Google wrestles with the generative trade-off. Security experts have found another set of malicious apps in the Android Market and discovered that Google Docs regularly hosts phishing sites.

Falun Gong sues Cisco for facilitating official Chinese repression. Members of Falun Gong have sued tech giant Cisco in a U.S. court, alleging that the company customized its technology to meet government tracking and censorship needs and helped design China’s Golden Shield, the country’s infamous online censorship and surveillance firewall. The group also claims that Cisco marketed its technology as a tool to target government dissidents.

Hargreaves Review published. The review evaluates the fitness of the UK’s intellectual property regime for an internet age. It finds that IP laws put in place several hundred years ago are now stifling modern innovation and goes on to make ten specific recommendations for IP law reform to correct the problem. These recommendations include approaches to clearing patent thickets; dealing with orphan works; and transitioning to evidence-based, rather than lobby-based, IP policy; as well as rejection of a US-like fair use limitation.

Facebook users benefit from a Web of Trust. Clicking a link on your Facebook page that the crowdsourced Web of Trust service has identified as spammy or malicious will now bring up a warning that you may want to avoid the suspect site (and also check out Wikipedia entries on malware and phishing).

iFlowReader closes. Independent iOS e-book retailer iFlowReader shut down at the end of May. According to the company, Apple’s new e-book seller rules made it impossible to turn a profit. (The rules require sellers to give Apple a 30% cut of sales while at the same time limiting the seller to only a 30% commission, so the seller gets the commission from the publisher but then owes it all to Apple.) Company execs expressed frustration that, in their view, Apple maintained complete control over its platform and felt free to change the rules on developers, even after they, relying on the old rules, had been induced to make significant investments.

TiVo and EchoStar settle. The case involving a judicial order to EchoStar to send a remote signal disabling its customers’ DVRs ended in a whimper last month when the parties settled after the Federal Circuit held that EchoStar had waived its arguments that the disablement provision was vague and overbroad. EchoStar had asserted that it legally should not have been forced to disable the DVR boxes because it implemented a design-around instead so that the boxes no longer infringed TiVo’s patents. But the court didn’t reach the merits of this argument, since it held that the time to raise such issues was before the district court found EchoStar in contempt. So while we know that the Federal Circuit doesn’t have a problem with trial courts issuing a disablement provision to remedy patent infringement, we still don’t know whether the infringing party could avoid disabling its users’ products by pushing an update that replaced the infringing technology with a non-infringing alternative.

—Jennifer Halbleib

The U.S. government uses a PC control switch? The U.S. federal government obtained a temporary restraining order in April that allowed it to send to private computers unwittingly part of a massive criminal botnet a command that disabled the malware. In the past, the government has cut off or seized the command-and-control servers and computers that run a botnet, but here – without notice, because federal agents were still trying to collect the IP addresses of infected computers – the government issued a command to personal computers owned by innocent targets of the Coreflood botnet. Arguably, since Coreflood steals private data and loots victims’ bank accounts instead of just generating huge amounts of spam, the government had sufficient justification to order citizens’ (and non-citizens?) computers to kill the program. But in addition to concern that the command itself might unintentionally damage some private machines, such a path may be quite slippery. After all, prevention may be cheaper than disease; why shouldn’t the government push security software to all personal computers? And why shouldn’t it monitor citizens’ online activity to make sure they aren’t downloading programs from malicious sites? Nonetheless, how different is the command in this case from required residential building and health standards or mandatory vaccinations for schoolchildren? The government regulates personal safety in the real world when it implicates the broader public good, why shouldn’t it do the same online? And in the end, an individual can avoid running the command on his computer (and dodge the botnet risk, too) by simply disconnecting from the Internet.  Of course, that makes the computer slightly less useful.  The phenomenon is reminiscent of this Wired account from 2003, though note the reporter’s credibility appears to be in question.  (!)

