After uncovering a ferocious horde of hidden spyware in official Android apps the Yale Privacy Lab and Exodus have pitched in with F-Droid's app store that only allows apps that include their source-code and whose licenses require anyone who modifies them to also include the source.
They argue that the proliferation of spyware in Android stems from the project's "original sin": a directive to create an alternative Linux ecosystem that eliminated the "GNU" part of "GNU/Linux": that is, the part of the licensing regime that required programmers who modified open projects to make their projects open, too. In so doing, Google created a constellation of apps and tools that can be trojanized without violating the software license and without any way to audit the modifications and spot the malicious code.
Google’s choice to limit copyleft’s presence in Android, its disdain for reciprocal licenses, and its begrudging use of copyleft only when it “made sense to do so” are just symptoms of a deeper problem. In an environment without sufficient transparency, malware and trackers can thrive.
Android’s privacy and security woes are amplified by cellphone companies and hardware vendors, which bolt on dodgy Android apps and hardware drivers. Sure, most of Android is still open-source, but the door is wide open to all manners of software trickery you won’t find in an operating system like Debian GNU/Linux, which goes to great length to audit its software packages and protect user security.
Android Users: To Avoid Malware, Try the F-Droid App Store [Sean O'Brien and Michael Kwet/Wired]
Last October, Bloomberg published what seemed to be the tech story of the year: a claim that Supermicro, the leading supplier of servers to clients from the Pentagon and Congress to Amazon, Apple and NASA, had been targeted by Chinese spies who'd inserted devastating, virtually undetectable hardware backdoors into their motherboards by subverting a small […]
In 2015, Mozilla announced that it would turn Thunderbird -- one of the last freestanding, cross-platform email clients -- into a freestanding, independent project, and in 2017, Thunderbird became a community-overseen project with institutional backing from Moz.
After watching a CCC presentation that claimed that the MQA audiophile format has "stealth DRM," I decided to investigate, and I'm pretty sure MQA is not DRM.
For the newbie, Python can seem like the most intimidating programming language. After all, it can be used to create everything from simple apps to vast networks of web crawlers. But there are fundamental principles that underlie all the uses of this versatile platform, and you can absorb them all with the Python Master Class […]
Building a website on WordPress has always been easy. But if you really want to make your website stand out from the growing crowd, you’re going to need some help. For our money, a subscription to Storeshock WordPress Themes & Elements does the trick almost as well as having a pro designer by your side […]
These days, there isn’t much our iPhone camera can’t do – except feel like an actual phone. Despite years of steadily increasing resolution and image sensing technology, we’re still taking shots awkwardly with two hands, fumbling for the shutter button. Leave it to an avid photographer to design Shuttercase, a versatile iPhone case that solves […]