Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Remotely Nukes Apps From Android Phones

Posted by timothy on from the probably-not-ones-you'd-want-to-hang-on-to dept.

itwbennett writes "Google disclosed in a blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market. From the post: 'Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them. After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.' The blog post comes a day after security vendor SMobile Systems published a report saying that 20% of Android apps provide access to sensitive information." Update: 06/25 16:44 GMT by S : Clarified last sentence, which incorrectly suggested that 20% of Android apps were malicious. According to the report (PDF, which we discussed recently), "a majority of these applications were developed with the best of intentions and the user data will likely not be compromised.

48 of 509 comments (clear)

  1. oh noes! by Random2 · · Score: 4, Insightful

    They removed an app that violated the terms of service.

    Seriously, stop with the fear mongering. Although I trust google as far as I can throw their data centers, citing false reports and spreading misinformation is just stupid.

    Also, as pointed out in the previous article, those 'exposing' apps can only take what information you expressly give them. Thus it is not news.

    --
    "Our goal each year should be to increase the number of goals we set for ourselves!"
    1. Re:oh noes! by Anonymous Coward · · Score: 5, Insightful

      No, they deleted it FROM MY TELEPHONE. Not stopped selling it in their store, not rejected it in the review process, not sent me an email telling me that there was something wrong with the app and maybe I might want to delete it. THEY DELETED IT FROM MY TELEPHONE.

      Without asking me.

      I thought I could run any app I wanted? That is what you people told me.

      And 20% malicious apps? As if there weren't enough problems getting iphone 4s as it is....

    2. Re:oh noes! by Richard_at_work · · Score: 4, Insightful

      This is exactly the same as the Kindle 1984 issue, and it most certainly is news - Google removed an installed app from an end user phone without their permission, and that is a bad thing regardless of why they did it.

      If the app violated the terms of service, then Google should have ceased to supply it (if the author hadn't removed it first), but they should most certainly not have altered an installed application.

    3. Re:oh noes! by mmurphy000 · · Score: 5, Insightful

      Without asking me.

      They asked you in the Terms of Service you agreed to when you used the Android Market for the first time.

      I thought I could run any app I wanted? That is what you people told me.

      You do not have to get your apps through the Android Market. Anything you install outside of the Market is your responsibility.

      --
      The Busy Coder's Guide to Android Development
    4. Re:oh noes! by ClaraBow · · Score: 5, Interesting

      This is something that Apple has never done! I still have the NetShare app on my iphone and it is still working with iOS4. Even though it breaks Apple's term of service, Apple has never done anything to break the App!

    5. Re:oh noes! by Oliver+Wendell+Jones · · Score: 5, Insightful

      This is exactly the same as the Kindle 1984 issue

      Uh, No... it's not. The Kindle users with copies of 1984 *paid* for those copies - the apps that were removed were free apps. And, the apps did not do what they had claimed and had a hidden, although non-malicious purpose.

      The only way this would be similar would be if the Kindle copies of 1984 had been free, weren't actually 1984 when you tried to read them, and reported back to the publisher any information that they thought was relevant.

      --
      A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
    6. Re:oh noes! by rolfwind · · Score: 3, Insightful

      They asked you in the Terms of Service you agreed to when you used the Android Market for the first time.

      AT&T asked for my 1st born and 10 years indentured servitude in their TOS. It was 900 pages so I didn't read it. Oh well, I guess that makes it right and okay then.

    7. Re:oh noes! by mcvos · · Score: 4, Interesting

      No, they deleted it FROM MY TELEPHONE. Not stopped selling it in their store, not rejected it in the review process, not sent me an email telling me that there was something wrong with the app and maybe I might want to delete it. THEY DELETED IT FROM MY TELEPHONE.

      That's exactly it. I applaud Google for removing a useless and deceptive app from their marketplace, but they should keep their fucking hands off my phone! I don't even want them to have the ability to remove stuff from my phone without my knowledge. Send me an email, send me some kind of alert on Android, make it very easy for me to remove it. All of that would have been fantastic. But removing stuff from my phone without asking me crosses a line that should not be crossed.

    8. Re:oh noes! by Richard_at_work · · Score: 4, Insightful

      Whether payment was made or not is actually irrelevant as it doesn't alter the ethical, moral or legal consideration in this - Google altered a device it does not own, and has no legal standing to touch.

    9. Re:oh noes! by Deliveranc3 · · Score: 3, Insightful

      Agreed, now I need to be paranoid about degraded service. Such as my TruPhone app, which mysteriously crashes, or my alternative markets which seem to be having problems.

      Further since I'm deploying these phoens I need to worry about Google breaking them in addition to users.

