Google's Software is Malware
Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.) This page explains how Google software is malware.
Malware and nonfree software are two different issues. The difference between free software and nonfree software is in whether the users have control of the program or vice versa. It's not directly a question of what the program does when it runs. However, in practice nonfree software is often malware, because the developer's awareness that the users would be powerless to fix any malicious functionalities tempts the developer to impose some.
Type of malware
Google Back Doors
Chrome has a back door for remote erasure of add-ons.
In Android, Google has a back door to remotely delete apps. (It is in a program called GTalkService).
Google can also forcibly and remotely install apps through GTalkService (which seems, since that article, to have been merged into Google Play). This is not equivalent to a universal back door, but permits various dirty tricks.
Although Google's exercise of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely deactivate programs that it considers malicious. But there is no excuse for allowing it to delete the programs, and you should have the right to decide who (if anyone) to trust in this way.
Chrome is censored by a back door described above.
Google censored installation of Samsung's ad-blocker, saying that blocking ads is “interference” with the sites that advertise (and surveil users through ads).
The ad-blocker is proprietary software, just like the program (Google Play) that Google used to deny access to install it. Using a nonfree program gives the owner power over you, and Google has exercised that power.
Google's censorship, unlike that of Apple and Microsoft, is not total: Android allows users to install apps in other ways. You can install free programs from f-droid.org.
The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are lots of bugs in the phones' radio software.
The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Google actions that harm to the users of specific Google software.
Google has long had a back door to remotely unlock an Android device, unless its disk is encrypted (possible since Android 5.0 Lollipop, but still not quite the default).
Spyware is present in some Android devices when they are sold. Some Motorola phones modify Android to send personal data to Motorola.
Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked from us by a paywall) reports that the FBI can remotely activate the GPS and microphone in Android phones and laptops. (I suspect this means Windows laptops.) Here is more info.
Google's new voice messaging app logs all conversations.
Nest thermometers send a lot of data about the user.
Many web sites report all their visitors to Google by using the Google Analytics service, which tells Google the IP address and the page that was visited.
Google Chrome makes it easy for an extension to do total snooping on the user's browsing, and many of them do so.
Chrome implements DRM. So does Chromium, through nonfree software that is effectively part of it.
Some Android phones made by Google are tyrants (though someone found a way to crack the restriction). Fortunately, most Android devices are not tyrants.