
Spyware backdoor prompts Google to pull 500 apps with 100m downloads - dvdhnt
https://arstechnica.com/information-technology/2017/08/500-google-play-apps-with-100-million-downloads-had-spyware-backdoor/
======
PhantomGremlin
Of course all this spyware is evil and wrong.

But let's look at what the spyware does:

 _makes it easier for apps to connect to ad networks and deliver ads that are
targeted to the specific interests of end users_

...

 _The most serious spyware installed on phones were packages that stole call
histories, including the time a call was made, the number that placed the
call, and whether the call went through. Other stolen data included GPS
locations, lists of nearby Wi-Fi networks, and lists of installed apps._

How is any of that distinguishable from what Google/Android does routinely?
The only difference is that some people trust Google and/or their phone
manufacturer with this. We don't "trust" spyware.

~~~
lern_too_spel
Informed consent. The difference is a privacy policy that says they're doing
it.

Users volunteer their call history to Google Voice to get call forwarding and
visual voicemail. Users volunteer their GPS data to get crowd-sourced traffic
information.

~~~
PhantomGremlin
I want to quibble with "informed consent", which many people use to describe
this situation.

Yes, there is a privacy policy, and companies like Apple and Google take that
policy seriously.

But, question 100 random iOS or Android users and ask them if they use Apple
Maps or Google Maps. Many/most will say "yes". Then ask them if they realize
that their phone is uploading their GPS location in real time to Apple or
Google, and probably 90% will say "no".

So I don't think there is "informed consent" for most consumers. It's more
like "this works, I love it, I don't want to know how it works". Google and
Apple make an attempt at informing people by having them click on various
agreements that nobody reads, but I'd call the result of that more
"indifference" than "informed consent". When is the last time you ever read
any of those things you clicked thru? For me it's probably been decades,
perhaps as far back as the 1980s.

Stuff like Google Voice is another thing entirely. It's not really a
mainstream product, it's more for geeks. The types of people who use it are
generally quite cool about giving Google their personal information.

------
DarkKomunalec
So no word on whether the spyware authors can be identified and if they'll be
prosecuted? Only teenage hackers can get in trouble?

------
hesselink
Does anyone have the list of affected apps? It doesn't seem to be in the
original blog post.

