Google-Android sacrifices users’ security, privacy and data protection to scale Android fastest so that Google can dominate mobile software and advertising.
This charge and analysis is timely and relevant because Reuters is reporting that European Commission competition authorities are “laying the groundwork for a case centered on whether Google abuses the 80 percent market share of its Android mobile operating system to promote services from maps to search.”
The purpose of this particular analysis is to help a user better understand how they are harmed by Google-Android’s disregard for data protection.
To appreciate how little regard Google-Android has for user’s security, privacy and data protection, click here for a 2011-2014 compilation of “Google-Android’s Data Protection Failures” complete with source links. It is an easy scan/read because it is basically headline summaries.
This supplemental Android analysis is unique in two ways. First, it pieces together Google’s own words to expose Google’s anticompetitive intent and methods. Second, it compiles the alarming evidence of substantial user harm caused by Android sacrificing users’ security, privacy and data, to gain and maintain its market dominance.
By way of introduction, three insights can help users better understand why Google-Android sacrifices their security, privacy and data protection to scale Android fastest.
First and foremost Android is “free” because Android users are not Google’s customers, but the data-product that Google sells to advertisers, and advertising comprises 90% of Google’s revenues.
Second, Google’s “targeted” advertising depends upon “targeted” data collection, surveillance, and profiling of individual users.
Third, Android is not only the dominant mobile software for smart-phones and tablets worldwide, but also is the default target-tracking software for “Internet of Things” devices in the physical world. Think: Android Wear (Glass, watches, contacts, Google Fit, etc.); Nest’s home ~250 devices (thermostats, home surveillance cameras, door/window sensors, appliances, etc.); Android TV; Android robots; Android Play (Apps); Android Auto (self-driving vehicles, Google Maps, in-car apps, etc.); etc.
Simply, Android is ubiquitously tracking, listening, and watching its user “targets.”
Google’s Android Strategy in Their Own Words (A Quote Mosaic)
“We are in the information business.” Google Chairman Eric Schmidt (FT 6-4-10).
“Our top priority is keeping your information safe and secure.” Google’s Terms of Service 11-11-13
“Ten things we know to be true. #1: Focus on the user and all else will follow.…we take great care to ensure [our services] will ultimately serve you, rather than our own internal goal or bottom line” (Google’s homepage).
“Google’s security philosophy: “…we recognize how important it is to help protect your privacy and security. We understand that secure products are instrumental in maintaining the trust you place in us…” (Google Security page).
“Ultimately our goal at Google is to have the strongest advertising network and all the world’s information.” Google CEO Eric Schmidt (ZDNet, 8-23-06).
“The impact of the data revolution will be to strip citizens of much of their control over their personal information....The communication technologies we use today are invasive by design, collecting our photos, comments and friends into giant databases that are searchable and, in the absence of regulation...[it is all] fair game.” Google Chairman Eric Schmidt (CSM 5-9-13).
"The power of individual targeting—the technology will be so good it will be very hard for people to watch or consume something that has not in some sense been tailored for them.” Google Chairman Eric Schmidt (WSJ 8-14-10).
“Our goal with Android is to reach everyone. Google Chairman Eric Schmidt (ATD 4-16-13).
"Scale is the key. We just have so much scale in terms of the data we can bring to bear." Google Chairman Eric Schmidt (Bloomberg (10-2-09).
"We don't have better algorithms than everyone else; we just have more data." Google’s Chief Scientist Peter Norvig (ECPM Blog 3-21-10).
"Our model is just better." "Based on that, we should have 100% share" Google CEO Eric Schmidt (Forbes 12-10-09).
“Selling ads doesn't generate only profits; it also generates torrents of data about users' tastes and habits, data that Google then sifts and processes in order to predict future consumer behavior, find ways to improve its products, and sell more ads. This is the heart and soul of Googlenomics.” Google Economist, Hal Varian, (Wired 5-22-09).
"Platforms are where the aggregated value occurs… The way the industry creates wealth is creating platforms." Google Chairman Eric Schmidt, (ZDNet 6-5-13).
“Almost nothing short of a biological virus , can scale as quickly, efficiently or aggressively as these technology platforms and this makes the people who build, control and use them powerful too.” Google Chairman Eric Schmidt, (WebProNews 12-3-12).
“…the Internet rewards fanatical focus on scale, speed, data analysis, and customer satisfaction.” Google Economist, Hal Varian(Wired 5-22-09).
“Launch first, correct later.” Google Chairman Eric Schmidt (FT 6-4-10).
“In most cases… the [Google] default is not to use the most secure form because it slows everything down. … Ultimately we are not going to do anything that disadvantages speed,” Google Chairman Eric Schmidt (YouTube 9-18-08).
"We try not to have too many controls." Nikesh Aurora, Head of Google European Operations (FT 9-21-07).
