Other examples of proprietary malware
Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.) This page explains how Google software is malware.
Malware and nonfree software are two different issues. The difference between free software and nonfree software is in whether the users have control of the program or vice versa. It's not directly a question of what the program does when it runs. However, in practice nonfree software is often malware, because the developer's awareness that the users would be powerless to fix any malicious functionalities tempts the developer to impose some.
ChromeOS has a universal back door. At least, Google says it does—in section 4 of the EULA.
In Android, Google has a back door to remotely delete apps. (It is in a program called GTalkService).
Google can also forcibly and remotely install apps through GTalkService (which seems, since that article, to have been merged into Google Play). This is not equivalent to a universal back door, but permits various dirty tricks.
Although Google's exercise of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely deactivate programs that it considers malicious. But there is no excuse for allowing it to delete the programs, and you should have the right to decide who (if anyone) to trust in this way.
On Windows and MacOS, Chrome disables extensions that are not hosted in the Chrome Web Store.
For example, an extension was banned from the Chrome Web Store, and permanently disabled on more than 40,000 computers.
Google censored installation of Samsung's ad-blocker on Android phones, saying that blocking ads is “interference” with the sites that advertise (and surveil users through ads).
The ad-blocker is proprietary software, just like the program (Google Play) that Google used to deny access to install it. Using a nonfree program gives the owner power over you, and Google has exercised that power.
Google's censorship, unlike that of Apple, is not total: Android allows users to install apps in other ways. You can install free programs from f-droid.org.
Google offers censorship software, ostensibly for parents to put into their children's computers.
These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs.
The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are lots of bugs in the phones' radio software.
The wrongs in this section are not precisely malware, since they do not involve making the program that runs in a way that hurts the user. But they are a lot like malware, since they are technical Google actions that harm to the users of specific Google software.
Revolv is an IoT device which managed “smart home” operations: switching the lights, operate motion sensors, regulating temperature, etc. On May 15th, 2016, Google said it would shut down the service linked to the device, making it unusable.
Although you may own the device, its functioning depended on the server that never belonged to you. So you never really had control of it. This unjust design is called Service as a Software Substitute (SaaSS). That is what gave the company the power to convert it into a $300 out-of-warranty brick, for your “dumb home”.
Google has long had a back door to remotely unlock an Android device, unless its disk is encrypted (possible since Android 5.0 Lollipop, but still not quite the default).
Tracking software in popular Android apps is pervasive and sometimes very clever. Some trackers can follow a user's movements around a physical store by noticing WiFi networks.
Android tracks location for Google even when “location services” are turned off, even when the phone has no SIM card.
Google Chrome contains a key logger that sends Google every URL typed in, one key at a time.
Google Chrome includes a module that activates microphones and transmits audio to its servers.
Spyware is present in some Android devices when they are sold. Some Motorola phones modify Android to send personal data to Motorola.
Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked from us by a paywall) reports that the FBI can remotely activate the GPS and microphone in Android phones and laptops. (I suspect this means Windows laptops.) Here is more info.
Google's new voice messaging app logs all conversations.
Nest thermometers send a lot of data about the user.
Many web sites report all their visitors to Google by using the Google Analytics service, which tells Google the IP address and the page that was visited.
Google Chrome makes it easy for an extension to do total snooping on the user's browsing, and many of them do so.
The Netflix Android app forces the use of Google DNS. This is one of the methods that Netflix uses to enforce the geolocation restrictions dictated by the movie studios.
Google now allows Android apps to detect whether a device has been rooted, and refuse to install if so.
Update: Google intentionally changed Android so that apps can detect rooted devices and refuse to run on them.
Chrome implements DRM. So does Chromium, through nonfree software that is effectively part of it.
Some Android phones made by Google are tyrants (though someone found a way to crack the restriction). Fortunately, most Android devices are not tyrants.