This post is an update to my previous post about Cybrary’s Android app being banned from the Google Play store: https://www.cybrary.it/2015/11/google-play-against-cybersecurity-education-and-for-censorship-you-decide/
Thank you Cybrarians, for your support in getting the Cybrary app put back into the Google Play store! Also, thank you Google Play Support Team for hearing our appeal!As you know, last Wednesday (11/25), the Google Play Support Team notified us that our app was being removed from the Google Play store because it violated the “Dangerous Products” provision of the Developer Distribution Agreement (DDA, section 4.4). To briefly recap, section 4.4 of the DDA states the following two primary points:
- You agree that you will not engage in any activity with the Store, including the development or distribution of Products, that interferes with, disrupts, damages, or accesses in an unauthorized manner the devices, servers, networks, or other properties or services of any third party including, but not limited to, Android users, Google or any mobile network operator. You may not use customer information obtained from the Store to sell or distribute Products outside of the Store.
- Your app and/or elements of its listing on Google Play, including title, description, and promotional screenshots provides/links to specific instructions used to circumvent software/hardware mechanics.
This violation of policy speaks most directly to the fact that our app contains free penetration testing training
. True, cyber security careers involve far more than just penetration testing, however, it would be reasonable to estimate that almost 1/3 of the industry does require this much maligned skill set. Therefore, as Cybrary’s app was intended to bring free cyber security training
to people with less than adequate internet connections, and people who needed / wanted to learn while not being able to stream from the internet, removing penetration testing content from our app would have made for a less than adequate cyber security learning experience.The app termination notice from Google was final. Per the notice, we were not allowed to appeal, and we could not reinstate the app nor its location in the Play store. The only option was to remove all penetration testing content, and then resubmit a completely new app. Therefore, we wrote the blog post (https://www.cybrary.it/2015/11/google-play-against-cybersecurity-education-and-for-censorship-you-decide/
) and then notified our fellow Cybrarians about it.The support for our initiative was exceptional! That day, Twitter went wild with Cybrarians reaching out to @GooglePlay in support of our app. They were asking Google to reinstate the app, to bring it back, because in no way is our effort to teach cyber security for free, a bad thing, but rather, it is a very good thing. There were approximately 5,000 different Twitter notifications surrounding the subject that day, most of which mentioned @GooglePlay, and us, and questioned why the leading Android app store would take a position that seemed so much like censorship.Yesterday afternoon (11/30), the Google Play Support Team notified us that they were willing to reinstate the Cybrary app, in its full state. The only provision that the Google Play Support Team asked of us, was that we describe the app to best express its educational intent and how it is to be used for legitimate and ethical cyber security purposes. This of course, is the intent, and so we gladly changed the messaging to comply.What is the Lesson Learned?
The most prevalent point in this situation is not that Google Play wanted to censor educational content, nor that penetration testing training is bad or dangerous. Instead, this situation sheds light on the issue of the general misconception due to the lack of awareness about the cyber security industry as a whole. Penetration testing as a concept can be summarized as someone finding vulnerabilities in an application or network for the purpose of fixing or patching those vulnerabilities. Essentially, you look for ways to break into a network, true, and this may come off like it is something bad to do. However, it’s a critical element of cyber security, defending ourselves and our data. Much of the misconception comes from the negative tone that “hacking” and “hackers” have been plagued with for many years now. The negative media around data breaches and attacks, outweighs the day to day jobs and accomplishments of the true professionals working in the field. It is evident that the industry is still wildly misunderstood. Cyber security is in a state of great deficiency, the over 1,000,000 unfilled jobs that exist globally, speak directly to this point. There are too few people to fill the demand. Therefore, there is also a lack of sufficient growth and awareness.So again, because thousands of Cybrarians took to Twitter, and spoke out about the ban of our free cyber security training app, we took another step in driving awareness to an industry that desperately needs greater awareness, more talent, and more education. The fact that the Google Play Support Team took the time to hear our voices, review, and then ultimately reinstate the application shows that they took their user’s opinions seriously, which is definitely comforting to know. As a cyber security community, we should continue to support one another, contribute to open learning and help encourage others to begin a career in the field. By doing this, we will be taking steps towards an industry that is continually evolving in the right direction, as opposed to one that feels to many to be the “wild west” of technology.At the end of this, we have moved one step closer to greater awareness for cyber security, our free education app is back, and once again available to everyone, everywhere. So again, thank you Cybrarians and thank you Google Play!