      This is really a problem for them having corporate appeal.

    10. Re:oh noes! by msauve · · Score: 4, Informative
      Stop being disingenuous, they did it with prior notice, and with your permission.

      Android Market TOS

      2.4 From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion.

      Furthermore, having done it, they informed you.

      From Google's blog:

      If an application is removed in this way, users will receive a notification on their phone.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    11. Re:oh noes! by tepples · · Score: 5, Interesting

      You do not have to get your apps through the Android Market.

      AT&T routinely removes the checkbox to enable software from "Unknown sources" from its Android phones' firmware.

    12. Re:oh noes! by Kijori · · Score: 4, Interesting

      Surely the big difference is that Amazon deleted a book that people intended to read. I don't see any potential harm in Google deleting applications that did nothing except trick users into downloading them and then send user data back to the application author.

      If this is what Google intends to use the remote-delete function for then I see it as more akin to antivirus, and most people have no problem with their antivirus program deleting viruses. Those that do can choose not to use antivirus - in this case, not to use the Android Market.

    13. Re:oh noes! by DrXym · · Score: 3, Informative
      I thought I could run any app I wanted? That is what you people told me.

      You can run any app you want. Just don't get it from the marketplace or you will be subject to the T&Cs of the marketplace.

      And 20% malicious apps? As if there weren't enough problems getting iphone 4s as it is....

      That figure refers to apps that ask for permissions they don't need, not malicious apps. Android has a finegrained permission model and some apps ask for more things than they require, things that could potentially be used for malicious purposes. Personally I think the model is sound but the implementation could do with more safeguards, possibly something akin to UAC in Windows for certain operations so that the user is always aware of what apps are doing.

    14. Re:oh noes! by substance2003 · · Score: 5, Insightful

      > AT&T asked for my 1st born and 10 years indentured servitude in their TOS.

      How do you know that if you didn't read it?

      He doesn't. It's called being sarcastic (a lost art it seems).

      > It was 900 pages so I didn't read it.

      And yet you agreed to it. Fool.

      That put him in the same boat as 99.9% of the population. Care to make a bet that you've actually read the terms of license of all the neat stuff you own and use?

      Let's be serious here. If people did actually read over these license terms, do you really think they would completely understand what they are accepting? I've seen an instance or two in law where one paragraph on say page 10 has an exception on page 31 and written in an obscure way.
      Even people with a Bachelor in law would get confused. We wouldn't otherwise need to go to court when there is disagreement.

      > Oh well, I guess that makes it right and okay then.

      Unconscionable terms are unenforceable. You're still a fool for agreeing to unread terms, though.

      You can only avoid it being enforced if you have at least have two of the following:
      1. The proper knowledge of the law to defend yourself in court (or perhaps sue in this case).
      2. The time for a lenghy battle.
      3. The money for a lenghy battle.

      Or make a big enough stink on the television to make said company look bad and reverse their decision.

    15. Re:oh noes! by Adrian+Lopez · · Score: 3, Insightful

      Stop being disingenuous, they did it with prior notice, and with your permission.

      It seems to me you're the one who's being disingenuous. While they do give notice of their "right to remotely remove" certain applications from people's devices, they gave no prior notice with respect to the particular application being removed and obtained no explicit permission for such removal. It's all hidden away in the terms of service, which most people never read and which people are presumed to have agreed to merely on the basis of their use of the service.

      --
      "In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
  2. What the hell dude, enough with the sensationalism by somersault · · Score: 5, Informative

    security vendor SMobile Systems published a report saying that 20% of Android apps are malicious.

    No, the report said that 20% of apps require access to sensitive data (ie your address book) or functionality to perform their job. You'd think people would have noticed by now if 1 in 5 Android apps were "malicious".

    --
    which is totally what she said
  3. But what if I liked the application by ZeroExistenZ · · Score: 4, Insightful

    This raises again the question wherever we need to call murder and fire about privacy and "it's my phone don't touch it" kindof thing.

    OTOH, the marketplace is a "trusted content provider" in control and under the responsability of google. In that regard, I think they have the right and obligation to "keep the market clean", for me it would become unacceptable if they start to remove applications who are "breaching vague copyright claims", and take a weak stance or remove applications on nonsene like that.

    If the application would've advertized or mentioned it was "for research purposes", I don't think google should've removed it.

    But it's my phone, and if I want to run malicious software on it, I feel I should be able to do so. But I cannot expect the "marketplace" to hold malicious software because I want that possibility.

