Connect with us

Biz & IT

Google tweaks Android licensing terms in Europe to allow Google app unbundling — for a fee

Published

on

Google has announced changes to the licensing model for its Android mobile operating system in Europe,  including introducing a fee for licensing some of its own brand apps, saying it’s doing so to comply with a major European antitrust ruling this summer.

In July the region’s antitrust regulators hit Google with a recordbreaking $5BN fine for violations pertaining to Android, finding the company had abused the dominance of the platform by requiring manufacturers pre-install other Google apps in order to license its popular Play app store. 

Regulators also found Google had made payments to manufacturers and mobile network operators in exchange for exclusively pre-installing Google Search on their devices, and used Play store licensing to prevent manufacturers from selling devices based on Android forks.

Google disputes the Commission’s findings, and last week filed its appeal — a legal process that could take years. But in the meanwhile it’s making changes to how it licenses Android in Europe to avoid the risk of additional penalties heaped on top of the antitrust fine.

Hiroshi Lockheimer, Google’s senior vice president of platforms & ecosystems, revealed the new licensing options in a blog post published today.

Under updated “compatibility agreements”, he writes that mobile device makers will be able to build and sell Android devices intended for the European Economic Area (EEA) both with and without Google mobile apps preloaded — something Google’s same ‘compatibility’ contracts restricted them from doing before, when it was strictly either/or (either you made Android forks, or you made Android devices with Google apps — not both).

“Going forward, Android partners wishing to distribute Google apps may also build non-compatible, or forked, smartphones and tablets for the European Economic Area (EEA),” confirms Lockheimer.

However the company is also changing how it licenses the full Android bundle — which previously required OEMs to load devices with the Google mobile application suite, Google Search and the Chrome browser in order to be able to offer the popular Play Store — by introducing fees for OEMs wanting to pre-load a subset of those same apps under “a new paid licensing agreement for smartphones and tablets shipped into the EEA”.

Though Google stresses there will be no charge for using the Android platform itself. (So a pure fork without any Google services preloaded still wouldn’t require a fee.)

Google also appears to be splitting out Google Search and Chrome from the rest of the Google apps in its mobile suite (which traditionally means stuff like YouTube, the Play Store, Gmail, Google Maps, although Lockheimer’s blog post does not make it clear which exact apps he’s talking about) — letting OEMs selectively unbundle some Google apps, albeit potentially for a fee, depending on the apps in question.

“[D]evice manufacturers will be able to license the Google mobile application suite separately from the Google Search App or the Chrome browser,” is what Lockheimer unilluminatingly writes.

Perhaps Google wants future unbundled Android forks to still be able to have Google Search or Chrome, even if they don’t have the Play store, but it’s really not at all clear which configurations of Google apps will be permitted under the new licensing terms, and which won’t.

“Since the pre-installation of Google Search and Chrome together with our other apps helped us fund the development and free distribution of Android, we will introduce a new paid licensing agreement for smartphones and tablets shipped into the EEA. Android will remain free and open source,” Lockheimer adds, without specifying what the fees will be either. 

“We’ll also offer new commercial agreements to partners for the non-exclusive pre-installation and placement of Google Search and Chrome. As before, competing apps may be pre-installed alongside ours,” he continues to complete his trio of poorly explained licensing changes.

We’ve asked Google to clarify the various permitted and not permitted app configurations, as well as which apps will require a fee (and which won’t), and how much the fees will be, and will update this post with any response.

The devil in all those details should become clear soon though, as Google says the new licensing options will come into effect on October 29 for all new (Android based) smartphones and tablets launched in the EEA.

Update: Google has now confirmed that Google Search and/or Chrome will be available for OEMs to license (non-exclusively) without a fee.

While the Google apps that will require a fee are: Google Play Store, Gmail, Maps, YouTube, Duo, Play Movies, Play Music, Drive and Photos. It is not disclosing the fees being charged.

