
Google admits changing phone settings remotely - wil_I_am_27
https://www.bbc.com/news/technology-45546276
======
el_duderino
Previous discussion from a few days ago:
[https://news.ycombinator.com/item?id=17984576](https://news.ycombinator.com/item?id=17984576)

------
sorenjan
It feels arrogant by Google to take the liberty to even add the possibility to
changes customer's settings remotely without them having a say in it. It's
like the forgot who's phones they are. My guess is that they're so used to A/B
testing on their web sites that they think the same is OK on peoples personal
devices just because Google makes the software that runs on them too.

~~~
clubm8
> _It feels arrogant by Google to take the liberty to even add the possibility
> to changes customer 's settings remotely without them having a say in it._

I think the issue is a lack of informed consent. Some of the commenters seem
to think this isn't a "big deal", since the changes were relatively minor and
made to benefit the user.

Let's draw from the real world: even if you have zero STDs, and use a condom,
it is a _serious_ crime to have sex with someone while they're asleep -
because they couldn't give _consent_.

It deeply troubles me that I keep seeing this mentality that there must be
"harm" for something like this to be a problem.

I saw similar logic used in the article on Google using "anonymized" credit
card data - that people's feelings about the matter are invalid, since there's
no harm if the data is anonymized.

Frankly, the word that comes to mind when I read these articles is not
arrogance - it's _entitlement_. Google feels _entitled_ to do as it pleases,
because it feeds it knows better than you.

~~~
ggggtez
I don't think comparing a software update to _rape_ is buying you any points
here.

~~~
chrisdsaldivar
I've seen some analogies on here that were reaching but this one really threw
me.

------
TwoNineA
What's next? Change location settings remotely so that they can siphon more
data?

Who the hell at Google tought that playing with phone settings remotely was a
good idea?

~~~
aneutron
It can have legitimate use cases, for example administrating a large fleet of
Android phones in a corporation. But I have to agree that mobilizing such
machinery against typical non-enterprise users is stupid. In some countries
that could make them vulnerable to huge lawsuits

~~~
reaperducer
_In some countries that could make them vulnerable to huge lawsuits_

In some countries it could be leveraged to put government-sponsored spyware on
everyone's phones.

And by "some" I mean "all."

------
rauhl
The key insight here is that _this should not even be possible_. Yes,
corporate-owned phones need to be administered remotely. Yes, Google needs to
be able to perform internal testing (this is in fact just an example of
corporate ownership). Sure, maybe some individuals want to opt in to something
like this. But the key is that this should be _opt-in_.

It should simply be impossible for Google to do anything pernicious to a
newly-purchased Android phone: it should not be able to write settings, nor
should it be able to read any data.

~~~
daveFNbuck
They're able to push a new OS. How can they do that without being able to
change your settings?

~~~
rauhl
They _shouldn’t_ be able to push a new operating system onto _my_ phone. They
can let me know that a new version is avilable for me to download, when I see
fit. It’s my phone, after all!

~~~
daveFNbuck
How could they make it impossible to change your settings using the permission
you've granted to install the new OS?

------
LinuxBender
This has been possible since at least the mid 90's. We used to update the
firmware over the air. We could change any settings on the phone, but would
only do so when required to keep the phone operational. Anything beyond that
risked customer support calls and bricked phones. And yes, we sometimes
bricked phones. We even had the ability to brick phones intentionally, if
stolen, but that feature was never used by customer support for fear of
bricking the wrong phones. Some years later I was at a company that could
rewrite any part of your phones OS over the air. They did some fairly clever
things that were barely documented by the vendors. I can only imagine what is
possible today.

------
throw2016
Fearmongering and FUD on security by short sighted and self serving technical
folks on forums like this has got us to the point where backdoors and remote
execution by 'trusted parties' are the norm while users root access to their
own device is demonized as a security hole.

These are folks who are constantly 'empowering' themselves at the cost of
others so getting root on your own phone is now thought of some sort of great
security hole and some apps will detect it and refuse to work. This is the
future of software freedom courtesy ex freedom and liberty poseurs and now
greedy out of control tinpots.

~~~
lima
All of Google's own devices have an unlockable bootloader and you're free to
install your own operating system (both on smartphones and chromebooks).

That being said, rooting _is_ a security hole - the PIN lock on most rooted
phones can be trivially bypassed, and an application running as root can
persistently and invisibly compromise the system (and bypass safeguards on
things like Android Pay).

The only non-Google Android fork which does not trivially compromise device
security was Copperhead OS (now defunct) - they would ship devices with a
locked bootloader and sign their updates, achieving a similar level of
security (assuming a secure build system).

------
toast0
That this only happened on the newest operating system is going to negatively
influence acceptance of upgrades, for the slim number of users who actually
have a choice. I didn't upgrade so I could have my messages delayed, thanks.

------
Alterlife
The fact that this is even possible on a private device should be shocking,
yet I don't even feel surprise.

