Feeds

Google throws secret auto-updater to open sorcerers

Bloody Omaha privacy breach

Build a business case: developing custom apps

Google has thrown a little-known but controversial part of its web services code to open sorcerers to prove to skeptics there's nothing funny going on under the covers. Oh, it also wants to give third parties a peek at what's going on inside your system, too.

The Mountain-View chocolate factory has released the code of Google Update under an Apache 2.0 open source license. Newly-transparent Google Update, now referred to as Omaha, was pushed into the wild late Friday while everyone was busy being fitted for Easter bonnets.

If you've got Google software on your Windows box like Chrome, Gears and Google Earth, then you've got GoogleUpdate.exe running in the background silently downloading product updates and beaming home certain use data back to Google.

As a central auto-updater for such applications it may be handy, but unfortunately GoogleUpdate is always on, can't be uninstalled unless every single Google apps is removed first, and until now, we've had to take Google's word that it's only sending innocuous user and system data back to Google's servers.

That’s left people angry at this violation of privacy, and seen others temporarily turn off the process for a few hours at a time using the simple CTRL + ALT + DEL.

Obviously, that impedes the ability of services from the Chocolate factory to keep feeding back into the systems at the Googleplex.

According to the Google Open Source blog:

Since Google Update is always running on your system, there's no simple way to stop it, and since it's a fundamental part of the Google software that needs it, it's not explicitly installed. Some users can be surprised to find this program running, and at Google, we don't like disappointing our users. We've been working hard to address these concerns, and releasing the source code for Omaha is our attempt to make the purpose of Google Update totally transparent. Obviously, we understand that not everyone is both willing and able to read through our code, but we hope that those of you who do will confirm for the rest that Google Update's functionality serves well to keep your software up to date.

Google said its secondary motivation for opening the auto-installer is to encourage developers to use the code and integrate it with their own products.

Supposedly, the outcome could be Omaha catching on as some sort of generic package manager for Windows. Yet while the shift to open source may stymie concerns Google is collecting more information with GoogleUpdate.exe than it discloses, it doesn't yet solve the software's other notable issues.

Google still doesn't inform users about the updater, and there's currently no option to make it ask before downloading updates. It's also constantly running in the background, using Window's task schedule every few hours only as a way to make sure the process hasn't been killed.

Which might explain why Google chose to put out this news over the Easter weekend, when people’s minds were turning to other types of chocolate.

While GoogleUpdate itself may not take a big chuck out of a computer's resources - it seems every big software company feels its necessary to have their own updater running in the background. Collectively, it bogs down a system. Omaha could help merge a few smaller software developers into a single update platform, but it's extremely unlikely a major player would take the bait.

Hopefully Google follows through with making the GoogleUpdate process less of a surprise to the average person. There is such a thing as simplicity without making the user give up all control.

Omaha's source code along with developer instructions are provided at the project's Google Code repository. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.