This suggests OEMs will be able to offer a phone with the Play Store (plus the bundled Google apps) and a non-Google search engine and browser as the default, for example. Or a device without Play but with Google Search or Chrome.

The company also appears to be offering OEMs incentives to place Search or Chrome prominently under the new license.

Responding to Google’s announcement, a Commission spokesperson told us: “It is Google’s responsibility to comply with its obligations under the Decision. The Commission will closely monitor Google’s compliance to ensure that the remedy is effective and respects the Decision.”

“It is for Google to decide exactly how to comply with the Commission’s decision. The decision does not require Google to charge for any of its apps or for the Play Store,” the spokesperson added. “In fact, the Decision is designed to allow, for the first time, competing search and browser providers to compete on the merits with Google for pre-installation on Android devices, leading to greater choice for consumers.

“Android remains licensed for free under an open source regime. The Decision also allows companies, for the first time, to develop and market competing operating systems based on the Android open source code (so-called “Android forks”).”

This article was updated with comment from the European Commission and clarification from Google

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Ars Technicast special edition, part 1: The Internet of Things goes to war

Published

on

Enlarge / This adorable robot is one data point in the connected battlespace—the web of sensors that links together all the elements in a modern engagement.

Leon Neal / Getty Images

Welcome to a special edition of the Ars Technicast! Ars has partnered with Northrop Grumman to produce a two-part series looking at the evolution of connectivity on the modern battlefield—how the growing ubiquity of sensors and instrumentation at all levels of the military is changing the way we think about fighting. You can listen to part one right here. (A transcript of the podcast will be available a few hours after this story goes live.)

We all know what the Internet of Things is, even though that’s always been kind of a nonsensical name—it’s the idea that adding smarts and sensors to formerly “dumb” devices like refrigerators and washing machines and coffee makers creates an overlapping interconnected network of physical devices. The central concept is linking together physical objects by some kind of data stream, and as it turns out, the military has been going down a similar road of increased connectivity for many years.

But mo’ connectivity, as they say, means mo’ problems, and there have been many past efforts to try to get to about where we are today (some highly publicized). All have encountered issues that run the gamut from the physical to the logistical.

However, there’s reason to believe that this time around, things will be different. For one thing, we’re in the middle of a genuine revolution in machine learning and the ability to algorithmically sort massive amounts of data at scale—the kind of scale that you might encounter when dealing with a military theater containing thousands of troops and potentially hundreds of thousands (or even millions) of individual sensors.

To talk about the military IoT and the connected battlespace, we sat down for a chat with Scott Stapp, the newly minted Chief Technology Officer of Northrop Grumman. (No, not that Scott Stapp.) As a former brigadier general and Department of Defense staffer, Scott has been in a position to watch the development of the military IoT concept, and is uniquely positioned to discuss the future of connected warfighting.

If this topic interests you, then make sure to check back next week for part two of the series, where we focus in on the role of open systems in connecting together all the different moving pieces required to make the connected battlespace function. You can also get more episodes of the Ars Technicast here:

Continue Reading

Biz & IT

Security firm Malwarebytes was infected by same hackers who hit SolarWinds

Published

on

Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised a dozen or more US government agencies and private companies.

The attackers are best known for first hacking into Austin, Texas-based SolarWinds, compromising its software-distribution system, and using it to infect the networks of customers who used SolarWinds’ network management software. In an online notice, however, Malwarebytes said the attackers used a different vector.

“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” the notice stated. “We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.”

Investigators have determined the attacker gained access to a limited subset of internal company emails. So far, the investigators have found no evidence of unauthorized access or compromise in any Malwarebytes production environments.

The notice isn’t the first time investigators have said the SolarWinds software supply chain attack wasn’t the sole means of infection.

When the mass compromise came to light last month, Microsoft said the hackers also stole signing certificates that allowed them to impersonate any of a target’s existing users and accounts through the Security Assertion Markup Language. Typically abbreviated as SAML, the XML-based language provides a way for identity providers to exchange authentication and authorization data with service providers.