Google’s questionable Grooveshark takedown. Last week, the Electronic Freedom Foundation criticized Google for removing the popular music service Grooveshark’s app from the Android Market. Google has said that it was responding to an RIAA complaint but has not explained the basis of that complaint. The company did not require notice before the takedown as provided for by the Digital Millennium Copyright Act. If the complaint was grounded in copyright, EFF noted that Google’s actions departed from its longstanding position of requiring such valid notice before takedown. Because the move coincided with Google’s testimony before the Senate Judiciary Committee, EFF speculated that it was designed to mollify any Congressional skepticism that Google was not committed to copyright enforcement.  Note that apps can still be added to a phone without having to go through the Android Market.

More consumers demanding iPads in place of laptop PCs. Last quarter, Apple’s profits exceeded Microsoft’s for the first time since 1991. Overall PC sales declined 2%, consumer PCs dropped 8%, and netbooks –  the inexpensive and mobile generative PCs most similar tablets like the tethered iPad – fell 40%.

Translating iOS to WP7. Meanwhile, Microsoft is contesting Apple’s dominance of the tethered device market. Microsoft now offers a tool that helps developers convert their iOS apps to Windows Phone 7 apps. It maps the WP7 application programming interface – the set of definitions and rules an app uses to communicate with the phone’s operating system – onto the iOS API, making it easier for developers to port their apps to WP7, giving Windows Phone 7 users access to more apps, and allowing Microsoft to compete with Apple in app marketplace size and range sooner.

And a related discussion of generative PCs and tethered devices including thoughts on JZ’s thesis in the book, as well as a take on his concerns about crowdsourced work.

—Jennifer Halbleib

While Apple and RIM pull the plug. This week both Apple and RIM removed controversial apps from their official app stores. Apple pulled an iOS app from Exodus International that propounded techniques and resources to treat homosexuality. And after several U.S. senators urged Apple, RIM and Google to remove the PhantomAlert app, which maps locations of nearby DUI checkpoints, from their respective app stores, RIM complied. So far, Apple has not removed PhantomAlert and Google refused to pull the app, saying that the app does not appear to violate Android content policies. Apple’s ultimate decision may shed some light on how it views its role as a benevolent gatekeeper: under what circumstances will Apple feel the need to step in and protect users from apps that are legal and don’t harm the device or expose personal data, but nevertheless contain content that users find offensive or believe is personally harmful? Similarly, should Exodus International come out with Android and BlackBerry apps, it will be interesting to see where RIM draws that line – and whether Google draws it. Of course, even if Google were to remove such apps from its official Market, Android’s open platform means that users could still download them from third-party app stores and sites.

And Google flips the kill switch. While Android owners may download third-party apps from Web sites that are independent of the official Android Marketplace, Google retains the power to reach in and remove apps from the phone without the owner’s permission. It recently did just that with over fifty apps containing code that, apparently as an initial step towards constructing a mobile botnet, rooted users’ phones. In this case, the apps were malicious and free. Google prevented users’ phones from co-option by a botnet and the users weren’t out any money. But by highlighting the precision and efficacy of tethering, Google may have put its remote kill switch on the table as a means for removing any illegal content. TiVo v. EchoStar showed us that some courts are willing to force an infringer to reach in and disable infringing devices that users have already purchased and installed in their homes. Courts may be less inclined to take such action against illegal content on a cell phone if it similarly means basically bricking the device. Cutting off innocent users’ phone service would be a much more disruptive remedy than frying their DVRs. But since Google has just demonstrated that it can excise the offending content specifically, why wouldn’t litigants ask courts for it as a remedy?

In the end, all four platforms decided what exactly their users own. Users buy a device, but what that device actually does is a service controlled by the platform. This service is subject to change at the platform’s discretion if, for example, it harms the device or doesn’t fit the company’s business model – and subject to change if senators, courts, advocacy groups, or anyone else can pressure the platform to take action.

Apple changes its policy on iOS e-book and subscription sales. If a company has an iOS app and allows users to buy premium content, such as e-books to be displayed by the app, with purchases made via a Web site (and therefore avoiding giving Apple a cut), Apple now requires that the company also allow users to make those purchases in-app (where Apple takes 30% of the price). Magazine or newspaper subscriptions sold through a browser must be available for the same price or less in iTunes as well. And publishers can no longer embed links in their iOS apps to Web sites that sell content. Furthermore, customers must be asked and then agree to release their information to publishers when they buy content through iTunes, so publishers are less likely to get the valuable consumer data they want for targeted advertising.

