On Monday, a story broke that Google Play — the near-ubiquitous service that Google uses to distribute software within Android — was using GPS to track your every move, whether you enabled Google Maps to use location tracking or not. The only way to completely disable this kind of location tracking is to disable Google Play.
This is all true, as far as it goes. But the conclusions are a bit less cut-and-dried than some publications like The Register have made it sound. Let’s break it down.
First of all, it’s true that location services are integrated into Google Play and that Google actively encourages developers to use Google Play services, rather than the open-source location APIs that are part of AOSP (Android Open Source Project). This is a theme we’ve discussed before in other contexts — Google has been replacing AOSP components with its own, closed-source mechanisms for years now, and it requires the phone OEMs to agree to fairly onerous terms in exchange for shipping Google Play. This core disagreement is why Amazon forked Android and created its own distro. It’s why there’s limited overlap by default between the apps that are available on Amazon hardware and what you get with Google Android. (Amazon Fire tablets can install the Google Play Store, but they don’t ship with it installed by default and you have to jump through some hoops to get everything working).
Google has a set of APIs, including location-based, that run through Google Play, and there’s some concern in the EU about how this may have impacted the competitive market. Because these APIs are linked to Google Play, you may see pop-ups in some cases that aren’t coming through specific applications like Google Maps. So how does this relate to the tweet from Mustafa Al-Bassam, the security researcher who first discussed the issue? (14 September 2016)
No comments:
Post a Comment