Google kills downloads on Google Code 'due to misuse'

To keep its Google Code developer community "safe and secure", Google will prevent developers publishing downloads on the service and is pushing the functionality to Google Drive instead.

Google Code offers developers a collaborative space to host open source projects that come with member controls, Subversion/Mercurial/Git repository, issue tracker, wiki pages and a downloads service.

The last feature, which allows projects to make their files available for public download, will be wound down due to misuse, Google announced this week.

"Unfortunately, downloads have become a source of abuse with a significant increase in incidents recently. Due to this increasing misuse of the service and a desire to keep our community safe and secure, we are deprecating downloads," Google Project Hosting said.

New projects will not be able to publish downloads, while the feature will disabled from 14 January 2014 for existing projects, Google says on its FAQ.

Google does not say exactly what that misuse seen on Google Code is and, while user reports of malware abuse on the service have picked up since December last year, there are only around 200 reports to date.

One user on 17 April reported receiving an SMS disguised as a free giveaway from Kentucky Fried Chicken which included a link to a malicious file hosted on Google Code. The malware distributor had four projects on Google Code hosting similar malware yet had no source code on the site.

ESET malware researcher Sébastien Duquette has posted 36 malware reports since December and security vendor Blue Coat warned last week that malware was once again being distributed on Google Code.

The move to Google Drive means developers will lose useful features that were available on downloads, such as project labels and download counts for downloads.

And Google did have another option, according to Chris Larson, a Blue Coat researcher who pointed out that Google could use its recently acquired VirusTotal service to scan for "obvious malware" on Google Code. "After all, these aren't exotic zero-day malware samples. What's up, Google?

Source : zdnet