for the Big Money as usual

      Logic doesn't work on El Reg. Regards blame the caveman who 'discovered' fire for the burning of Australia. I.E. all sheeple that Bray at the Temple of Cook

  3. Jet Set Willy

    Not just cheap phones it seems...

    I just checked my (not cheap) Cosmo Communicator and it also seems to harbour the "Wireless Update":"PUP.Riskware.Autoins.Fota.fbcvd" application.

    Not sure what to make of this as I don't want to switch off updates.

    1. Psmo Bronze badge

      Re: Not just cheap phones it seems...

      That's shame, I was looking at that for my next device.

      Is there a chance it could be a false positive?

      1. Jet Set Willy

        Re: Not just cheap phones it seems...

        I don't think so. I'm pretty sure that the "Wireless Update" app specified was the one that popped up during the most recent (and first) Cosmo update.

        As an early Indiegogo backer I was one of the first to receive a Cosmo so I'm expecting many further updates to what is, essentially, a perpetual work-in-progress.

        Up until now, I've had no complaints.

    2. Mephistro Silver badge

      Re: Not just cheap phones it seems... (@ Jet Set Willy)

      One question. Did you acquire it through an ISP?

      Asking because ISPs often install their own not-uninstallable shit in the phones they sell/lease/whatever.

      Actually said shit usually looks worse than the malware described in the article!

      ;^)

  4. Crazy Operations Guy Silver badge

    I feel fortunate

    I feel fortunate that I have the skill set to replace the OS on my phones with something clean. But not everyone can do this, and it might not even be possible on some of the lower-end phones with their proprietary SoCs that require substantial proprietary knowledge to compile a kernel for.

    Google could easily fix it if they just required that phones shipping with their OS on them must allow for the user to remove everything. Google has the power here and yet they act like the victims. Phone manufacturers can't exactly move to anything else, Windows Phone is dead, and Apple sure as hell isn't going to allow their OS on anything they didn't make themselves. Yes, there are other OSes, but there is no way they can compete against the Google/Apple duopoly, unless they can figure out some way to convince app developers to also develop for their platform (And it would have to be a lot of them).

    1. IGotOut

      Re: I feel fortunate

      Yet again, Windows phone was the best of both,yet so many people slagged it off without ever even trying it.

      Mine came preloaded with a ton of carrier crap, all of which took seconds to uninstall.

      1. David 132 Silver badge
        Thumb Up

        Re: I feel fortunate

        You may be right about Windows phone as it was, and yes, I accept that it's pointless to speculate about what might have been.

        However, the proliferation of non-removeable crapware/shovelware on desktop Windows 10 ("Candy Crush Soda Saga", etc) shows that if Microsoft was against such stuff in the past, they've certainly overcome their moral scruples since then.

        1. Kientha

          Re: I feel fortunate

          Those apps aren't actually installed. They're just links to install in your start menu and you can most definitely remove them. It's only when you actually click on them that they are installed on your device. You can even remove them using group policy so that the user never even sees them! I'd rather they were not there at all but it's something completely different than what is happening with Android devices

        2. jelabarre59 Silver badge

          Re: I feel fortunate

          However, the proliferation of non-removeable crapware/shovelware on desktop Windows 10 ("Candy Crush Soda Saga", etc) shows that if Microsoft was against such stuff in the past, they've certainly overcome their moral scruples since then.

          Don't know how it is on the tablet, but it is possible to remove those completely. It does require a more technical mind to do it, but even with the hoops you have to jump through to de-crappify MSWin10 it can be done. As shit as MSWin10 is, you're still allowed more control over your OWN devices, while Google believes you should never be allowed to control devices you bought and paid for.

          1. David 132 Silver badge
            Facepalm

            Re: I feel fortunate

            Yeah, I mis-spoke when I said "non-removeable" - I should have said, "unwanted". I deserve every one of those down-votes.

            In mitigation, m'lud, my comment was typed whilst in the grip of a stinker of a cold... I was on a NyQuil (aka Night Nurse for you brits) bender and that can do terrible things to a man's cognitive powers!

            The crapware on desktop Windows 10 can most definitely be removed, though to be fair, some of them ARE actually installed, rather than just being links on the start menu. Mea culpa. (QUICK HONEY, COME SEE! SOMEONE ON THE INTERNET HAS ADMITTED THAT HE WAS WRONG!11!!)

        3. Mephistro Silver badge

          Re: I feel fortunate (@ David 132)

          "However, the proliferation of non-removeable crapware/shovelware on desktop Windows 10..."

          I have it in good authority that most of that crap (both links to the installers and pre installed programs) was put there by the PC manufacturers in exchange for some pocket change from cyberstalkers"Internet marketing companies".

