Of Course Android is Not Free Software
The FSF and Sandler's Purse (sometimes known as "Software Freedom Conservancy") have both just commented on Android. And it's about restrictions. The OEM version of Android is proprietary software and involves bundling malware and spyware such as Gmail. AOSP, where the O and S stand for "Open Source", is becoming further disconnected from software freedom. Biannual code dumps aren't communities and they don't quite facilitate forking, corrections, audits etc.
That Android is not about freedom should not be so shocking, even if Linux (the kernel) runs the platform. The GNU Project has the page "Google's Software is Malware" and here is what it says about Android:
The Google Play Terms of Service insist that the user of Android accept the presence of universal back doors in apps released by Google.[...]
Android has a back door for remotely changing “user” settings.
The article suggests it might be a universal back door, but this isn't clear.
[...]
In Android, Google has a back door to remotely delete apps. (It was in a program called GTalkService, which seems since then to have been merged into Google Play.)
Google can also forcibly and remotely install apps through GTalkService. This is not equivalent to a universal back door, but permits various dirty tricks.
Although Google's exercise of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely deactivate programs that it considers malicious. But there is no excuse for allowing it to delete the programs, and you should have the right to decide who (if anyone) to trust in this way.
[...]
Google censored installation of Samsung's ad-blocker on Android phones, saying that blocking ads is “interference” with the sites that advertise (and surveil users through ads).
The ad-blocker is proprietary software, just like the program (Google Play) that Google used to deny access to install it. Using a nonfree program gives the owner power over you, and Google has exercised that power.
Google's censorship, unlike that of Apple, is not total: Android allows users to install apps in other ways. You can install free programs from f-droid.org.
[...]
Google now allows Android apps to detect whether a device has been rooted, and refuse to install if so. The Netflix app uses this ability to enforce DRM by refusing to install on rooted Android devices.
Update: Google intentionally changed Android so that apps can detect rooted devices and refuse to run on them. The Netflix app is proprietary malware, and one shouldn't use it. However, that does not make what Google has done any less wrong.
[...]
Android contains facilities specifically to support DRM.
[...]
Researchers discovered that the Meta Pixel and Yandex Metrica trackers, which are embedded in many websites, have been spying on behalf of the native Meta and Yandex Android apps respectively, by taking advantage of security flaws in the Android API. When the user of an Android device accessed these pages with a browser such as Chrome, the trackers made all browsing data available to the native apps running in the background. The data could then be correlated to the user account or the Android Advertising ID, i.e. de-anonymized.
[...]
Many Android apps can track users' movements even when the user says not to allow them access to locations.
This involves an apparently unintentional weakness in Android, exploited intentionally by malicious apps.
[...]
Google automatically installed an app on many proprietary Android phones. The app might or might not do malicious things but the power Google has over proprietary Android phones is dangerous.
[...]
Google has announced the inclusion of a “security” measure in Android “smartphones,” which will require any software installed in certified Android devices to come from a developer who has gone through Google's new developer verification program.
The problem here is not that there's a system that provides trust on the origin of the software. A system like that might be useful, but the end user should still be able to select which organization provides that service, or maybe set up such an organization or renounce the service altogether.
Making this verification exclusive to Google makes us question which is the threat here. Is it a user installing malware inadvertently? Or is it the user installing software that makes Google lose money?
This will also kill projects such as F-Droid that promote privacy and freedom by distributing free (as in freedom) apps.
[...]
A new app published by Google lets banks and creditors deactivate people's Android devices if they fail to make payments. If someone's device gets deactivated, it will be limited to basic functionality, such as emergency calling and access to settings.
[...]
Google has long had a back door to remotely unlock an Android device, unless its disk is encrypted (possible since Android 5.0 Lollipop, but still not quite the default).
[...]
Google tracks the movements of Android phones and iPhones running Google apps, and sometimes saves the data for years.
[...]
An Android phone was observed to track location even while in airplane mode. It didn't send the location data while in airplane mode. Instead, it saved up the data, and sent them all later.
[...]
Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers, even when location services are disabled, and sending that data back to Google.
[...]
Some Google apps on Android record the user's location even when users disable “location tracking”.
There are other ways to turn off the other kinds of location tracking, but most users will be tricked by the misleading control.
[...]
Android tracks location for Google even when “location services” are turned off, even when the phone has no SIM card.
[...]
Google Play (a component of Android) tracks the users' movements without their permission.
Even if you disable Google Maps and location tracking, you must disable Google Play itself to completely stop the tracking. This is yet another example of nonfree software pretending to obey the user, when it's actually doing something else. Such a thing would be almost unthinkable with free software.
[...]
Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked from us by a paywall) reports that the FBI can remotely activate the GPS and microphone in Android phones and laptops (presumably Windows laptops). Here is more info.
[...]
Spyware is present in some Android devices when they are sold. Some Motorola phones, made when this company was owned by Google, use a modified version of Android that sends personal data to Motorola.
[...]
Motorola ships Android phones with a locked bootloader, offering a method to unlock the devices. The method involves creating an account, which requires running nonfree JavaScript and disclosing personal data as well as identifying at least your phone's model.
There's a lot more in there. There are also links to media/press reports. █