    --
    I think we can keep recursing like this until someone returns 1
    1. Re:But what if I liked the application by Yvanhoe · · Score: 5, Insightful

      Can someone please explain to me, who never owned an Android phone, how the hell this kind of thing is possible ? I can understand that App Store is like a debian repository where packages need to be approved to be available and that malicious packages that get erroneously accepted can be removed.

      What I don't understand is how it can remotely removed. By default Android has a backdoor for Google ? Is that true of any version of Android ? Can we remove it from the code (since, unless I am mistaken, Android is OSS) ?

      I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do. I agree that in the present case, this was for a greater good, but this is not the point. If I buy an Android phone, do I own the damn phone and do I control it or not ?

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    2. Re:But what if I liked the application by Anonymous Coward · · Score: 5, Funny

      Enough with the constructive content, focus on rants and inane bitching, or go somewhere else.

    3. Re:But what if I liked the application by markus_baertschi · · Score: 3, Informative

      On and Android Phone there is an application called 'Market' this application allow you to browse all applications on the google android market, install the ones you like, uninstall what you don't want any more, etc. In addition this application periodically checks with the server to see if there are new versions of your installed apps and offers to update those.

      I suppose the market did check for the offending apps and found that they had the 'remove' flag set and removed them from the phone.

      If you would have installed the same apps without market (downloading the apk file) the market would not know about them and leave them alone.

      Markus

    4. Re:But what if I liked the application by mean+pun · · Score: 5, Informative

      I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do.

      Actually, Apple has never done this until now. Yes, they have the infrastructure to do so, but so far they have never used it.

    5. Re:But what if I liked the application by snottgoblin · · Score: 5, Informative

      I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do.

      I hate iPhone OS policies as much as the next geek (why don't I get an upgrade for security on my original iPhone, even to iOS 3.1.4?), but even Jobs doesn't delete apps from your phone. Any apps once through the store, are yours, lock, stock, and barrel. They may prompt you to upgrade, they may stop selling an app, but they don't delete them. What google should be doing is sending these users an email and free SMS letting them know that they "should delete app $FOO because it's potentially dangerous. For reference, please see https://google.com/android/press-release/93857293875928.html" Maybe some people wanted these apps... like the friends of the security researchers in question.

      Actually the iPhone has the exact same "kill switch" for the exact same purpose. http://www.iphonealley.com/node/2928

  4. Draconian? by ilovegeorgebush · · Score: 5, Insightful

    Why do they have to have or at least exercise this feature of the ToS?

    Why couldn't they just get a list of those who have it installed (surely they know that?) and then email them? Beats this draconian/big brother approach in my opinion...

    --
    ilovegeorgebush
    1. Re:Draconian? by Anonymous Coward · · Score: 5, Insightful

      Apple has never removed an App from anyone's phone. They have removed it from the APP Store.... that is a big difference.

  5. Still doesn't bode well by Moraelin · · Score: 5, Insightful

    I dunno, wasn't the hype that Android is all open and based on Linux, and _totally_ unlike the iron grip that Steve Jobs has on the iPhone?

    And weren't most of us ranting about how even DRM and "Trusted Computing" are bad because someone else gets to decide what you can or can't run on your computer? When did _that_ become good if it's Google doing it?

    --
    A polar bear is a cartesian bear after a coordinate transform.
    1. Re:Still doesn't bode well by bemymonkey · · Score: 4, Interesting

      Android is, for consumers, anything but open. We're still stuck waiting on ROM releases from manufacturers who don't care about supporting their old devices, even though the new devices are internally more or less the same...

      It's a pocket-sized computer, so why don't we have pocket-sized operating systems instead of glorified firmware on them?

    2. Re:Still doesn't bode well by dpolak · · Score: 3, Interesting

      Open source and having safeguards are 2 different things.

      If you want to root your phone and make a virus on it to steal your own data, go for it.

      If you post it as an app in the marketplace and misrepresent it, plus the app is malicious then any responsible company needs to be able to protect their customers and their business.

      I agree with the fact that they have this ability, and applaud them for using it on this. It puts out a warning shot to others not to do the same thing.

      As for personal data and Google, they're the same as Apple and any other company. Expect that what you do with their services will never be private. Apple is now selling their customers data, it seems to be the way of the US corporate bound Internet.

    3. Re:Still doesn't bode well by Sockatume · · Score: 3, Insightful

      If the application had been downloaded and installed outwith the Android Market, which is an option on Androi,d then Google could not have done this, so yes, you have that freedom.

      --
      No kidding!!! What do you say at this point?
    4. Re:Still doesn't bode well by MORB · · Score: 5, Insightful

      Google has a lot of control on the android market, true. But unlike the iphone it is not the exclusive way to distribute apps.