Google launches subscription payment service. After Apple announced its iOS subscriptions model Google followed with its content payment system, One Pass. One Pass operates across platforms. Customers who purchase content through their Google accounts can access it on their computers, tablets, or smartphones (though presumably not on their iOS devices, though there’s no technical reason this has to be the case). A spectrum of models is available to publishers: they can sell by the article, offer subscriptions, or provide day passes, among other options. Unless a customer opts out, Google shares customer name, zip code, and email address with the publisher. For One Pass service, Google takes 10% of sales revenue.

RIM tablet rumored to run Android apps. RIM may be developing software that would allow its PlayBook tablet to run Android apps. The move would increase the number of apps that can run on PlayBook more than six-fold to over 130,000 apps, making it more attractive to consumers. The tablet, promoted as the company’s answer to the iPad, is slated for release this year.

Facebook and the bright side of human flesh search engines. A woman who found a camera in New York City identified its owner in three hours by posting pictures from its memory card to Facebook and tagging her friends to solicit their help in the search. Web sites designed to reunite owners with their lost property exist, but both the finder and the seeker must know of them and go to the same one. Facebook doesn’t suffer from either problem. Although Facebook is not a fully public forum – most users restrict access to their profiles in some way – in this case it ended up being a big enough network to connect a helpful New Yorker with a grateful French tourist.

Boston promises a pothole-reporting app. It’s probably not something that Apple would have developed on its own initiative: an app that detects and automatically reports potholes using GPS and accelerometer data from the driver’s phone is in the works by the city’s “Office of New Urban Mechanics.” (!) While an unsafe driver may be wary of sending such information to city officials, the app’s developers see it as a new form of civic engagement. Perhaps we’ll see a pothole-filling app next year.

Google adds new security and crowdsourced ranking features. Google has recently added two new features. The first feature lets people with Google accounts add a second password. An account holder generates this additional code every time he wants to login, receiving it on his phone. It expires after a few minutes – giving the user time to log into his Google account – and so dramatically reduces the chance that it will be phished. The second feature is a Chrome extension that allows searchers to block sites that they don’t want to see in their Google search results. The user reduces unhelpful content farm results in her own searches, and Google draws on the information to tweak its rankings to decrease global content farm contamination of results.

Corporate strategies for information security and transparency. As more and more information is stored in the cloud and shared through networks, companies are increasingly susceptible to accidental or intentional disclosure of sensitive information. The Economist reports that corporations are taking a range of approaches to address the problem, from technological restrictions and monitoring (software or hardware that limits or watches what employees do with data) to cultural awareness (explaining to employees how particular acts put data at risk) or openness (sanctioning the release of more information to promote trust). Meanwhile, 40,000 individual Gmail account holders lost their cloud-stored emails and contacts this week because of a bug in a software update. Google is in the process of restoring users’ data to them — from backup copies on tapes.

Android app hacked to repeatedly text premium numbers. Hackers, apparently in China, have inserted code into a legitimate Android app that causes it to continuously text premium numbers. The altered form of the (already free) Steamy Windows app is available on unauthorized app sites. Once a user installs it, the app sends text messages to premium numbers, running up the user’s bill. It also blocks incoming texts from the wireless service provider that would normally alert a user that he has exceeded his text message quota. The hackers get a commission for each text sent to the specified numbers. Unwitting Android owners are at greater risk of attack, because unlike iOS owners, they can download apps from third party sites in addition to the official marketplace.  That makes them more generative — but also less secure, leading to the “generative dilemma.” (cached) [Cached because the cloud-based host for the deep linkable version of the Future of the Internet — And How to Stop It has vanished — ironic (or fitting?), given the book’s warning about the dangers of cloud-based platforms.

