Steer clear of Android Market and its DRM

Google recently made headlines after they identified some malware being distributed through the Android Market. Not only did they stop distributing those apps, but they used their “remote kill switch” to remove the apps from phones where they were already downloaded. This is a kind of Digital Restrictions Management (DRM) that all computer users should avoid.

In this case, the DRM is being used to prevent developers from breaking phones’ security and collecting personal information without authorization. Those are laudable ends, but they don’t justify the means: anyone using the Android Market gives Google the power to remove software from their phones, and Google expressly reserves the right to do so whenever an app violates the Market’s policies. The same functionality is present in Apple’s iPhone and the Amazon Kindle. It’s just as bad here.

This is just one problem that stems from the sad fact that the Android Market is proprietary software. While most of the core Android operating system is free software, many popular apps like Google Maps and Android Market that are included with most Android phones are proprietary. People who want to use an Android phone but avoid these handcuffs need to take extra care to avoid these apps. Fortunately, unlike the iPhone or Kindle, users can install apps like F-Droid, which make it easy to install and update more free software on those phones.

Some people have asked us whether the Market’s DRM makes it impossible to distribute GPLed software through the App Store. It’s an understandable question, since restrictions in other mobile app stores have clashed with the GPL’s terms before. These terms do hurt users’ freedom, but they don’t create a conflict with the GPL specifically. The relevant term in the Android Market Terms of Service is 2.4; it says:

From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion.

When we evaluate whether a particular term creates a “further restriction” that could potentially violate the GPL, we’re checking to see whether it restricts the user from exercising a right granted in the GPL. This usually happens one of two ways: either the activity is prohibited outright (e.g., a term says “You may not distribute the software”), or the term places conditions on that activity that don’t exist in the GPL (e.g., a term says “You must pay us a fee when you distribute the software”).

This specific term does neither of those things. The GPL does grant users the right to run and use the software, but this term does not legally, directly restrict that right. Once you have a copy of the software, you can run it wherever you’re able. You’ll even be able to run it on a phone where it was previously banned, if you remove the Android Market first. The term gives Google some control of your phone specifically, but it doesn’t limit your right to use the software generally.

To reiterate: that surrender of control still hurts users. It just does not constitute a “further restriction” under the GPL’s terms. We encourage everyone to avoid using the Android Market because of this. If you’re distributing GPLed software for Android, make sure users can get it outside the Market—either through your own web site, or through repositories like F-Droid.

This article was originally published on Free Software Foundation.

Related Posts

U.S. Government Seizes 82 Websites: A Glimpse at the Draconian Future of Copyright Enforce... Over the past few days, the U.S. Justice Department, the Department of Homeland Security and nine U.S. Attorneys’ Offices seized 82 domain names of ...
Protect the API Keys to your Cloud Kingdom API keys to become first class citizens of security policies, just like SSL keys Much lip service is paid to protecting information in the Cloud, b...
Copyright Is Like QWERTY: Locked-In and Retrospective The term ‘path dependence’ is generally used to describe the development of technological standards and how they ‘lock in’ a given technical solution....
Egyptian Actions Highlight Dangers in U.S. Cybersecurity Proposals The Egyptian regime's shutdown of the Internet in an attempt to preserve its political power highlights the dangers of any government having unchecked...
Why I will not buy Google’s Cr-48 Chrome Notebook The Cr-48 is Google's cloud-based notebook computer. It was announced just this week, and is being made available to a select few. In computer-speak, ...
Common Sense and Security: Body Scanners, Accountability, and $2.4 Billion Worth of Securi... The Transportation Security Administration is feeling public heat these days over its combination of whole-body-image scanners and heavy-handed pat-do...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


2 Comments

  1. SixDegrees

    Nothing stifles creativity and advancement in the software industry quite as effectively as the FSF. If it weren’t for Dick Stallman, Linux would control a significant chunk of market share by now. Thanks to the GPL’s every increasing stranglehold on market freedom, though, we’re stuck with a widely ignored backwater in the OS world.

Leave a Comment

Your email address will not be published. Required fields are marked *

*