Slashdot Mirror
Google Remotely Nukes Apps From Android Phones
itwbennett writes "Google disclosed in a blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market. From the post: 'Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them. After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.' The blog post comes a day after security vendor SMobile Systems published a report saying that 20% of Android apps provide access to sensitive information."
Update: 06/25 16:44 GMT by S : Clarified last sentence, which incorrectly suggested that 20% of Android apps were malicious. According to the report (PDF, which we discussed recently), "a majority of these applications were developed with the best of intentions and the user data will likely not be compromised.
They removed an app that violated the terms of service.
Seriously, stop with the fear mongering. Although I trust google as far as I can throw their data centers, citing false reports and spreading misinformation is just stupid.
Also, as pointed out in the previous article, those 'exposing' apps can only take what information you expressly give them. Thus it is not news.
"Our goal each year should be to increase the number of goals we set for ourselves!"
security vendor SMobile Systems published a report saying that 20% of Android apps are malicious.
No, the report said that 20% of apps require access to sensitive data (ie your address book) or functionality to perform their job. You'd think people would have noticed by now if 1 in 5 Android apps were "malicious".
which is totally what she said
This raises again the question wherever we need to call murder and fire about privacy and "it's my phone don't touch it" kindof thing.
OTOH, the marketplace is a "trusted content provider" in control and under the responsability of google. In that regard, I think they have the right and obligation to "keep the market clean", for me it would become unacceptable if they start to remove applications who are "breaching vague copyright claims", and take a weak stance or remove applications on nonsene like that.
If the application would've advertized or mentioned it was "for research purposes", I don't think google should've removed it.
But it's my phone, and if I want to run malicious software on it, I feel I should be able to do so. But I cannot expect the "marketplace" to hold malicious software because I want that possibility.
I think we can keep recursing like this until someone returns 1
Why do they have to have or at least exercise this feature of the ToS?
Why couldn't they just get a list of those who have it installed (surely they know that?) and then email them? Beats this draconian/big brother approach in my opinion...
ilovegeorgebush
I dunno, wasn't the hype that Android is all open and based on Linux, and _totally_ unlike the iron grip that Steve Jobs has on the iPhone?
And weren't most of us ranting about how even DRM and "Trusted Computing" are bad because someone else gets to decide what you can or can't run on your computer? When did _that_ become good if it's Google doing it?
A polar bear is a cartesian bear after a coordinate transform.
Yes, and you'd think that "itwbennett," the submitter would know that, since he is affiliated with itworld (check his home page), the publisher of the linked articles.
Odd, that although he references a slashdot article from a few days ago, instead of linking to that article, or the article that links to (on CNET), or to the source of the report, or even to the report itself, he links to a rehash on itworld.
Tagged as a slashvertisement for self-promotion.
"National Security is the chief cause of national insecurity." - Celine's First Law
Just an FYI, even though Apple has some of the most draconian app policies ever--they have never remotely nuked an application from someone's phone. They have taken apps off of the market, but they have never actually removed it from your device. I ran GVMobile for a long time until it stopped properly authenticating, for example.
When you install apps from the market or elsewhere, Android prompts you in advance letting you know of all of the permissions this app requires.
There is with this at all. It is no different from random app X requiring my root password and prompting for it. If I trust the app and give it up, this is not a security issue.
This is how you allow apps to have access to these low level permissions, without disallowing them totally, liek Apple in it's walled garden.
It is why there are so many more in-depth Android apps than there are iPhone ones. You can replace the dialer, replace the address book, etc.
This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.
20% of Android apps are not malicious. 20% of Android apps have the potential to be malicious.
If you do not want an application to have the possibility of stealing your private data, then do not install that application! When you install an app on an Android phone, you are presented with a list over which data this application wants to access. If you don't like that the FTP app you are about to install have access to your SMS/MMS messages, then click on cancel and find another FTP client.
You do not have to use the Market to install apps.
If Google removes an app you like from the market, or even does a remote-uninstall, you can just re-install it yourself, and it is then un-nukeable.
The market can only remote-uninstall apps installed via it.
Just to clarify; Google nuked two applications that had been distributed via Android Market, which they explicitly reserve the right to do via their Terms Of Service (see section 2.4).
However, if you don't like these terms there is nothing that stops you from downloading applications from alternative sources and installing them on your Android device - there are a number of alternate Android application stores like SlideMe and AndAppStore for example, not to mention downloading .apk files directly to your phone and installing that way bypassing Android Market altogether.
Besides, what are they supposed to do if there are malicious applications on Android Market? Pull them and leave affected users with crap on their devices?
Oh well, I'm perfectly happy with my HTC Magic running Cyanogenmod 5.0.8 downloaded and installed via Clockworkmod ROM Manager, which itself was downloaded from Android Market.
Life is like a sewer; what you get out of it depends on what you put into it...
So "when it's in service of a good cause," violating user privacy and the ability to own your phone is okay? Or is any measure acceptable if it's claimed to be to eliminate a risk? Or is it Google good, Apple bad, still? I'm very confused.
I don't want this. Not on Android. I specifically bought an Android phone to get away from the Apple control freakery. That was the only reason I wanted Android -- no big brother overseeing. Now I find that Google can throw a remote kill switch?
Do NOT want.
Yes I can see the argument that the app killing on this occasion was a Good Thing. But no, really it's a Bad Thing, because it represents the top of a slippery slope.
