Headline News
Secure Blackphone starts shipping (June 30, 2014 10:03 am)
Linux Mint KDE reviewed (June 24, 2014 2:06 pm)
Linux Mint 17 “Qiana” KDE released! (June 23, 2014 10:24 am)
7 Improvements The Linux Desktop Needs (June 21, 2014 12:48 am)

Google patches Facebook’s exploitation of Android

Facebook was playing with fire when it started pushing updates for its Android app outside Google’s Play Store mechanism. It was a dangerous move with what some may call malicious intentions. Facebook was able to bypass Google Play store and prompt users to download and install updates directly. Not only was the nature of this ‘updating’ dangerous, it was nothing short of annoyance for a user – the update would continue to buzz the device unless a user updates it or uninstall it. There was no way out.

That malicious intent didn’t stop there. Once you install the app outside the Play Store, Facebook would be able to update it as and when it wanted without even notifying the user. In simply English Facebook can change and update its app without alerting you and you won’t even know what new permissions (access to data) the update will gain over your phone.

It was expected that Google would take some steps to protect its users from that Facebook invasion, and it finally happened.

Google has updated it’s Google Play Developer Program Policies to patch the loophole Facebook was exploiting. Interesting enough,  Facebook’s exploitation was addressed under the policy’s ‘Dangerous Products’ section.

Google has added new sentence in the section (highlighted by us):

Don’t transmit viruses, worms, defects, Trojan horses, malware, or any other items that may introduce security vulnerabilities to or harm user devices, applications, or personal data. We don’t allow content that harms, interferes with the operation of, or accesses in an unauthorized manner, networks, servers, or other infrastructure. Apps that collect information (such as the user’s location or behavior) without the user’s knowledge (spyware), malicious scripts and password phishing scams are also prohibited on Google Play, as are applications that cause users to unknowingly download or install applications from sources outside of Google Play. An app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play’s update mechanism.

Even if Google doesn’t talk about it in it’s PR channel, this update is definitely targeted at Facebook.

We are looking for aspiring bloggers and journalists for The Mukt. If you are interested, apply now!

Facebook will have to stop flirting with Android users through such shenanigans. The next issue to deal with can be Facebook Home which over-rights the otherwise sane Android experience.

Swapnil Bhartiya

A free software fund-a-mental-ist and Charles Bukowski fan, Swapnil also writes fiction and tries to find cracks in the paper armours of proprietary companies. Swapnil has been covering Linux and Free Software/Open Source since 2005.

Leave A Comment