www @ Savannah: Malware in Proprietary Software – Latest Additions

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

October 2025

Apple's Operating Systems Are Malware

• Apple repeatedly sabotaged Beeper Mini, a client to replace its iMessage instant messaging service, interfering with people's ability to use their installed software just to keep a dominant position in that market by avoiding competition.

Malware In Cars

• Jeep forced a software change into certain cars. In addition to being unjust, this one was dangerous too.

Google's Software is Malware

• Motorola ships Android phones with a locked bootloader, offering a method to unlock the devices. The method involves creating an account, which requires running nonfree JavaScript and disclosing personal data as well as identifying at least your phone's model.

This puts users in danger of privacy breaches in exchange for permission to modify the software that runs in a device they own. Users should be free to modify this and all software as they wish, without interference from the manufacturer or developer.

Back in 2013 (when the company was owned by Google) someone found a way to crack the bootloader restrictions. Android developers also provide a lock/unlock method.

September 2025

Malware in Appliances

• Echelon forcefully downgraded the firmware of its home gym equipment so that the devices will provide their full capabilities only if connected to Echelon's servers and only with a paid subscription, all the while breaking compatibility with third party apps that offer additional functionalities. Efforts to restore offline functionality were successful, but the fix can't be released due to section 1201 of the DMCA.

Note that those articles mention “open source”; the GNU Project recommends the expression free/libre software instead.

Google's Software is Malware

• Google has announced the inclusion of a “security” measure in Android “smartphones,” which will require any software installed in certified Android devices to come from a developer who has gone through Google's new developer verification program.

The problem here is not that there's a system that provides trust on the origin of the software. A system like that might be useful, but the end user should still be able to select which organization provides that service, or maybe set up such an organization or renounce the service altogether.

Making this verification exclusive to Google makes us question which is the threat here. Is it a user installing malware inadvertently? Or is it the user installing software that makes Google lose money?

This will also kill projects such as F-Droid that promote privacy and freedom by distributing free (as in freedom) apps.

Source: Planet GNU