Hands off my phone please people who are not me!
For those of you complaining about this, please note that it was "per the ToS". Don't like it? Don't use the (Android) software, then. It's a free market -- vote with your money elsewhere. Until this remote nuke feature is used on something I've PAID for, and I'm left without my app or my money, I'm not too bothered by it as, again, I AGREED TO THE TOS.
It could be that the only purpose of your life is to serve as a warning to others.
Or they might, you know, point to the fact that it's not true. Hell, you don't even need to RTFA on this one, just RTFT(itle): "20 percent of Android apps can threaten privacy, says vendor". This is about the fact that apps give access to areas of the phone like web browsing, contacts, call notification (to be able to suspend, etc) and that there are privacy concerns. In no way does that even come close to malicious, in fact it's standard behaviour, this isn't a Google issue, all the other operating systems with user-installable apps do exactly the same thing, I think possibly the only difference is Google apps actually tell you in advance exactly which areas of the phone it needs access to, so at least you can make an informed judgement (i.e. why does this screensaver need access to my phone's dialler).
Just chalk this up to ITWorld being click-whoring sensationalist garbage and move on.
Sony removes Linux, Amazon removes books, MS removes music/Sidekick data issue, Apple watches over software, isp's shape traffic, telcos get a national security letter on domestic phone tapping ect . A search/ad company sucks up data around the world.
Then they expect the end users to take them seriously.
Time to think long and hard about any new 'rental' telco device.
Physical media and a fast desktop computer seem rather wise now.
Maybe try a http://en.wikipedia.org/wiki/MeeGo supporting device to keep your property backed up and safe from remote interference/incompetence/mistakes.
Domestic spying is now "Benign Information Gathering"
When the app is clicked on, it should open a page that says: "Note: Google has determined this app to be malicious / in violation of terms of use. Tap here for a complete explanation. The app has been removed from the store, and running it is not safe. Tap here to safely and permanently remove this app"
-- 'The' Lord and Master Bitman On High, Master Of All
... was to remove a couple (relatively harmless) trojans for free. Maybe we should be thankful for the service.
I wonder if these apps really were for legit research then the researchers could/should have asked google to remotely uninstall them since you shouldn't leave your apparatus lying on the floor after an experiment.
$ unzip, strip, touch, finger, grep, mount, fsck, more, yes,fsck,fsck,fsck,umount, sleep
As an Apple fanboy who's tired of seeing the anti-Apple sensationalism in other postings (ok, even the blatantly pro-Apple sensationalism is annoying too), allow me to say that the 1-in-5 comment in the summary was absolute FUD. It really would be nice if story submissions were more about the story and less about furthering marketing agendas for/against a given product. I realize we're all passionate about our particular sections of geekdom but this is just getting pathetic. I think it's interesting that Google exercised their orbital nuke option (for a variety of reasons that I'm sure will be discussed in other threads below) but the little addendum to the story was completely irrelevant and served only one purpose - to troll. Would be nice if slashdot editors removed those extra tidbits.
This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.
Or maybe, just maybe, the security vendor is on their own payroll and is attempting to drum up some fear and uncertainty and doubt in order to sell their own products. Kinda like all the other security vendors out there have been doing for years and years and years.
I gotta admit, I am laughing my ass off. After a year of listening to Slashdotters slam Apple for it's overly restrictive App store policies (Waaaa - I can't run any piece of crap app I want - waaaaa), it is like a breath of fresh air to see a *real* big brother operation in action. Google can remotely yank apps directly off that "completely open" phone? Priceless.
The days of user-managed consumer computing devices is just about over. The future is stringently managed devices and no unapproved applications. Why? The device manufacturers must ensure a seamless user experience - any hiccup in either hardware or application just helps sink a product in this highly competitive space. And OS manufacturers (not to mention the users) are fed up with security breaches and malware - better just to lock it all down, and eliminate the complaints and problems. The vast majority of users have no desire whatsoever to manage anything on their computers - they just want to buy and play the games or run apps that never crash. Keeping up with the latest viruses is something only totally uncool people do anymore.
The cowboy days are over, folks. The wild, wild west is becoming settled.
Basically, what this is leading to, is that the only way to own a computer is to own not just the hardware and the software, but also the network and the services that run on it. If you don't, you're pwned by the owners who do own these things. It's not enough for hardware and software to be free; the network and services also need to be free and open. Anything other than total and complete freedom opens a backdoor through which all your freedom will eventually leak out, given enough time.
So, good luck with that. You'll never own everything. It's damn hard just to own the software, let alone the hardware that you purhcased. Forget about ever owning the network or the services; these are things that are inherently communal. Only, there's large corporate superorganisms out there who will dominate any individual or group of consumers.
And even if you could own it all, that only means that it's possible for, at most, one person to be free. Everyone else is either enslaved, at risk of enslavement, or a non-participant.
Might as well give up and let them implant slave chips in the back of our heads.
You see? You see? Your stupid minds! Stupid! Stupid!
Wow, Google pulled an Amazon here, remotely DELETED an app from users' phone... and half of the posts here are OK with it?!
Where's the outrage? Isn't the big ADVANTAGE of Android is that it is YOUR phone, which you CONTROL, and that YOU decide what to put on it? Now Google, not only told you they hold a REMOTE KILL switch, but actually went and DID a remote kill, and wow, half of the posters here are fine with it.
Amazing.
Oliver.