Google admits changing phone settings remotely

Previous discussion from a few days ago: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17984576" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=17984576</a>

It feels arrogant by Google to take the liberty to even add the possibility to changes customer&#x27;s settings remotely without them having a say in it. It&#x27;s like the forgot who&#x27;s phones they are. My guess is that they&#x27;re so used to A&#x2F;B testing on their web sites that they think the same is OK on peoples personal devices just because Google makes the software that runs on them too.

What&#x27;s next? Change location settings remotely so that they can siphon more data?<p>Who the hell at Google tought that playing with phone settings remotely was a good idea?

The key insight here is that <i>this should not even be possible</i>. Yes, corporate-owned phones need to be administered remotely. Yes, Google needs to be able to perform internal testing (this is in fact just an example of corporate ownership). Sure, maybe some individuals want to opt in to something like this. But the key is that this should be <i>opt-in</i>.<p>It should simply be impossible for Google to do anything pernicious to a newly-purchased Android phone: it should not be able to write settings, nor should it be able to read any data.

This has been possible since at least the mid 90&#x27;s. We used to update the firmware over the air. We could change any settings on the phone, but would only do so when required to keep the phone operational. Anything beyond that risked customer support calls and bricked phones. And yes, we sometimes bricked phones. We even had the ability to brick phones intentionally, if stolen, but that feature was never used by customer support for fear of bricking the wrong phones. Some years later I was at a company that could rewrite any part of your phones OS over the air. They did some fairly clever things that were barely documented by the vendors. I can only imagine what is possible today.

Fearmongering and FUD on security by short sighted and self serving technical folks on forums like this has got us to the point where backdoors and remote execution by &#x27;trusted parties&#x27; are the norm while users root access to their own device is demonized as a security hole.<p>These are folks who are constantly &#x27;empowering&#x27; themselves at the cost of others so getting root on your own phone is now thought of some sort of great security hole and some apps will detect it and refuse to work. This is the future of software freedom courtesy ex freedom and liberty poseurs and now greedy out of control tinpots.

That this only happened on the newest operating system is going to negatively influence acceptance of upgrades, for the slim number of users who actually have a choice. I didn&#x27;t upgrade so I could have my messages delayed, thanks.

The fact that this is even possible on a private device should be shocking, yet I don&#x27;t even feel surprise.

Which means:<p>1. Google have this capability.<p>2. They have exercised it.<p>3. Whatever internal controls exist to check this don&#x27;t exist, failed, or explicitly permitted this action. None of the three options, for a single locus of control to something on the order of 3-4 billion user devices or accounts (net of Android + Gmail accounts) is particularly heartening.<p>4. The primary channel of communication is ... a Reddit account?<p>Someone is terrifyingly asleep at the wheel.<p>Competency? Trust? Goodwill? This is how you lose it.<p>This is how organisational decline starts. It tends to proceed slowly, at first, then all at once. Shades of Hemmingway.

Honestly, when I saw that battery saver was on, I thought I turned it on by accident.<p>A lot of the responses here are overreactions. This appears to be a defect, not something nefarious. Part of software development is altering default settings. Another part of software development is periodic updates. Mistakes like this will happen. Get over it.

Every time Ubuntu updates some package (that I haven&#x27;t figured out) it blows away my CPU governor settings. But I guess there won&#x27;t be a lot of press articles about this.

It looks like they meant to change a default setting, which users expect, but instead overrode settings, which should only be used to fix bugs.

Has anyone found the app permissions being reset for many apps abruptly? I just faced it!

Remote wipe your phone if it gets stolen?

WTF GOOGLE YOU SHOULD NOT BE ABLE TO DO THAT

I don&#x27;t really see the problem here. You tweak settings and collect data so you can pick better defaults in the future. Why wouldn&#x27;t you do this?<p>I worry that users imagine software to be static, complete, and never in need of change... and the world just doesn&#x27;t work that way. Software is in a constant state of &quot;works just well enough to maybe deploy&quot;. Experimentation and refinement are always necessary.<p>I don&#x27;t see outrage when Microsoft updates Windows and it starts deleting malware from your system. What&#x27;s the difference?