PCs as an endangered species. As the evolution of computing devices marches forward, PCs may be headed for extinction. Smartphones and tablets are increasingly marketed as PC replacements. These mobile devices can be used on their own, but also connect to a range of peripherals — laptop shells, monitors, keyboards, mice, even docks that turbo-charge performance with extra CPUs — for a more PC-like experience. For example, Motorola’s Android-based Atrix smartphone can run the desktop version of the Firefox browser when docked, giving the user access to cloud-based services like Google Docs in addition to the apps installed on the phone. But Firefox doesn’t run off the Atrix, it runs off a minimal Linux machine in the dock. And the Android app ecosystem doesn’t yet match the diversity of PC applications. Still, as mobile devices and the Web 2.0 apps and services (cached) they support become more sophisticated, it’s likely that they will expand out of their niche and invade the habitat currently occupied by PCs.

—Jennifer Halbleib

Zak Tanjeloff, chief executive of the app’s creator, DLP Mobile, said in a news release: “This app is certainly controversial, but can be helpful to people in relationships where this type of monitoring can be useful.”

Controversial, indeed; I think it’s awful and here I am spreading the word about it.

It was up in the Android app store until the NYT inquiry got it taken down.  The company behind it didn’t bother with a counterpart for the iPhone:

Mr. Tanjeloff said in a phone interview that his company had decided to build the SMS application for the Android platform because it would not need to be reviewed before it reached users.

“We can’t build it for the iPhone because it wouldn’t make it past the App Store approval process,” Mr. Tanjeloff said.

Here, then, a certain generative trade-off, one I’ve described more with viruses and trojans from afar than a fellow phone-user’s malice.  With the iPhone, apps like these just aren’t available — at least without the stalker having to jailbreak the targeted iPhone first.  On the more generative Android, it’s simply easier for bad stuff to brazenly find its way onto the platform since Google isn’t as obsessed with curating the selection of software for the phone.  And with Android, the official apps market isn’t the only source for software — so the banning of SMS Replicator there doesn’t exclude it from the phone; the enterprising stalker can install it from elsewhere.

Such software has been available for a long time on PCs, and few if any would say that its existence would be reason to upend the generative PC environment.  But the competition between Android and iPhone highlights that generativity really does come with some costs.  Should there be a well engineered Android worm that hops from phone to phone — either directly or by going through the SMS or email addressbook of each victim and recommending installation to the next — those costs will be even more drawn into focus, and the temptation may arise quickly to update Android not to be so open — or to exercise a kill switch targeting a particular piece of code.

It suggests the need, at least, for some easy-to-use auditing software for generative (or partially generative) platforms, Android, iPhone, and PC alike, so users can have a sense of what’s going on inside the device — and what data is going in and out.

To be sure, the generative dilemma trading off openness and security interests me because it runs so deep.  More superficial security problems can happen even on more locked down platforms, such as today’s revelation by Wired that a quick key sequence can apparently bypass an iPhone’s four-digit security code.  iOS update no doubt soon to follow.

Addressing the zombie invasion. U.S. officials are evaluating an Australian plan that targets the botnet epidemic. In particular, the American government is eying provisions that allow an ISP to notify customers with infected computers — since botnets typically run in the background of a user’s own applications, often the consumer is unaware that her PC has been taken over — and perhaps even quarantine maliciously co-opted machines by limiting online access. As the FOI book echoed in 2008, such a program increases security without resorting to perfect enforcement and may also encourage ISPs to provide consumers with tools to disinfect their computers, either as part of the service plan or for an additional fee.

iOS developer guidelines relaxed enough for torrent apps? Last week Apple approved its first BitTorrent app. But it turns out that Apple didn’t intend to allow torrent apps. Instead, the developer avoided the term “torrent client” in the app description, temporarily evading rejection. When Apple became aware of the app’s capabilities, it removed the app from the App Store.

Android apps share information. A Duke-Penn State-Intel study using the new TaintDroid tool revealed that half of thirty randomly selected popular Android apps send personal information such as location or phone number to ad networks, sometimes with surprising frequency. When an Android owner downloads an app, he or she has to give permission for the app to collect personal information. But from that sole initial disclosure it’s usually not clear when information will be accessed and how it will be used. Privacy policies are often unintelligible. Hopefully utilities like TaintDroid will soon be available in downloadable form to allow Android (and iPhone) owners to monitor in real time what information their apps are accessing.

