Steer clear of Android Market and its DRM

Google recently made headlines after they identified some malware being distributed through the Android Market. Not only did they stop distributing those apps, but they used their “remote kill switch” to remove the apps from phones where they were already downloaded. This is a kind of Digital Restrictions Management (DRM) that all computer users should avoid.

In this case, the DRM is being used to prevent developers from breaking phones’ security and collecting personal information without authorization. Those are laudable ends, but they don’t justify the means: anyone using the Android Market gives Google the power to remove software from their phones, and Google expressly reserves the right to do so whenever an app violates the Market’s policies. The same functionality is present in Apple’s iPhone and the Amazon Kindle. It’s just as bad here.

This is just one problem that stems from the sad fact that the Android Market is proprietary software. While most of the core Android operating system is free software, many popular apps like Google Maps and Android Market that are included with most Android phones are proprietary. People who want to use an Android phone but avoid these handcuffs need to take extra care to avoid these apps. Fortunately, unlike the iPhone or Kindle, users can install apps like F-Droid, which make it easy to install and update more free software on those phones.

Some people have asked us whether the Market’s DRM makes it impossible to distribute GPLed software through the App Store. It’s an understandable question, since restrictions in other mobile app stores have clashed with the GPL’s terms before. These terms do hurt users’ freedom, but they don’t create a conflict with the GPL specifically. The relevant term in the Android Market Terms of Service is 2.4; it says:

From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion.

When we evaluate whether a particular term creates a “further restriction” that could potentially violate the GPL, we’re checking to see whether it restricts the user from exercising a right granted in the GPL. This usually happens one of two ways: either the activity is prohibited outright (e.g., a term says “You may not distribute the software”), or the term places conditions on that activity that don’t exist in the GPL (e.g., a term says “You must pay us a fee when you distribute the software”).

This specific term does neither of those things. The GPL does grant users the right to run and use the software, but this term does not legally, directly restrict that right. Once you have a copy of the software, you can run it wherever you’re able. You’ll even be able to run it on a phone where it was previously banned, if you remove the Android Market first. The term gives Google some control of your phone specifically, but it doesn’t limit your right to use the software generally.

To reiterate: that surrender of control still hurts users. It just does not constitute a “further restriction” under the GPL’s terms. We encourage everyone to avoid using the Android Market because of this. If you’re distributing GPLed software for Android, make sure users can get it outside the Market—either through your own web site, or through repositories like F-Droid.

This article was originally published on Free Software Foundation.

Related Posts

FTC’s New Privacy Report Endorses “Do Not Track” Mechanism to Empower On... This morning, the Federal Trade Commission released its long-anticipated privacy report. The report is the final result of a series of FTC privacy ro...
EU laws already protect the open Internet: let’s enforce them now to stop the rise o... There’s a sign in a street near the Skype office which reads: I can’t understand why people are afraid of new ideas. I’m frightened of the old ones. ...
EFF Brief: “Privacy” Protections for Corporations Undermines Government Transp... EFF and a coalition of public interest groups urged the U.S. Supreme Court in an amicus brief Tuesday to reject so-called "privacy" protections for co...
Be Confident Storing Information in the Cloud Over the past few years, information explosion has inhibited organizations’ ability to effectively secure, manage and recover data. This complexity is...
Android Malware DroidDream: How it Works Yesterday, Google pulled more than 50 apps from the Android Market after they were found to contain the Android malware dubbed DroidDream. Similar to...
How does your package manager handle orphaned packages? The last time I followed a distribution's suggestion to remove some packages that were no longer needed, I completely hosed the system. Could not use ...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).


  1. SixDegrees

    Nothing stifles creativity and advancement in the software industry quite as effectively as the FSF. If it weren’t for Dick Stallman, Linux would control a significant chunk of market share by now. Thanks to the GPL’s every increasing stranglehold on market freedom, though, we’re stuck with a widely ignored backwater in the OS world.

Leave a Comment

Your email address will not be published. Required fields are marked *