Google Play – Against Cybersecurity Education and for Censorship? You Decide

What we are about to present are facts regarding why the Google Play Support team decided to remove our app from their app marketplace, and how this position by Google Play reflects a negative stance against the free flow of cyber security education, and an enactment of censorship of what should be available knowledge to the cyber security community. If you believe knowledge should be free and open, then feel free to make your voice heard in a professional manner.   See the conversation on TwitterYesterday, the Google Play Support Team removed the Cybrary App from the Google Play store. Cybrary’s app was designed to make cyber security education available to people who do not have a reliable internet connection. In other words, Cybrary makes its free cyber security education classes available for download on the app, so that people may consume those classes and learn, even when they do not have a stable internet connection. The classes included in the Cybrary app included all of the classes found in our course catalog. This app was designed to help people such as those in developing nations, military Veterans and others who cannot afford high priced training to enter or advance in a career in cyber security.Cybrary’s App Submission, Approval and then RemovalOn October 17, 2015, we submitted our app, which included all of our free cyber security classes, and shortly after submission, Google Play approved the app. Since that time, until yesterday, almost 50,000 people worldwide have downloaded the app and have been using it to learn cyber security for free, on the go. Google play reached out to us, on 11/18, after we submitted an app update. In reaching out they stated that our app was in violation of section 4.4 of the Developer Distribution Agreement (DDA). Yesterday (11/24), they removed the app from the Google Play store. In that time, we had reached out to try and figure out exactly what the problem was, and we made repeated attempts to have dialog with someone who was making this decision. They refused to converse with us on the matter with each attempt, and simply responded each time that the app was in violation of section 4.4 of the Developer Distribution Agreement (DDA). In all fairness to the Google Play Support team, the interactions, although not providing any guidance or information on the issue, was very cordial and polite during the communications. Despite not engaging in dialog which would help pinpoint the actual problem, they removed the app from the Google Play Marketplace.Now let’s explore the facts on Google Play’s position as potentially being against the advancement of cyber security education, and their act of censorship on this educational content.What is Section 4.4 of the DDA?The following is the policy that Google Play cited our app in being violation of:

• The Developer Distribution Agreement states: You agree that you will not engage in any activity with the Store, including the development or distribution of Products, that interferes with, disrupts, damages, or accesses in an unauthorized manner the devices, servers, networks, or other properties or services of any third party including, but not limited to, Android users, Google or any mobile network operator. You may not use customer information obtained from the Store to sell or distribute Products outside of the Store.

• • Your app and/or elements of its listing on Google Play, including title, description, and promotional screenshots provides/links to specific instructions used to circumvent software/hardware mechanics.

Per this policy section, it seems to denote that our free cyber security education app was in violation of their policy, section 4.4 because we are offering training on penetration testing. Our app included 3 primary classes that contained penetration testing concepts, the Ethical Hacker, Post-Exploitation and Advanced Penetration Testing.Is Google Play Against Cyber Security Education?Penetration testing is a core principle of cyber security, that is simply, not for debate. In order to pursue a large number of career paths within cyber security, or in order to advance one’s career as a cyber security professional, one must understand the principles of penetration testing. The concept of penetration testing is a highly sought after, under-served skill set that is in high demand, and in order for the world to start filling the gap that makes up over 1,000,000 unfilled cyber security jobs globally, more people need to understand pen testing. This concept is covered in almost every cyber security certification or class, to at least some degree. We believe that by Google Play disallowing the teaching of and delivery of penetration testing training classes, they are censoring out a key learning principle of cyber education, and are therefore not in support of cyber security education overall.More to the point on the need for penetration testing talent, the US DoD 8570 Directive launched several years ago. This directive mandated that people working in cyber security, for the US DoD, or on contracts for the US DoD, should maintain skills sets or seek certifications which include certain cyber concepts, one of the main concepts being pen testing. In fact, several classes / certifications that made up this Department of Defense Directive were penetration testing certifications, see more here on that directive and its certifications: http://www.trainace.com/dod8570/It is not debatable that penetration testing is essential to cyber security professionals, institutions such as SANS, and many others, have been teaching it for years, simply because it is a highly critical skill set. Google Play’s position here is in direct contradiction with the necessary advancement and reach of cyber security education. Once more, this positions Google Play directly against the flow of cyber security education. The Google Play Support team would not, to even the slightest degree, entertain the value or need of this skill set, and simply stated that our free learning content was in violation of DDA section 4.4.Is this Act of Disallowing Content, Censorship?Obviously, Google Play has every right to not allow penetration testing learning in their app marketplace, its their marketplace, and we respect that. However, it is our opinion that by Google Play disallowing the delivery of this penetration testing training content, they are positioned against core, highly necessary, highly under-served cyber security education. This position also, in our opinion, means that Google Play is acting in a manner that is directly defined as censorship. They are disallowing an important concept to be taught, and therefore learned, by people seeking a career in cyber security. Knowledge should be free and available to the people who need it. The cyber security community needs more people with penetration testing skills, and by Google Play disallowing this important content, they are exercising censorship via their monopolistic position as the only app marketplace for the world’s Android device users.What Can Be Done?Obviously, the only power that Android users and the cyber security community has in this case is to voice our opinion. We would encourage you to make this opinion known on social media outlets like Twitter, Facebook and Reddit. If you would like to write to the Google Play Support team, asking that they reconsider their stance, please do so in a professional manner with the following:Email Address: googleplay-developer-support@google.comSubject: RE: [8-1296000009508] Your appeal for reinstatementPackage Name: com.cybrary.appRegarding App: CybraryCybrary App URL: https://play.google.com/store/apps/details?id=com.cybrary.app If you believe, then let your voice be heard! Go to Twitter #censorship to discuss.