~~~
Someone1234
Any piece of software that receives updates can have its settings changed.
Automatic updates worsen that. Almost all major companies have done so in the
past, some of it justified, some less so.

------
dredmorbius
Which means:

1\. Google have this capability.

2\. They have exercised it.

3\. Whatever internal controls exist to check this don't exist, failed, or
explicitly permitted this action. None of the three options, for a single
locus of control to something on the order of 3-4 billion user devices or
accounts (net of Android + Gmail accounts) is particularly heartening.

4\. The primary channel of communication is ... a Reddit account?

Someone is terrifyingly asleep at the wheel.

Competency? Trust? Goodwill? This is how you lose it.

This is how organisational decline starts. It tends to proceed slowly, at
first, then all at once. Shades of Hemmingway.

------
gwbas1c
Honestly, when I saw that battery saver was on, I thought I turned it on by
accident.

A lot of the responses here are overreactions. This appears to be a defect,
not something nefarious. Part of software development is altering default
settings. Another part of software development is periodic updates. Mistakes
like this will happen. Get over it.

------
romed
Every time Ubuntu updates some package (that I haven't figured out) it blows
away my CPU governor settings. But I guess there won't be a lot of press
articles about this.

~~~
butz
Maybe you are changing wrong config file? Most software has a default config
that is overwritten with updates, but allows you to add custom config in
separate files.

------
lern_too_spel
It looks like they meant to change a default setting, which users expect, but
instead overrode settings, which should only be used to fix bugs.

------
mauliknshah
Has anyone found the app permissions being reset for many apps abruptly? I
just faced it!

------
onepremise
Remote wipe your phone if it gets stolen?

~~~
yjftsjthsd-h
User-initiated. Totally different.

------
test0014232874
WTF GOOGLE YOU SHOULD NOT BE ABLE TO DO THAT

------
jrockway
I don't really see the problem here. You tweak settings and collect data so
you can pick better defaults in the future. Why wouldn't you do this?

I worry that users imagine software to be static, complete, and never in need
of change... and the world just doesn't work that way. Software is in a
constant state of "works just well enough to maybe deploy". Experimentation
and refinement are always necessary.

I don't see outrage when Microsoft updates Windows and it starts deleting
malware from your system. What's the difference?

~~~
ardy42
> I don't really see the problem here. You tweak settings and collect data so
> you can pick better defaults in the future. Why wouldn't you do this?

The problem, is that they didn't seem to ask for consent or have been upfront
that they had implemented this kind of remote control capability. The user's
phone is the _user 's phone_, not Google's; so the user needs to have ultimate
control (and Google needs to respect that).

~~~
jrockway
But I mean, they write the software on it. Something is going to change every
release.

People seem mad that it was a configuration change and not a change in the
image that is installed on the device, but I don't see the difference.

~~~
394549
> People seem mad that it was a configuration change and not a change in the
> image that is installed on the device, but I don't see the difference.

Think of it this way: you need a _backdoor_ to push remote config changes the
way Google did.

Sure, Apple, Google, Microsoft, etc. have the ability to run arbitrary code on
your machine through updates, but they'd be _abusing the trust placed in them_
to even install a backdoor, let alone _use it_.

~~~
jrockway
That's interesting.

I see an update server as one that says to your phone "copy these bytes into
flash and reboot" and a configuration server as "copy these bytes into flash
and restart service X".

Your phone is constantly communicating with servers that attempt to change the
running software; a configuration change is just faster than upgrading the
entire image.

~~~
394549
I think the big difference is that one can potentially be far more targeted
than the other. Sort of the difference between publishing an update package to
a software repository and SSH'ing into my computer and running commands (or
having my computer periodically pinging a server asking for commands to run).

Though I think there are also issues with silently using a software update to
change settings that some user may have set differently in the past to a
different value (assuming the value the user used wasn't removed or had its
meaning changed). If the developer really things the user would be better off
changing the setting, the should prompt the user to explain the reasoning and
ask for consent.