Italy demands that Apple remove an offensive app from the App Store. Child pornography? No. Graphic violence? Not so much. Italy is upset that a travel app characterizes the country as the home of the Mafia (also of pizza and scooters). Since Italy knows Apple can remove the app, it may feel entitled to demand that the company do so whenever Italians’ dignity is the least bit bruised. In a walled garden, the country of Da Vinci need not cultivate perspective.

RIM jumps on the anti-fart app bandwagon. RIM takes the position that apps that keep users coming back and convince them to purchase upgrades or additional content are more valuable to RIM and developers than fart apps. But should the value of an app be determined ex ante by device-makers or set by user behavior? Good search and rating systems seem like a better way to run an efficient app store — one that allows both apps that provide “ongoing entertainment value” and inexpensive, one-off apps that may serve important, if temporary, functions. (Ever unexpectedly have to entertain a child for an afternoon?) Still, nice of CompuServeRIM to tell us what we want. Because listening to users and developers isn’t a plan that’s going to work.

Can a wireless provider block texts it doesn’t like? New York federal court was presented with that question in a case where T-Mobile blocked all texts from a texting service because one of the service’s clients provided information via text on legal marijuana dispensaries in California. Under the recently proposed Google-Verizon net neutrality principles (analyzed here), a wireless company would have latitude to discriminate based on the sender, recipient, or content of the message as long as its practice is transparent. But it’s hard to see how the discrimination in this case is required because of the “unique technical and operational characteristics of wireless networks.” We’ll have to wait to see how courts address the issue as the parties have settled the case. Although the full terms of the agreement weren’t disclosed, it “requires T-Mobile to stop blocking the New York-based EZ Texting service’s thousands of clients, if they meet T-Mobile’s approval. The medical-marijuana info service, which used texts to tell its users where the nearest medical-marijuana store was, remains blocked.” (emphasis added).

The future of HR. Social Intelligence will help potential employers determine whether you are a good hire and monitor you (with real-time updates) when you’re on the payroll by trolling your public social network profiles. “[C]ompany spokespeople emphasize liability. What happens if one of your employees freaks out, comes to work and starts threatening coworkers with a samurai sword? You’ll be held responsible because all of the signs of such behavior were clear for all to see on public Facebook pages. That’s why you should scan every prospective hire and run continued scans on every existing employee.”

iPhone expression that’s more than skin deep. Children and adults with disabilities affecting speech are converting their iPhones to alternative communication devices. Smartphone apps that are mobile, easy to use, and even cool give a voice to autistic kids and stroke victims alike.

—Jennifer Halbleib

Much of the online discussion has focused on the merits of the suit.  Oracle officially acquired Sun Microsystems early this year.  Sun originally developed Java and, over time, released most of the platform into the open source ecosystem.  Patents that were filed may have been a defense against litigation or even a joke.  And Google has licenses for those patents.  So the question here revolves around whether, by strict or loose interpretation, Google violated its licenses, but the vagueness and generality of Oracle’s complaint [pdf] (and press release) renders most of this analysis speculative pending additional clarification.  (More discussion on the open source backdrop is available here and here, and counterpoint here.)

However, the remedy Oracle wants couldn’t be more clear.  It asks for monetary damages to compensate it for its financial losses and punitive damages because it alleges Google “knowingly,” i.e. intentionally, violated its IP rights.  In addition, Oracle requests “[a]n order permanently enjoining Google, its officers, agents, servants, employees, attorneys and affiliated companies, its assigns and successors in interest, and those persons in active concert or participation with it, from continued acts of infringement of the patents and copyrights at issue in this litigation” and “[a]n order that all copies made or used in violation of Oracle America’s copyrights, and all means by which such copies may be reproduced, be impounded and destroyed or otherwise reasonably disposed of.”  The last one is the kicker: just like TiVo’s demand of EchoStar, Oracle wants the court to tell Google to reach into Android owners’ handsets and rip out the offending material, leaving innocent consumers with a gutted shell — and the remainder of their two-year service contract.

