However, Paul Ducklin has drawn our attention to the fact that Google, while in the process of adding its own detection of known malicious apps to Android, has chosen to remove a number of ad-blocking apps from Google Play, citing section 4.4 of the Developer Distribution Agreement. This prohibits developers from activities that disrupt or access without authorization any third party’s devices, services, servers or networks. That’s fine insofar as it facilitates the removal by Google itself of certain types of malicious software, and you may even think it’s reasonable – or sound business practice – for Google to prioritize the desire of companies that pay Google to advertise rather than the desire of some Android users not to receive advertising. Even so, the wording of the Agreement doesn’t make any exception for nuisances or unequivocally malicious software, and that leaves it open to Google to take the same action against other types of security product.
It seems unlikely that Google would intentionally defend the rights of the authors of Android Trojans, but it’s not a long step from adware to ‘potentially unwanted’ – well, clearly those who install apps like AdAway don’t want ads – and Google has shown a tendency towards hostility towards security vendors in the past.
(Additional research by Buffy the Umpire Slayer.)
David Harley CITP FBCS CISSP
Small Blue-Green World