Skip to content
Naked Security Naked Security

Is Google’s Android app unbundling good for security?

If you live in the EU, turning on a new Android device after 29 October 2018 could look quite different...

Is Android about to change for better or worse?
If you live in the European Union (actually, the Europen Economic Area, which consists of the EU plus Norway, Iceland, and Liechtenstein), turning on a new Android device after 29 October 2018 could be less familiar than in the past.
Until now, almost all Android users have been greeted by Google’s own suite of 11 factory-installed apps that includes Gmail, Chrome, Maps, Search, and – most important of all to most users – Google Play. 
This happened because Google’s licensing compelled device makers to install apps such as Search and Chrome if they wanted to install Google’s well-stocked app repository, the Play Store.
In July 2018, the European Commission (EC) concluded this was a ploy to give Google Search a monopoly on Android, fined the company €4.34 billion ($5.1 billion) on anti-trust grounds.
Even though Google has appealed the latest ruling, which will likely wend its way through the courts for several years, the company nevertheless yesterday announced plans to comply with the decision.
However, there’s a sting in the tail: device makers will no longer have to bundle Google’s apps, but if they do they’ll pay for the privilege.
As Google Senior VP Hiroshi Lockheimer put it:

Since the pre-installation of Google Search and Chrome together with our other apps helped us fund the development and free distribution of Android, we will introduce a new paid licensing agreement for smartphones and tablets shipped into the EEA.

Specifically, device makers will have to license Google apps and then separately license Search and Chrome to get the full suite. They’ll also be able to install these on their own “non-compatible or forked” versions of Android.

Could there be unintended consequences for security?

The worry is that, having battled fragmentation for years, the Android ecosystem will now have even more fragmentation to deal with.
The simplest scenario is that device makers will pay up and pass that cost on to everyone buying an Android phone.
Another possibility is that device makers will switch to third-party apps in place of the Google versions.
Plausibly, rivals such as Microsoft and Amazon could pay to get Bing and Amazon Search onto Android devices, along with other apps from outside the Google stable.
As much as some resent Google’s domination of Android, the EC’s action could end up annoying the one group the data economy still depends on – developers.
The Developer’s Alliance, which actually backed Google in its case, claimed:

There is a risk that diverging versions of Android will lead to devices where apps don’t work for users. Developers may also need to do costly rewrites of apps for multiple incompatible versions.

It’s somewhat reminiscent of the EU’s protracted battle with Microsoft 20 years ago over the bundling of Internet Explorer with Windows 95.
Arguably, the banishing of that alleged browser monopoly-in-the-making helped seed the conditions for the rise of Google’s Chrome years later.
The EC won its battle then but set the scene for an even bigger one with a less certain outcome.

8 Comments

Soon there will be Fake play stores. Fake Google map APKs. Uneducated users end up scams more often. This unbundling is bad. When the whales are fighting, small fish will be get more affected.

Well Microsoft used to charge extra for removing some of their coporate cruft with their “Signature Edition” devices.

I don’t know if Microsoft has an enterprise equivalent to their consumer “Signature Edition PC” program, but the consumer version is OEM hardware sans OEM “bloatware”. Microsoft doesn’t necessarily charge more for a Signature Edition PC relative to MSRP, and I’ve seen sales. AFAIK, all Signature Edition PC’s include Bing and Edge, as they’re sold by Microsoft.

The EU must spend time on important things and not on futile rules for futile devices. The situation is dramatic in alla.spect with
the educational level going downz in 20 year will be one of the poorest area in the world. But EU is worry about your smartphone ecosystem?? That is just ridiculous.

If developers and phone makers are not careful, we will end up with something akin to the MSX programming language installed on Japanese-made personal computers in the 1980s, where programs would only run on some machines, because the BASIC language became corrupted by different add-ons by different manufacturers, and there was no Standard. Glas I don’t have a tablet/smart phone.

I find the security angle a bit weak – it’s not a case of “this is bad for this reason” but rather “could a vendor install a not-so-great default?” which the answer is of course yes. We know this to be true because they already install bloatware and spyware and I don’t think this makes doing so a much greater risk – phones already come with apps that provide the same features (custom navigation, keyboard, music player, etc.).
The disappointment I have, though, is it feels like Google is being punished for allowing competing apps in the app store: it’s clear that alternatives exist and there’s demand for installing them as a result. Apple, on the other hand, will not allow an app that competes with default features to even be available in the app store and they get to keep all of their defaults.

The fuss wasn’t so much about what’s allowed in Google Play as how Google licenses access to the Play Store. You can’t really compare this to Apple, because Apple doesn’t license iOS to other hardware vendors in the first place.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?