The destruction remedy applies only to the copyright claim.  If the case goes to trial a jury could conceivably find Google liable for patent infringement but not copyright violation.  And even if it did, the district judge has discretion over what relief to grant.  Plus, the appeals process could hack back overbearing damages.

But as long as it is on the table, the availability of such a remedy is a very big stick.  Even if Google believes it should win the suit, betting on that outcome doesn’t make sense if it means risking having to destroy consumers’ phones or fighting a long and uncertain legal battle after the destruction provision is awarded, instead of paying conventional monetary damages.

Google has seen how a similar fight has played out for EchoStar.  EchoStar attempted to comply with the court order by sending DVR boxes an update that replaced the infringing technology with noninfringing parts, leaving intact the DVRs’ functionality.  The Federal Circuit said “no dice,” the remedy was disablement of the DVRs, and that alone would suffice.  EchoStar continues to refuse to disable its customers’ DVRs and has been held in contempt and fined $200 million.

The Federal Circuit has agreed to rehear EchoStar’s case en banc.  And in the interim, the U.S. Patent and Trademark office has invalidated the very patents TiVo claimed EchoStar infringed. (TiVo is appealing the ruling; until its appeal is exhausted, the patents remain in force.)  And the FTC has stepped in to give the circuit court some guidance, filing an amicus brief urging it to consider how specific sanctions will impact innovation across the technology industry.

The availability of destruction as a remedy smothers innovation.  If Oracle can’t strong-arm Google into settling but wins at trial and is awarded the destruction provision (and it survives appeal and Google eventually capitulates instead of balking and riding a series of contempt proceedings into a draconian post-litigation settlement or bankruptcy), (1) consumers would have their phones replaced with bricks and think twice before buying new tech again; (2) Android developers would see their platform and all their apps evaporate; and (3) in the future, companies would likely waste time reinventing the wheel to avoid Google’s court-ordered fate rather than developing new technologies.  There is a storm brewing, brought on by the rise of tethered appliances and the thicket of software patent regulation.

—By Jennifer Halbleib

Disintegrating Droids. The Droid X comes pre-loaded with eFuse technology, which prevents it from booting with unapproved software. Motorola points out that triggering eFuse doesn’t permanently disable the phone — it can re-boot once approved software is reinstalled. Much better.

Neighborhood watch for software vulnerabilities. At the Black Hat security conference last week, Microsoft advocated for cooperation between software companies, researchers, and security vendors to share information on flaws and patches in order to keep users safe. Perhaps cross-pollination at the meeting will spread the idea of mutual aid to website owners as well.

Researcher remotely hacks ATMs. Also at Black Hat, a security researcher demonstrated that he could remotely order stand-alone ATMs to spew cash. While causing a remote ATM to dispense money at will is less appealing to the average thief than cracking open a proximate machine, an accomplice with a laptop in a van nearby could make it a profitable endeavor.

Apple rejects iPad magazine subscription app. Apple has nixed an app from Time, Inc. that would have allowed iPad owners to purchase a digital subscription to Sports Illustrated. Peter Kafka of Media Memo hypothesizes that Apple doesn’t want to give magazine publishers the access to personal user information they would have with an app. But publishers are likely salivating over the targeted advertising potential of mining that data. Plus, single-issue sales through iTunes are cumbersome and inefficient. There may be a confrontation brewing, unless publishers are willing to be satisfied with whatever options Apple grants them.

Communicating with the e-book mothership. If the latest must-read on Kindle is dotted with typos or has a few pages missing, there’s a good chance Amazon offers a patch to correct the error. It’s a handy Internet-enabled functionality, although one can imagine at the extreme authors continuing to update their work ad infinitum, making it impossible for a reader to say he or she has read an e-book since content is always subject to change. Information flows in the other direction on the Kindle superhighway too, as Amazon apparently keeps track of what readers are highlighting. There’s some creep factor in Amazon knowing what ideas Kindle readers think are important, even if the most highlighted passages are in works as deep as The Lost Symbol. But the information is also so interesting.