      You can install a .apk (android aplication package) from any source. Web, email, or tossing it on your sd card through usb.
      Setting up a third party app store for android as tightly integrated as android market is also perfectly possible.

      So essentially yes, you can do whatever you want. It also means that google have to keep playing fair with android market if they want to avoid people defecting to third party app stores.

    5. Re:Still doesn't bode well by Timmmm · · Score: 4, Informative

      It's a pocket-sized computer, so why don't we have pocket-sized operating systems instead of glorified firmware on them?

      Two reasons:

      1. Drivers. Many are still closed source.
      2. The baseband image (i.e. the bit that talks to the mobile network). This is *always* closed source, and there's no way manufacturers are going to release the documentation for it...

      Apparently Google are going to try to separate the UI from the base system better in future so upgrades will be easier. I'll believe it when I see it though.

    6. Re:Still doesn't bode well by LordAndrewSama · · Score: 5, Insightful

      I agree with "needs to be able to protect their customers and their business" and disagree with "did something to my goddamn phone without my express permission".

      How about a compromise? A notification that says "WARNING - This App is malicious, we recommend you remove it. [Uninstall App] [Cancel]"

      Protecting their users without having the ability to remotely alter my phone without my permission. win-win.

    7. Re:Still doesn't bode well by Enry · · Score: 4, Insightful

      An unofficial ROM != jailbreak.

      Installing OpenWRT on a Linksys router likely voids the warranty in the same way that installing an unofficial ROM on an Android device does. Yea you might brick it, but those are the chances you take to get the extra functionality. Don't like it? Wait for an official release.

      In the case of Apple, they're actively preventing jailbreakers from working. Seems a bit different to me.

  6. Re:What the hell dude, enough with the sensational by msauve · · Score: 5, Informative

    Yes, and you'd think that "itwbennett," the submitter would know that, since he is affiliated with itworld (check his home page), the publisher of the linked articles.

    Odd, that although he references a slashdot article from a few days ago, instead of linking to that article, or the article that links to (on CNET), or to the source of the report, or even to the report itself, he links to a rehash on itworld.

    Tagged as a slashvertisement for self-promotion.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  7. First time this has happened by magamiako1 · · Score: 5, Interesting

    Just an FYI, even though Apple has some of the most draconian app policies ever--they have never remotely nuked an application from someone's phone. They have taken apps off of the market, but they have never actually removed it from your device. I ran GVMobile for a long time until it stopped properly authenticating, for example.

  8. And Android prompts you for all these permissions by brunes69 · · Score: 5, Interesting

    When you install apps from the market or elsewhere, Android prompts you in advance letting you know of all of the permissions this app requires.

    There is with this at all. It is no different from random app X requiring my root password and prompting for it. If I trust the app and give it up, this is not a security issue.

    This is how you allow apps to have access to these low level permissions, without disallowing them totally, liek Apple in it's walled garden.

    It is why there are so many more in-depth Android apps than there are iPhone ones. You can replace the dialer, replace the address book, etc.

    This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.

  9. And the issue is, erm, what exactly? by IceFreak2000 · · Score: 3, Informative

    Just to clarify; Google nuked two applications that had been distributed via Android Market, which they explicitly reserve the right to do via their Terms Of Service (see section 2.4).

    However, if you don't like these terms there is nothing that stops you from downloading applications from alternative sources and installing them on your Android device - there are a number of alternate Android application stores like SlideMe and AndAppStore for example, not to mention downloading .apk files directly to your phone and installing that way bypassing Android Market altogether.

    Besides, what are they supposed to do if there are malicious applications on Android Market? Pull them and leave affected users with crap on their devices?

    Oh well, I'm perfectly happy with my HTC Magic running Cyanogenmod 5.0.8 downloaded and installed via Clockworkmod ROM Manager, which itself was downloaded from Android Market.

    --
    Life is like a sewer; what you get out of it depends on what you put into it...
  10. Re:Big Apple vs Google distinction: by Americano · · Score: 5, Insightful

    So "when it's in service of a good cause," violating user privacy and the ability to own your phone is okay? Or is any measure acceptable if it's claimed to be to eliminate a risk? Or is it Google good, Apple bad, still? I'm very confused.

  11. Do not want by Andy+Smith · · Score: 5, Insightful

    I don't want this. Not on Android. I specifically bought an Android phone to get away from the Apple control freakery. That was the only reason I wanted Android -- no big brother overseeing. Now I find that Google can throw a remote kill switch?

    Do NOT want.

    Yes I can see the argument that the app killing on this occasion was a Good Thing. But no, really it's a Bad Thing, because it represents the top of a slippery slope.

