Legal issues concerning ARCVM

Skip to first unread message

The Mariocrafter

Jan 28, 2024, 5:39:43 PMJan 28
to ChromiumOS Development
Hello, I am writing this issue to inform you about some potential legal issues concerning the current state of ARCVM. Recently, Google has been sued for antitrust laws concerning the Play Store, and although the lawsuit is geared towards "Android", ChromeOS is not Android, but all Play Store apps operate on an Android virtual machine with "bridges" to interact with the device's hardware and ChromeOS, which is a heavily modified distribution of Gentoo Linux with the Chrome browser preinstalled is not Android in the technical sense, the virtual machine runs Android. Additionally, the European Union's Digital Markets Act (DMA) will be in force this March, which requires the addition of third-party app marketplaces on certain platforms. Google Play is defined as a "gatekeeper", as well as Android (which runs on ARCVM). ARCVM's Package Installer responds when opening an APK file by telling the user to enable Developer Mode, an extremely insecure mode that unlocks the bootloader, gives a security warning on each bootup, does a "Powerwash" (the officially designated term for a factory data reset on ChromeOS and ChromiumOS), and has a completely unprotected BIOS and providing access to a root shell. Later, a method to enable the Android Debug Bridge (ADB) via the Linux virtual machine (which is an advanced setting on the "Developers" tab, and requires an extensive setup process and requires a considerable amount of disk space) was added, but only the primary user can enable it via a complicated setup process, and use of the command line is required to install apps in the .apk file format downloaded from the internet. The United States of America (which Google is headquartered in) has a notable bill which is similar to the Digital Markets Act in the Soviet Union, and requires companies to provide alternate app markets to users, and the ability to sideload applications manually. The country of Japan has also proposed a similar bill. The recommended action to prevent any legal issues involving ChromeOS's Android virtual machine is to allow the user to enable and disable the "Install Unknown Apps" toggle freely, as would occur on an Android device, and/or to have the Android Debugging Bridge (ADB) setting via the Linux VM (codenamed Crostini) migrated to a user-wide option, rather than a device-wide setting, the ability to enable and disable the setting at will rather than requiring a Powerwash (factory data reset) to disable the setting, and consider removing the warning text: "This device contains apps that are not verified by Google" from the login screen, but switching to a user-specific system will make the message obsolete. Keep in mind that the ability to directly install a .apk file the same way as a normal Android-based device can has to be applied to both basic ARCVM and ARCVM-T, running the Android versions 11 "Red Velvet Cake" and 13 "Tiramisu" respectively. Devices running on the ARC++ compatibility layer/container with Android 6.x "Marshmallow", 7.x "Nougat", and 9 "Pie" have valid security concerns due to it's technology being an insecure container, even reportedly triggering an automatic Powerwash (factory reset) indicating that suspicious user and/or system data was found, when one reporter downloaded a suspicious app from the Google Play store on ARC++.
Reply all
Reply to author
0 new messages