"We do not guarantee that Android is designed to be safe; its format was designed to give more freedom. When they talk about 90% of malicious programs for Android, they must of course take into account the fact that it is the most used operating system in the world. If I had a company dedicated to malware, I would also send my attacks to Android." Google Android Chief Sundar Pichai, (Frandroid 2-27-14).
This Google Quote Mosaic shows that Google has a very sophisticated understanding of what it takes for Google to dominate mobile software and advertising, and also of what that Android data dominance means for user data protection.
Simply, there is a big disconnect between what Google promises concerning data protection and what Google actually delivers.
2011-2014 Compilation of User Harms from Google-Android’s Data Protection Failures
The list summarizes the long litany of Google’s repeated failures in protecting users’ security, privacy and data protection.
As the dominant mobile software for well over a billion people, including most Europeans and Americans, Google endangers its users with a reckless disregard and willful blindness to their safety, security, and privacy, and by actively preventing users the adequate choice and capability to protect their private data themselves.
The user harms of Google repeatedly being the world’s primary target for malware, hackers and criminals are obvious. Google’s irresponsibility make users more vulnerable to Internet crime, abuse, and misconduct like: identity theft, fraud, theft, stalking, cyber-bullying, and denial-of-service attacks. It also makes users more vulnerable to harmful Internet malware like: viruses, adware, zombie-botnets, worms, trojans, spam, etc.
Precursor’s compilation of Google-Android’s data protection failures shows 16 in the first half of 2014 after 23 in 2013. It includes findings from Cisco, Symantec, Juniper, EFF, F-Secure, BlueBox Security, Zscaler, FireEye, Lookout, Info Security, among others.
This 42-entry list is an easy-read given that each failure is described in a tweet-length headline. A scan of it will bring home the breadth, depth, variety and seriousness of the risks and vulnerabilities that Google is exposing users to in order to scale fastest to dominate the mobile software and advertising markets.
The list catalogues the security, privacy and data protection vulnerabilities that naturally emerge from: a Google Android operating philosophy of “launch first, correct later;” not curating/policing software or apps before they are offered to users; and perversely delegating responsibility for security in part to the users who are being harmed by Google’s exceptionally-lax data protection approach.
Importantly, the list shows the “wild west” outcome that naturally results when there is minimal internal or external policing of the Android ecosystem.
Simply, the list proves that Google cares little about users’ security, privacy or data protection, because if they did, they would have long ago made the obvious responsible corporate changes necessary to protect Android users’ safety and best interests.
Conclusion
In closing,Fusenetwork’s Bryan Seely sums up the Google security problem best: “Everyone trusts Google implicitly and it's completely unwarranted and it's completely unsafe.”
The overwhelming evidence presented here and in the Data Protection Failure list shows that Google-Android sacrifices users’ security, privacy and data protection to scale fastest and hence dominate the mobile software space.
The current EC competition investigation into Google Android abuses of dominance, reported by Reuters, is rightly focused on Google’s many traditional violations of competition law such as: the bait-and-switch of starting with an open system to gain scale and then closing it down to harvest the data and market power; the locking down of Google services; and other foreclosure-of-competition practices.
Where this analysis fits in, is in spotlighting the fact that the abject failure of the EC DGComp’s investigation and remedy of Google’s search and search advertising dominance is a direct result of its total blind-spot that Google’s data dominance is the source of its search and search advertising dominance.
Any Google competition investigation or remedies that ignore Google’s data dominance and abuses of users’ data protection, security and privacy, is worthless because it would ignore the root cause of the overall Google problem and a core harm to users.
Simply, Android’s scale-n-scoop data strategy sacrifices users’ data protection at Google’s altar of data dominance.
***
Security is Google's Achilles Heel Research Series
Part 1: Why security is Google's Achilles heel [7-8-09]
Part 2: Google values security much less than others do [7-16-09]
Part 3: Google: "Security is part of our DNA" (Do Not Ask) [7-28-09]
Part 4: Why Security is Google's Achilles Heel [8-12-09]
Part 5: Google Apps Security Chief is a magician/mentalist [1-5-10]
Part 6: Google-China: Implications for Cybersecurity [1-13-10]
Part 7: Did Google Over-React to China Cybersecurity Breach? [3-3-10]
Part 8: Google's Titanic Security Flaws [4-22-10]
Part 9: A Google Android Botnet Problem [11-12-10]
Part 10: Google's Deep Aversion to Permission [3-10-11]
Part 11: Top Ten Reasons Google Has Culpability in the Gmail Data Breach [6-3-11]
Part 12: Google's Culture of Unaccountability in its Own Words [8-1-12]
Part 13: Google's Privacy Rap Sheet: Fact-Checking Google's Claims on Privacy [3-13-13]
Part 14: Why Google is America's Cyber-Security Achilles Heel [5-29-13]
