You can change remote configuration flags post-release (e.g. to enable diagnostics).
Even “secure” softwares like Google Chrome can capture your whole browsing history if they suddenly decide to enable a flag on your IP address. No need for conspiracy or update, though Chrome is considered perfectly secure.
In Android you can also distribute updates to specific e-mail addresses, which is very convenient.
> In Android you can also distribute updates to specific e-mail addresses, which is very convenient.
Yes but this requires the user to opt-in, you can't do it silently:
> After clicking the opt-in link, your testers will get an explanation of what it means to be a tester and a link to opt in. Each tester needs to opt in using the link.
As for the Chrome thing, I'm a Firefox user but I would be surprised if it shipped with the option to remotely upload whole history without user's knowledge or consent, do you have a source to back that up?
Of course someone is doing this. I’m not sure they are the kind to tell it to the world, though.