          This is Hell. Acts that would have sent a person in for a decade or two cause companies to pay small fines that don't even cover the profit the company obtained from installing malware in their own clients devices, FFS!.

      2. Captain Scarlet Silver badge
        Stop

        Re: I feel fortunate

        Although I feel a need to say BB10 was better in every way, there is no point. We lost :'(

        We users of BB10 and Windows Phone didn't have enough fart or torch apps, although in Blackberry's case I can also add no model was reasonably priced (All of them were way overpriced). I still miss my personal Q10 and my work Windows Phone.

        1. kat_bg

          Re: I feel fortunate

          Hear, hear... I still miss my 9900 and my Nokia 1520 but this is life. We have lost but still have something to remember (actually I still have the Bold 9900 but the thing will not power up anymore)

          1. Mephistro Silver badge

            Re: I feel fortunate

            Ahhh... the 9900.

            Loved the snakes game.

            And there was no way of install a virus unless someone sneezed upon the phone. And you could also use it for 4 days of heavy use without recharging. Other uses included breaking open walnuts and using it as a blackjack,

            1. Mephistro Silver badge

              Re: I feel fortunate

              Please replace the first "of" in my comment with a "to", Thank you!

              [Blushes...]

    2. Dinanziame
      Alert

      Re: I feel fortunate

      Google has the power here and yet they act like the victims.

      I'd like to note here that Google got fined billions by the EU for wielding that very same power you want them to use now.

      Well, they used that power to force phone makers to preinstall Google apps like Chrome and YouTube and Google Maps, but the mechanism is the same. I'm not sure that "the ACLU made me do it" is a valid counter to EU regulations.

      1. Jimmy2Cows Silver badge

        Re: I feel fortunate

        Not sure what point you're trying to make. Can you elaborate?

        1. Richard Jones 1

          Re: I feel fortunate

          I suspect that he was hinting at the effects of the law of unintended consequences. I am not sure how accurately it applies in this case.

          The current hoo-ha might encourage a few not to get suckered into buying such phones, though if they are low-rent items, I am not sure what value, if any the makers were hoping to extract from their users. While I carry my mobile with me much of the time, mostly in the house, a string of medical visits and very rare shopping trips along with details of some short dog walks are unlikely to set anyone's world on fire. It is a lower cost item, from a known make, now nearly 4 years old. My use of it for the internet or email is somewhere below minimal and close to zero. I find it a too painful an experience. Perhaps I could muzzle the problems with suitable software, but there are easier ways for me to enjoy life than fighting with a mobile.

        2. Dinanziame
          Meh

          Re: I feel fortunate

          I meant that (in the EU at least) it is illegal for Google to lean on phone makers by abusing of its monopoly position. It doesn't matter why they do it. Laws don't stop applying when it is convenient.

          However, it would be very simple and legal for governments, whose job it is to protect users, to make it mandatory to let users remove any app they want.

          1. paulll

            Re: I feel fortunate

            How is making it easy(/possible) to uninstall software,"leaning on phone makers," ?

            1. Dinanziame

              Re: I feel fortunate

              How is making it easy(/possible) to uninstall software,"leaning on phone makers," ?

              Just so that it's clear: Google does not in fact control the software on Android phones. Phone makers take Android, which is open source, and modify it to do whatever they want, be it supporting their particular type of camera or preventing users from uninstalling their crap.

              If Google added modifications to make it easy to uninstall apps, phone makers could easily just remove these modifications. They can do whatever they want with the code they put on the phones they make, and Google cannot prevent them from doing it.

              What people want Google to do here is to threaten phone makers, telling them that if they prevent users from uninstalling apps, then Google will stop working with them, will not let them install Google Play Services, etc.

    3. jelabarre59 Silver badge

      Re: I feel fortunate

      Google could easily fix it if they just required that phones shipping with their OS on them must allow for the user to remove everything

      They wouldn't want that. You might remove a GOOGLE app.

    4. Charles 9 Silver badge

      Re: I feel fortunate

      "Google could easily fix it if they just required that phones shipping with their OS on them must allow for the user to remove everything."

      What about AOSP, which the Chinese happen to use on their Android phones and so on? Would some of the manufacturers be willing to take a chance if it reduced their obligations?

  5. martinusher Silver badge

    Google's at risk

    We forget that Google's business model is effectively to give away software that has built-in spyware on it. They call it 'analytics', its the data that allows companies that rent your screen space for advertising to make sure they're getting value for money. Because of this there's no real incentive to remove all this crapware -- its the business model. You could say that along with other companies -- Facebook, for example -- they need the customers a lot more than the customers need them.

