Commentary

Steer clear of Android Market and its DRM

Google recently made headlines after they identified some malware being distributed through the Android Market. Not only did they stop distributing those apps, but they used their “remote kill switch” to remove the apps from phones where they were already downloaded. This is a kind of Digital Restrictions Management (DRM) that all computer users should avoid.

In this case, the DRM is being used to prevent developers from breaking phones’ security and collecting personal information without authorization. Those are laudable ends, but they don’t justify the means: anyone using the Android Market gives Google the power to remove software from their phones, and Google expressly reserves the right to do so whenever an app violates the Market’s policies. The same functionality is present in Apple’s iPhone and the Amazon Kindle. It’s just as bad here.

This is just one problem that stems from the sad fact that the Android Market is proprietary software. While most of the core Android operating system is free software, many popular apps like Google Maps and Android Market that are included with most Android phones are proprietary. People who want to use an Android phone but avoid these handcuffs need to take extra care to avoid these apps. Fortunately, unlike the iPhone or Kindle, users can install apps like F-Droid, which make it easy to install and update more free software on those phones.

Some people have asked us whether the Market’s DRM makes it impossible to distribute GPLed software through the App Store. It’s an understandable question, since restrictions in other mobile app stores have clashed with the GPL’s terms before. These terms do hurt users’ freedom, but they don’t create a conflict with the GPL specifically. The relevant term in the Android Market Terms of Service is 2.4; it says:

From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion.

When we evaluate whether a particular term creates a “further restriction” that could potentially violate the GPL, we’re checking to see whether it restricts the user from exercising a right granted in the GPL. This usually happens one of two ways: either the activity is prohibited outright (e.g., a term says “You may not distribute the software”), or the term places conditions on that activity that don’t exist in the GPL (e.g., a term says “You must pay us a fee when you distribute the software”).

This specific term does neither of those things. The GPL does grant users the right to run and use the software, but this term does not legally, directly restrict that right. Once you have a copy of the software, you can run it wherever you’re able. You’ll even be able to run it on a phone where it was previously banned, if you remove the Android Market first. The term gives Google some control of your phone specifically, but it doesn’t limit your right to use the software generally.

To reiterate: that surrender of control still hurts users. It just does not constitute a “further restriction” under the GPL’s terms. We encourage everyone to avoid using the Android Market because of this. If you’re distributing GPLed software for Android, make sure users can get it outside the Market—either through your own web site, or through repositories like F-Droid.

This article was originally published on Free Software Foundation.

Related Posts

The Open Source trials: hanging in the legal balance of copyright and copyleft For those meddling in open source software affairs, compliance with licenses is a very hot topic. In the last 2 years we have witnessed the licensing ...
Google’s Lack of Transparency and Openness in the Android Market Will Hurt More Than... The vast open landscape for users, developers, and industry that Google announced with the release of Android has been growing narrower and more opaqu...
Animation in Honeycomb One of the new features ushered in with the Honeycomb release is a new animation system, a set of APIs in a whole new package (android.animation) that...
The Next Net The moment the "net neutrality" debate began was the moment the net neutrality debate was lost. For once the fate of a network - its fairness, its ru...
EFF’s Guide to Protecting Electronic Devices and Data at the U.S. Border Amid recent reports that security researchers have experienced difficulties at the United States border after traveling abroad, we realized that it's ...
The MeeGo Progress Report: A+ or D-? The end of October saw the release of MeeGo 1.1, the second major milestone release of the platform since it burst onto the scenes in February 2010. T...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


2 Comments

  1. SixDegrees

    Nothing stifles creativity and advancement in the software industry quite as effectively as the FSF. If it weren’t for Dick Stallman, Linux would control a significant chunk of market share by now. Thanks to the GPL’s every increasing stranglehold on market freedom, though, we’re stuck with a widely ignored backwater in the OS world.

Leave a Comment

Your email address will not be published. Required fields are marked *

*