The remote control. In April, Sony quietly revised the End User License Agreement that came with the latest PS3 firmware update to allow the company to change how an owner’s console operates in whatever way it wants, no notice or permission required. Now the FCC, at the request of the MPAA, has given cable and satellite providers the right to remotely disable output connections on consumers’ set-top boxes, leading consumers to ask “What did I buy?”

Curated Computing is the new name in town for the experience provided by the tablet non-PC. This particular term is meant to accentuate the “less choice, more relevance” aspects of that experience. It rolls off the tongue more smoothly than “contingently generative” and sounds less regressive than an “appliance,” but it connotes somewhat life aboard the Axiom. However, its proponents suggest that curated computing devices are meant to exist alongside and supplement traditional PCs. Let’s call that a worthy goal and the best of both worlds.

iPhone pillow talk with Steve Jobs. A ValleyWag reporter last week exchanged late-night emails with a defiant Steve Jobs on the iPhone’s ability to give people “freedom from” data theft, battery hogs, and porn. The emails speak for themselves, giving a little insight into Jobs’ perspective on the benefits and aims of the iPhone. He gets a little snarky at the end, but then again it’s 2am when he’s responding, and he never has a chance to clarify his comments, unlike the Gawker reporter.

Android outsells iPhone. During the first quarter of 2010, phones with the Android OS grabbed 28% of the U.S. market share, surpassing iPhone’s 21% (RIM’s Blackberry is still at the top with 36%).  Although Android benefited from Verizon’s buy-one-phone-get-one-free promotion and iPhone continues to lead worldwide, it appears Google is getting closer in Apple’s rearview mirror.

McAfee prevents computers from booting up in new virus-protection strategy. Centralizing security software in a few big providers concentrates expertise to solve problems, while also meaning that there are only a few–albeit strong–security systems the bad guys need to breach in order to wreak widespread havoc.  But in a previously under-appreciated risk, a flawed update of widely-used antivirus software can cut out the middleman and accomplish the same havoc directly.  A McAfee software update mistakenly identified a critical file as a virus and quarantined it, causing computers around the world, many of which automatically install updates, to repeatedly attempt to boot up.  One source estimated that 800,000 PCs were affected.

Taking [re-]generativity seriously. A Connecticut mayor donated her kidney to a Facebook friend last month after seeing his desperate status update.  The patient’s doctor had suggested that he try publicizing his need through social media, using an online connection to a forge a real-world bond.

Android Market Badly Needs A Web Presence to Compete with the App Store. Jason Kincaid argues that, while there are fewer Android apps than iPhone apps, a better web system for browsing and choosing apps could really help Android. I think he’s right that Google could think creatively about how to push the Market past (or at least toward) the App Store, but he admits that the big caveat is that 90% of apps are bought over-the-air, not via the web.

Apple Approves “Tits & Boobies” and “Pussy Lovers” Apps. Apple’s app reviewers try to figure out what to do with a “tits & boobies” app that shows pictures of the birds of that name. “One thing is clear to me: Nobody is ever going to be happy with this process, which I’m afraid will remain imperfect forever.”

Inside India’s CAPTCHA-solving economy. One huge aspect of ubiquitous human computing is sending menial computing tasks abroad; the social and economic implications of that, obviously, are potentially enormous. This piece is a good description of the market for CAPTCHA-solving work in India, where the going rate for 1000 captchas is $2.

Google Rests Its Defense of Executives in Italian Privacy Case. Some of you may have been following this case—Google executives in Italy are being prosecuted for allowing a video of students bullying an autistic teenager to remain on Youtube. The video stayed online for two months, but was removed almost immediately when Google employees were alerted to its presence. Google rested its case a few days ago; a verdict is expected in January or February. None of the executives faces jail time, because they don’t have criminal records. But if they’re convicted, it will be interesting to see what Google decides to do with its future Italian operations.

Cellphone Encryption Code Is Divulged. A German engineer claims to have broken the code used to encrypt GSM phone calls, or 80% of the world’s mobile calls. There are steps between breaking the code and actually intercepting and deciphering calls, but this is the big step. He says he’s only “trying to push operators to adopt better security measures for mobile phone calls”—measures which exist, but haven’t been implemented.

—By Elisabeth Oppenheimer