    The current situation where Google is prevented by the US government from allowing its Andriod system to be shipped with new Chinese phones poses a threat to that company. Duplicating the user functionality of Google's software is straightforward and a combination of a clean room development of second generation software (i.e. one learning from design mistakes rather than having to live with them) and an environment that has hard wired analytics due to the prevailance of e-commerce in China has the potential to make Google irrelevant -- or at the very least severely dent its value.

    1. Teiwaz Silver badge

      Re: Google's at risk

      its the data that allows companies that rent your screen space for advertising to make sure they're getting value for money.

      more like "conned into thinking they are getting better value" - I've never seen advertising fed through these data gathering advertising 'giants' particularly more relevant than the anonymous kind.

      I think the claim is as spurious as much of advertising is outrageous claims on the flimsiest of evidence.

      1. dnicholas Bronze badge

        Re: Google's at risk

        VPN tunnel to an at home PiHole sorts most of that...

        The post Google future of having to buy a phone OS like Windows in order for the software maker to stay in business might just come true but it's probably worth it to take back a little privicy.

        1. MonkeyJuice

          Re: Google's at risk

          If it were regularly audited by 3rd parties to ensure compliance, I would actually pay a yearly fee.

          Or. Y'know. Just let me install fscking linux on the damn thing.

  6. Anonymous Coward
    Anonymous Coward

    Google, Facebook, et al

    A pox on your filthy spying houses.

  7. TsVk!

    Isn't Android open source?

    How would we stop people changing open source software and doing whatever the hell they like with it? Isn't that the point?

    I might be missing something here, but it seems like people want Google to change stuff that isn't under their scope of power.

    1. Dinanziame
      Alert

      Re: Isn't Android open source?

      If I understand correctly, they want Google to refuse to grace those phones with their apps, Google Play Services and the like, unless the phone makers accept letting users deinstall anything they want.

      In fact, it's (ab)using Google's monopoly on their highly sought-after Google Play Services to force phone makers to do something they don't want to do. It's essentially the same thing that Google got fined billions by the EU for... Except that this time, it's for the good of users. Maybe.

      1. Doctor Syntax Silver badge

        Re: Isn't Android open source?

        There is a big difference between Google using its monopoly power to favour its own products and using it for customer protection.

        1. Dinanziame

          Re: Isn't Android open source?

          Legally, I don't think it makes a difference. It would be way too easy for just anybody to claim that whatever it is they're doing is "for customer protection". In fact, it would certainly be in Google's interest to shut down phone makers' apps – they're practically all competing with Google's own products.

          If the consumers need protection, the natural solution is for governments to do it. Not giant corporations with ulterior motives.

          1. Charles 9 Silver badge

            Re: Isn't Android open source?

            But if you don't trust the government to get it right, either?

            1. Anonymous Coward
              Anonymous Coward

              Re: Isn't Android open source?

              Theoretically at least, you can vote politicians out of office.

              In some jurisdictions, like Switzerland, you can even propose new laws yourself and force the government to pass them.

              You can't do any of this with corporations.

              1. Charles 9 Silver badge

                Re: Isn't Android open source?

                Theoretically, you can also create a shareholder revolt to get a corporation's attention.

                Realistically, you can't do either for the same basic reason: all the real voting power's already locked up, so you're basically screwed either way.

                They say the worst words one can hear is, "We're from the government and we're here to help you." I replied what about, "We're from the corporation and we're here to help you."?

        2. This post has been deleted by its author

  8. the Jim bloke Silver badge

    But these are for POOR people!!

    You HAVE to keep a close eye on them, or they will do something criminal and frighten the horses !

  9. iron Silver badge

    > Malwarebytes said that Assurance Wireless by Virgin Mobile, supported by the US government's Lifeline Assistance program, distributes the... phone with two pre-installed apps that appear to be malicious.

    So why go after Google? Surely Virgin, Unimax (who?) and the US gov are more responsible for these phones since they actually make and distribute them.

    1. Kientha

      Google could refuse to allow Google Play Services to manufacturers that bundle this software with the phone in an unremovable way. The theory is that this would kill the market viability of these phones forcing them to change it and prevent other manufacturers doing the same thing in future. Just going after the manufacturer allows another one to start doing the same thing and then you're playing whackamole.

    2. ratfox Silver badge
      Trollface

      That's silly; the US government does not have the power to write regulations.

    3. Doctor Syntax Silver badge

      "Surely Virgin, Unimax (who?) and the US gov are more responsible for these phones since they actually make and distribute them."

      The US gov makes or distributes phones? Since when?

      OTOH I'd agree that the obvious line of attack would be those selling them, at least under European customer protection legislation. It's then up to the vendor to twist the arms of the makers.

