500 members

Proprietary Back Doors

Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; that is the basic injustice. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.

This typically takes the form of malicious functionalities.

Some malicious functionalities are mediated by back doors. Here are examples of programs that contain one or several of those, classified according to what the back door is known to have the power to do. Back doors that allow full control over the programs which contain them are said to be “universal.”

If you know of an example that ought to be in this page but isn't here, please write to <webmasters@gnu.org> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.


Altering user's data or settings

Installing, deleting or disabling programs

  • Adobe Flash Player has a universal back door which lets Adobe control the software and, for example, disable it whenever it wants. Adobe will block Flash content from running in Flash Player beginning January 12, 2021, which indicates that they have access to every Flash Player through a back door.

    The back door won't be dangerous in the future, as it'll disable a proprietary program and make users delete the software, but it was an injustice for many years. Users should have deleted Flash Player even before its end of life.

  • A very popular app found in the Google Play store contained a module that was designed to secretly install malware on the user's computer. The app developers regularly used it to make the computer download and execute any code they wanted.

    This is a concrete example of what users are exposed to when they run nonfree apps. They can never be completely sure that a nonfree app is safe.

  • Apple appears to say that there is a back door in MacOS for automatically updating some (all?) apps.

    The specific change described in the article was not malicious—it protected users from surveillance by third parties—but that is a separate question.

  • Corel Paintshop Pro has a back door that can make it cease to function.

    The article is full of confusions, errors and biases that we have an obligation to expose, given that we are making a link to them.

    • Getting a patent does not “enable” a company to do any particular thing in its products. What it does enable the company to do is sue other companies if they do some particular thing in their products.
    • A company's policies about when to attack users through a back door are beside the point. Inserting the back door is wrong in the first place, and using the back door is always wrong too. No software developer should have that power over users.
    • Piracy” means attacking ships. Using that word to refer to sharing copies is a smear; please don't smear sharing.
    • The idea of “protecting our IP” is total confusion. The term “IP” itself is a bogus generalization about things that have nothing in common.

      In addition, to speak of “protecting” that bogus generalization is a separate absurdity. It's like calling the cops because neighbors' kids are playing on your front yard, and saying that you're “protecting the boundary line”. The kids can't do harm to the boundary line, not even with a jackhammer, because it is an abstraction and can't be affected by physical action.

  • Some “Smart” TVs automatically load downgrades that install a surveillance app.

    We link to the article for the facts it presents. It is too bad that the article finishes by advocating the moral weakness of surrendering to Netflix. The Netflix app is malware too.

  • Baidu's proprietary Android library, Moplus, has a back door that can “upload files” as well as forcibly install apps.

    It is used by 14,000 Android applications.

  • In addition to its universal back door, Windows 8 has a back door for remotely deleting apps.

    You might well decide to let a security service that you trust remotely deactivate programs that it considers malicious. But there is no excuse for deleting the programs, and you should have the right to decide whom (if anyone) to trust in this way.

  • In Android, Google has a back door to remotely delete apps. (It was in a program called GTalkService, which seems since then to have been merged into Google Play.)

    Google can also forcibly and remotely install apps through GTalkService. This is not equivalent to a universal back door, but permits various dirty tricks.

    Although Google's exercise of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely deactivate programs that it considers malicious. But there is no excuse for allowing it to delete the programs, and you should have the right to decide who (if anyone) to trust in this way.

  • The iPhone has a back door that allows Apple to remotely delete apps which Apple considers “inappropriate”. Jobs said it's OK for Apple to have this power because of course we can trust Apple.

Full control

Other or undefined

The EFF has other examples of the use of back doors.

Available for this page:

[en] English   [de] Deutsch   [es] español   [fr] français   [it] italiano   [ja] 日本語   [ru] русский  

 [FSF logo]  “The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom. We defend the rights of all software users.”