Skip to main content

Here's why Project Zero should be split from Google

Google Campus
Google Campus (Image credit: Google)

Project Zero is a Google initiative that tries to make sense of online security and find serious flaws and exploits in the products we use every day. They folks behind the wheel do an excellent job at this difficult task and have worked with the companies that make our phones and televisions and thermostats and anything else to keep us a little bit safer from online threats. But it's also a group that shouldn't be working under the Google umbrella.

We don't need to know details to know that something looks fishy.

This is plain to see when we dissect the most recent posting from the group about a security issue — which was patched and no longer a worry — that allowed malware creators to spy on iOS users just by visiting a website. At least that's what the public announcement said, anyway. Turns out that other operating systems, including Android, were vulnerable, too, and that the websites in question were mostly China-based. Naturally, everyone started calling for blood and was sure that Project Zero was only trying to cover for Android because of the whole Google affiliation.

More: Why the latest iPhone hack should worry you no matter what phone you use

That's probably not the case this time, though it's easy to make that leap. What we aren't privy to is the entire discovery timeline and the agreement about disclosure between Project Zero and other smartphone vendors. I'll leave off the bit about China also being part of the world with real people who use phones that are every bit as important as their western counterparts and blame overzealousness as the reason that this being China-based was a problem. In any case, none of this matters because what we do know and what we did see makes it look like Project Zero was covering the Android ecosystem, and therefore for Google. And that sucks.

Project Zero would be just as effective on its own (with lots of money from "big tech").

Now I'm not a corporate executive and I'm not pretending to be; armchair CEO-ing sucks no matter who tries to do it. But even I can see an easy fix for this problem (and it will happen again): move Project Zero out of Google and set it up as an independent group funded by more than one company.

We need Project Zero because most people smart enough to do what it does have a full-time career keeping other companies safe and secured. But we don't need the sideshow that any sense of impropriety creates. An independent group funded by Alphabet, Apple, Microsoft and the rest of the names behind the products we buy would be just as capable and less suspect to falsifying results or being accused of it.

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • Looks like you messed up the title. I think you meant should be split from Google
  • SO heres the thing.... I dont see why a company that owns another company should not benefit from its construction. Everything is not about social justice when it comes to tech companies that sell commodities. Everyday I hear how Google and andrioid arent allowed to do XYZ, meanwhile Apple does it and its no problem. Why is it that Apple can benefit from its operating system but Google cant? The difference is Apple is collecting data but instead of selling to other companies they use it themselves. Google collects data and uses it itself for its services and that means that they are breaking anti trust laws... You seriously think that the data Apple collects on kids who use its platform isnt benefitting Apple in some way shape or form? Why are they not hit with the same suits as Google? Why is the world not going after Apple for lying about not allowing third parties to listen in on 'Hey siri' conversations? Now because Google had the balls to develop Project Zero they need to be split from eachother.... if we want another project zero how about another company create one? Ok rant over
  • I think this line of thinking is kind of bs... Who cares if Google owns it. It's their project... They should do what they want with it... Yea apple had a vulnerability and it COULD have affected Android, but I don't see anything showing that it did. So how about people stop messing with Google and let them be them. Everyone seems to have no problem with leaving Apple alone... But Google find something and suddenly it's all bad for Google? Name a time when Apple publicly said "hey we have a vulnerability"? And if u could name one, I bet no one else knows about it cause it was just swept under a rug. But Google publicly announces issues all the time... Yet they are now apparently "covering for themselves"?? Why would they need to even bother? Geez...
  • Project Zero was covering for Android? Seriously? The whole bit about China is simply ridiculous. It was clear that this was a state sponsored hack, which was really the only important point here. Would it have been less urgent if it was Russia or the Saudis doing this? To be honest, would Google have given Apple more time, or would Apple have dragged their feet, had it been the US or Britain's GQ? I don't think so. It makes a ton of sense for them to focus on the actual exploit rather than on who the "sponsor" was. It's not like they hid it, which might be a problem. And while they focus on iOS, because that's what these particular chains are targeting, they don't pretend that something like this could not have happened on Android. In fact, in discussing the entry point they actually point out that Chrome had the same vulnerability as WebKit. Again, if Google where hiding this information, that would be one thing. But in this particular context it makes sense that they weren't focusing on that.
  • Agreed. I've said for a long time now that PZ has nothing to do with security and everything to do with embarrassing Google's competitors.