>google play services is actively listening for remote installation requests?
Uh, yes? That is and always has been core functionality. You can click "install" on the Google Play website on your laptop and the app will magically appear on your phone, if both devices are signed in to Google. I triggered this behavior accidentally a good 10 years ago when I got my first Android phone, and it gave me the shivers - it really drove home the point that Google had root on my phone, not me.
In fact, this entire behavior is so normalized on phones we now have a special word for the process of downloading an app and installing it manually, the way we do on PCs: "sideloading".
That's not the behaviour of what happened here, where an app was downloaded without user initiation or intervention. There was no authorization from the user of the actions that were taken by Google or the app's vendor.
From a technical standpoint, it is the same. The phone maintains a connection to a Google server and listens for "authorized" installation requests - where "authorized" means "authorized by Google". When you click "install" on the Play Store on your laptop, you're not talking directly to your phone (how would that even work?) - you're talking to Google, who then speaks to your phone on your behalf.
Yes, of course, but this isn't a technical issue. Look at the webpage that this hn page references. When people say, "an app was installed on my device without my consent or knowledge," the exact method the device used to listen isn't important.
The first issue is that Google software allows non-authorized software installations. The second issue is that a government forced the installation of the app. The technical specifics are just implementation details.
This subthread is about the technical issue. The root comment asks "the real question is what mechanism allows them to push a random app to some phones?".
From what you've written, it appears that you are guessing as to the implementation details that correspond to the mechanism for pushing random apps to phone, which is in this case means un-authenticated apps. There may be an entirely different method used than the standard push method from selecting an app on the website.
Uh, yes? That is and always has been core functionality. You can click "install" on the Google Play website on your laptop and the app will magically appear on your phone, if both devices are signed in to Google. I triggered this behavior accidentally a good 10 years ago when I got my first Android phone, and it gave me the shivers - it really drove home the point that Google had root on my phone, not me.
In fact, this entire behavior is so normalized on phones we now have a special word for the process of downloading an app and installing it manually, the way we do on PCs: "sideloading".