An app for dissent in the 21st century

“Every act of rebellion expresses a nostalgia for innocence and an appeal to the essence of being.”

These words belong to the French philosopher Albert Camus, from his essay The Rebel (1951). The persistence of that appeal is rooted in our ease of access to it – as the holders of rights, as participants of democracies, as able workers, as rational spenders, etc. – as well as in our choosing to access it. During government crackdowns, it’s this choice that is penalised and its making that is discouraged. But in the 21st century, the act of rebellion has become doubly jeopardised: our choices are still heavily punished but our appeal to the essence of being is also under threat. The Internet, often idealised as a democratic institution, has accrued a layer of corporations intent on negotiating our richer use of it against our privacy. What, at a time like this, would be a consummate act of rebellion?

Engineers from the Delft University of Technology in the Netherlands have served up an unlikely candidate: an Android app. But unlike other apps, this one is autonomous, self-compiles, mutates and spreads itself – thus being able to actively evade capture or eradication while it goes about tapping on the essence of being. The hope is that it will render online censorship meaningless.

Times to build application from source code. Source: arXiv:1511.00444v2
Times to build application from source code. Source: arXiv:1511.00444v2

The app is referred to as SelfCompileApp by its creators, Paul Brussee and Johan Pouwelse. It had a less-sophisticated predecessor named DroidStealth in 2014, also engineered at Delft. While DroidStealth could move around rabidly, it had less mutating capability because its source code couldn’t be modified, often leaving it with weakened camouflage. On the other hand, SelfCompileApp boasts of a source code (available on GitHub) that can be altered, by others as well as itself, to adapt to various hardware and software environments and self-compile – effectively being able to tweak and relaunch itself without losing sight of its purpose. Its creators claim this is a historic first.

A technical paper accompanying the release also describes the app’s mimetic skills and, formidably, innocuousness. Brussee and Pouwelse write: “A casual search or monitoring may not pick up on an app that looks like a calculator or is generally inconspicuous. Also separate pieces of code may be innocuous on their own, so it is only a matter of putting these together. A game could for example be embedded with a special launch pattern to open the encrypted content within.” It can also use mesh networks, sidestep app stores as a way to get into your phone, slip past probes looking for malicious code and make copies of itself. But the chief advantage it secures through all these capabilities is to not have to depend on human decisions to further its cause.

SelfCompileApp isn’t artificially intelligent but it is remarkably deadly because it could push already-nervous civil servants over the edge. The big question they’re dealing with in cybersecurity is what makes (some lines of code) a cyberweapon. In the physical world, one of the trickiest examples of this ‘dual-use’ is uranium, which can be purified to the level necessary for a nuclear power plant or for a nuclear missile. So inspectors are alert for that level of enrichment as well as centrifuges that perform the enriching. With software, even the simplest algorithms can be engineered to be dual-use; the cost of repurposing is invitingly low. As a result, governments’ tendencies to be on the safer side could mean a lot of legitimate systems could get trawled by the security net, as surveillance technology exporters in the US are realising.

A symmetric problem exists in governance. By all means, SelfCompileApp could support a non-violent form of legitimate dissent in the hands of the right people, replicating itself and persisting through the interwebs – when physical infrastructure is malfunctioning, by carrying messages; when physical infrastructure is proscribed, by spreading messages. But in another form, a surveillance state could appropriate the app’s resilience to spy on its people in spite of whatever precautions they take to protect themselves. The apps’s makers are cognisant of this: “A point for consideration is the minimisation of the use for harm of the app, and the risk for harm by use of the app.”

Currently, SelfCompileApp works only on the Android OS but iOS and Windows Phone builds are on the way, as well as an ability to cross-compile across all three platforms. Information can be inserted into and retrieved from the app, but Brussee and Pouwelse note it will take a developer, not a casual user, to perform these tasks. DroidStealth was also able to obfuscate the information but it’s unclear if future builds of SelfCompileApp will have the same functionalities.

Now there’s an app for dissent, too.

The Wire
November 7, 2015