      1. HellDeskJockey

        A Lifeline or "Obama phone" is a program to give low income people access to telecommunications. The rest of us pay a fee on our phone bills to provide this. If you are at or below 135% of poverty line you can get a discount on phone service. Google FCC Lifeline for details.

  10. msknight

    A lesson for chinese data grabbers

    It seems to me that we in the west are perfectly happy if our data is being slurped by our own guys. When it's the chinese, however, it goes to a different level.

    The lesson for china is simply to buy out a western company and everyone will be fine. Actually, they already seem to be doing that.

    As for who the lawyers go after, I can't see them going after the chinest agencies that actually wrote and installed the malware before the phones were shipped. Who else CAN they hit?

    1. Doctor Syntax Silver badge

      Re: A lesson for chinese data grabbers

      "It seems to me that we in the west are perfectly happy if our data is being slurped by our own guys."

      Speak for yourself.

      Personally I'm fed up with being told I'm happy with this, approve that, demand something else when they're all things with which I disagree.

      1. msknight

        Re: A lesson for chinese data grabbers

        "Speak for yourself."

        I'm speaking generally. As a species.

        Individuals like you and me, think the same.

  11. Anonymous Coward
    Anonymous Coward

    The problem is the Google Play Store ...

    and the fact that Google won't allow developers to push their apps thought any other channel so it's impossible to avoid.

    So much for the free market.

    1. Jimmy2Cows Silver badge
      Trollface

      Re: The problem is the Google Play Store ...

      Yeah it's a real pity side-channel installation isn't a thing...

      1. Anonymous Coward
        Anonymous Coward

        Re: Yeah it's a real pity side-channel installation isn't a thing...

        Except developers that allow side loading are at risk of being kicked off the PlayStore.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yeah it's a real pity side-channel installation isn't a thing...

          What are you talking about? Users can install whatever they want without going through the Play Store, including third party app stores.

  12. Mike 137 Bronze badge

    The bottom line

    The bottom line is you no longer really own anything - including your phone. The vendor or service provider graciously allows you to use it while you continue to fork out, and they reserve the right to tamper with it at will. Plus, they don't give a fetid dingo's goolies (thanks Douglas Adams) whether it even really works, let alone whether it poses a risk to you - as long as you keep forking out.

  13. chivo243 Silver badge
    Thumb Down

    Burner Phone

    I was on vacation in the States 3 years ago, and had to buy a burner phone, it had so much google crap installed. I had to login with a google account, and I made the mistake of using my primary gmail account, instead of on of my throw-away accounts. To this day I am seeing weird behavior in my calendar.

    Never again!

    1. MonkeyJuice

      Re: Burner Phone

      I think you fucked up how to 'burner phone' there, mate.

  14. Anonymous Coward
    Anonymous Coward

    For those of you that want to play along at home....

    For those of you that have a subscription to Virus Total's malware database I have uploaded several of the apps and modules that were installed on the phones without the users knowledge:

    com.concreteroom.thenorthpole-1.apk

    26333a6d48deddd3305c07b5ee00bb6e

    com.democratizing.casualness-1.apk

    82ecf170914d360992e230e0929fc0b8

    com.spidmes.peaus-1.apk

    fde7346273d4561b306828615412899d

    com.tesla.eo.xsdfa.apk

    3332c30b6e4823135c984c57e11512ef

    com.bird.aa01.apk

    3f9cb3284cfb560ea59f6a4d895ee0a5

    SystemFota.apk

    94f0226b794040cc3e3952614a569c61

    Gallery2.apk

    e7a6854e7bdd61207100bde3a9cc3f73

    Plays_com.android.eo.plays.apks

    432feebad71938963100e4571be0a6ed

    Some interesting facts:

    The Gallery app has encrypted modules hidden in the Assets folder as fake True Type fonts ("samsun.ttf" and "small.ttf")

    The com.tesla.eo.xsdfa.apk hides it's icon from the user's screen to avoid deletion by novice users and is designed to look like the "Clean Master" found on the Google Play Store and actually shares some of Clena Master's SDK's.

    This app also has several encrypted libs and modules in the Assets folder.

    All the apps use the factory installed Calendar app to avoid detection by waiting to decrypt any modules until after the user has had the phone for a while.

    Some of the apps didn't appear until after 4 weeks of use.

    The apps also look to see if the phone has been rooted by checking for common rooting signatures such as: ("com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.topjohnwu.magisk") and also executing the "su" command in the background.

    The apps also detect if they are on an emulator by checking how many processor cores are in use by running "cat /proc/cpuinfo" but is hidden from the system by using base64 encoding.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020