Evidence continues to mount that Google's management and supervision of its Android operating system is out-of-control when it comes to protecting privacy and security.
- Google's corporate ethos that it is better to "ask for forgiveness than permission" increasingly means Android has no privacy by design and hence less security for users by default.
- Requiring and respecting the need for permission and authorization is a bedrock truism of IT security -- and the evidence below increasingly indicates that Google has a deep aversion to that IT security truism.
Consider the growing pattern of Google's default design and behavior that maximizes collection of private information, which inherently puts users at greater security risk.
First, and profoundly disturbing, is a new TechRepublic revelation in a post by security blogger Donovan Colbert.
In setting up his new Android-based tablet, Mr. Colbert discovered that the Android operating system by default, i.e. without permission, automatically collected and implemented encrytion key passcodes to automatically gain access to private networks without the permission of the user. In Mr. Colbert's own words:
- "Google is not only storing a list of what hotspots you have visited, but any private encryption keys necessary to connect to those hotspots in the cloud."
- "The idea that every Android device connects with that access point shares our private corporate access keys with Google is pretty unacceptable."
- "Honestly if there is any data that shouldn't be harvested, stored and synched automatically between devices, it is encryption keys, passcodes and passwords."
Second, we learned from WSJ privacy reporting that Google Android tracked users location a thousand times a day without the users' meaningful permission.
- This Google no privacy by design revelation prompted congressional hearings, the scandal moniker "locationgate," and new legislation from Senators Franken and Blumenthal.
Finally, how does this pattern involve the WiSpy scandal of Google being caught wardriving tens of millions of homes, in over thirty countries, for over three years, eavesdropping on unencrypted home WiFi routers and recording all signals including emails, and passwords.
As you may remember, Google said that systematic eavesdropping on citizens, was the mistake of one engineer, and not at all sanctioned by the company at large.
Here is Google's 5-14-10 official story:
- "So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data."
However if Google was being forthright that it's Android effort indeed did not want to by default to collect the maximum private information possible, why did Google mobile engineering manager Dave Burke tell the Guardian 1-29-08, the following that shows it was obviously Google's policy to collect the most WiFi information possible...
- "If you're going to concentrate on location you want every bit of data you can..."
- "...Cell ID is one location, the address of your Wi-Fi access point is another. The end result is that we want the user to have the best possible experience, and we'll do whatever it takes to get it … to us they're just network signals and we're interested in all of them."
In sum, the pattern here is becoming more clear. Google's corporate ethos is at work here: "ask for forgiveness not permission." That ethos puts innovation, speed and efficiency, ahead of the privacy and security of users.
- The big takeaway here is that Google's corporate priority is to collect the maximum amount of information by most any means, without meaningful permission or authorization, as fast as possible.
- This means that Google effectively has a "no privacy by design" approach to privacy, and that security is a lesser priority at Google.
Previous parts of the "Security is Google's Achilles Heel" Series:
- Part I: "Why security is Google's Achilles heel"
- Part II: "Google values security much less than others do"
- Part III: "Google: "Security is part of our DNA" (Do Not Ask)
- Part IV: "Why Security is Google's Achilles Heel"
- Part V: "Google Apps Security Chief is a magician/mentalist"
- Part VI: "Google-China: Implications for Cybersecurity"
- Part VII: "Did Google Over-React to China Cybersecurity Breach?"
- Part IX: "Google's Titanic Security Flaws"
- Part X: : "A Google Android Botnet Problem":
- Part XI: "Google's Deep Aversion to Permission"
- Part XII: "Top Ten Reasons Google Has Culpability in the Gmail Data Breach"
For even more information, see the Security section of PrecursorBlog's sister site: www.GoogleMonitor.com; or read the "Security is Google's Achilles Heel chapter of my Book: Search & Destroy Why You Can't Trust Google Inc. at www.SearchAndDestroyBook.com.