Twelve days ago, the Cybersecurity & Infrastructure Security Agency, said the attackers may have obtained initial access by using password guessing or password spraying or by exploiting administrative or service credentials.

Mimecast

“In our particular instance, the threat actor added a self-signed certificate with credentials to the service principal account,” Malwarebytes researcher Marcin Kleczynski wrote. “From there, they can authenticate using the key and make API calls to request emails via MSGraph.”

Last week, email management provider Mimecast also said that hackers compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company’s cloud-based service. While Mimecast didn’t say the certificate compromise was related to the ongoing attack, the similarities make it likely the two attacks are related.

Because the attackers used their access to the SolarWinds network to compromise the company’s software build system, Malwarebytes researchers investigated the possibility that they too were being used to infect their customers. So far, Malwarebytes said it has no evidence of such an infection. The company has also inspected its source code repositories for signs of malicious changes.

Malwarebytes said it first learned of the infection from Microsoft on December 15, two days after the SolarWinds hack was first disclosed. Microsoft identified the network compromise through suspicious activity from a third-party application in Malwarebytes’ Microsoft Office 365 tenant. The tactics, techniques, and procedures in the Malwarebytes attack were similar in key ways to the threat actor involved in the SolarWinds attacks.

Malwarebytes’ notice marks the fourth time a company has disclosed it was targeted by the SolarWinds hackers. Microsoft and security firms FireEye and CrowdStrike have also been targeted, although CrowdStrike has said the attempt to infect its network was unsuccessful. Government agencies reported to be affected include the Departments of Defense, Justice, Treasury, Commerce, and Homeland Security as well as the National Institutes of Health.

Continue Reading

Biz & IT

Ars online IT roundtable tomorrow: What’s the future of the data center?

Published

on

If you’re in IT, you probably remember the first time you walked into a real data center—not just a server closet, but an actual raised-floor data center, where the door wooshes open in a blast of cold air and noise and you’re confronted with rows and rows of racks, monolithic and gray, stuffed full of servers with cooling fans screaming and blinkenlights blinking like mad. The data center is where the cool stuff is—the pizza boxes, the blade servers, the NASes and the SANs. Some of its residents are more exotic—the Big Iron in all its massive forms, from Z-series to Superdome and all points in between.

For decades, data centers have been the beating hearts of many businesses—the fortified secret rooms where huge amounts of capital sit, busily transforming electricity into revenue. And they’re sometimes a place for IT to hide, too—it’s kind of a standing joke that whenever a user you don’t want to see is stalking around the IT floor, your best bet to avoid contact is just to badge into the data center and wait for them to go away. (But, uh, I never did that ever. I promise.)

But the last few years have seen a massive shift in the relationship between companies and their data—and the places where that data lives. Sure, it’s always convenient to own your own servers and storage, but why tie up all that capital when you don’t have to? Why not just go to the cloud buffet and pay for what you want to eat and nothing more?

There will always be some reason for some companies to have data centers—the cloud, for all its attractiveness, can’t quite do everything. (Not yet, at least.) But the list of objections to going off-premises for your computing needs is rapidly shrinking—and we’re going to talk a bit about what comes next.

Join us for a chat!

We’ll be holding a livestreamed discussion on the future of the data center on Tuesday, January 20, at 3:15pm Eastern Time (that’s 12:15pm Pacific Time, and 8:15pm UTC). On the panel will be Ars Infosec Editor Emeritus Sean Gallagher and myself, along with special guest Ivan Nekrasov, data center demand generation manager and field marketing consultant for Dell Technologies.

If you’d like to pitch us questions during the event, please feel free to register here and join us during the meeting tomorrow on Zoom. For folks who just want to watch, the live conversation will be available on Twitter, and we’ll embed the finished version (with transcript) on this story page like we did with our last livestream. Register and join in, or check back here after the event to watch!

Continue Reading

Trending