After uncovering a ferocious horde of hidden spyware in official Android apps the Yale Privacy Lab and Exodus have pitched in with F-Droid's app store that only allows apps that include their source-code and whose licenses require anyone who modifies them to also include the source.
They argue that the proliferation of spyware in Android stems from the project's "original sin": a directive to create an alternative Linux ecosystem that eliminated the "GNU" part of "GNU/Linux": that is, the part of the licensing regime that required programmers who modified open projects to make their projects open, too. In so doing, Google created a constellation of apps and tools that can be trojanized without violating the software license and without any way to audit the modifications and spot the malicious code.
Google's choice to limit copyleft's presence in Android, its disdain for reciprocal licenses, and its begrudging use of copyleft only when it "made sense to do so" are just symptoms of a deeper problem. In an environment without sufficient transparency, malware and trackers can thrive.
Android's privacy and security woes are amplified by cellphone companies and hardware vendors, which bolt on dodgy Android apps and hardware drivers. Sure, most of Android is still open-source, but the door is wide open to all manners of software trickery you won't find in an operating system like Debian GNU/Linux, which goes to great length to audit its software packages and protect user security.
Android Users: To Avoid Malware, Try the F-Droid App Store [Sean O'Brien and Michael Kwet/Wired]