    Hands off my phone please people who are not me!

    1. Re:Do not want by Tim+C · · Score: 4, Insightful

      I don't want malicious apps on my phone either, but I do want to be treated like an adult and told that an app I have is malicious ("...and so we strongly recommend you remove it immediately..."), not like a child and have it removed on my behalf.

      --
      It's official. Most of you are morons.
  12. Re:I'm ok with this by Lunix+Nutcase · · Score: 5, Insightful

    I think that point is that if Apple did this it wouldn't just be shrugged off. The Android fanbois would be coming out of the wordwork to howl about how Apple is messing with people's phones.

  13. What they should have done by Lord+Bitman · · Score: 5, Insightful

    When the app is clicked on, it should open a page that says: "Note: Google has determined this app to be malicious / in violation of terms of use. Tap here for a complete explanation. The app has been removed from the store, and running it is not safe. Tap here to safely and permanently remove this app"

    --
    -- 'The' Lord and Master Bitman On High, Master Of All
  14. Re:What the hell dude, enough with the sensational by whisper_jeff · · Score: 4, Insightful

    As an Apple fanboy who's tired of seeing the anti-Apple sensationalism in other postings (ok, even the blatantly pro-Apple sensationalism is annoying too), allow me to say that the 1-in-5 comment in the summary was absolute FUD. It really would be nice if story submissions were more about the story and less about furthering marketing agendas for/against a given product. I realize we're all passionate about our particular sections of geekdom but this is just getting pathetic. I think it's interesting that Google exercised their orbital nuke option (for a variety of reasons that I'm sure will be discussed in other threads below) but the little addendum to the story was completely irrelevant and served only one purpose - to troll. Would be nice if slashdot editors removed those extra tidbits.

  15. Re:And Android prompts you for all these permissio by whisper_jeff · · Score: 5, Interesting

    This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.

    Or maybe, just maybe, the security vendor is on their own payroll and is attempting to drum up some fear and uncertainty and doubt in order to sell their own products. Kinda like all the other security vendors out there have been doing for years and years and years.

  16. The Cowboys meet Big Brother by rclandrum · · Score: 4, Insightful

    I gotta admit, I am laughing my ass off. After a year of listening to Slashdotters slam Apple for it's overly restrictive App store policies (Waaaa - I can't run any piece of crap app I want - waaaaa), it is like a breath of fresh air to see a *real* big brother operation in action. Google can remotely yank apps directly off that "completely open" phone? Priceless.

    The days of user-managed consumer computing devices is just about over. The future is stringently managed devices and no unapproved applications. Why? The device manufacturers must ensure a seamless user experience - any hiccup in either hardware or application just helps sink a product in this highly competitive space. And OS manufacturers (not to mention the users) are fed up with security breaches and malware - better just to lock it all down, and eliminate the complaints and problems. The vast majority of users have no desire whatsoever to manage anything on their computers - they just want to buy and play the games or run apps that never crash. Keeping up with the latest viruses is something only totally uncool people do anymore.

    The cowboy days are over, folks. The wild, wild west is becoming settled.

  17. Only one way to own a computer anymore by Junior+J.+Junior+III · · Score: 3, Insightful

    Basically, what this is leading to, is that the only way to own a computer is to own not just the hardware and the software, but also the network and the services that run on it. If you don't, you're pwned by the owners who do own these things. It's not enough for hardware and software to be free; the network and services also need to be free and open. Anything other than total and complete freedom opens a backdoor through which all your freedom will eventually leak out, given enough time.

    So, good luck with that. You'll never own everything. It's damn hard just to own the software, let alone the hardware that you purhcased. Forget about ever owning the network or the services; these are things that are inherently communal. Only, there's large corporate superorganisms out there who will dominate any individual or group of consumers.

    And even if you could own it all, that only means that it's possible for, at most, one person to be free. Everyone else is either enslaved, at risk of enslavement, or a non-participant.

    Might as well give up and let them implant slave chips in the back of our heads.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  18. Re:I'm ok with this by FreeUser · · Score: 4, Insightful

    I think that point is that if Apple did this it wouldn't just be shrugged off. The Android fanbois would be coming out of the wordwork to howl about how Apple is messing with people's phones.

    As one who is leaning strongly toward Android and won't buy an Apple iPhone for a number of reasons, some technical, some philosophical, some practical, I have to agree with this.

    Having anything removed or tampered with by any outside agency on hardware I have purchased is unacceptable, full stop. I don't care what ToS conditions are buried forty pages down in the Android App store's click-through screen, in two-point type.

    Google should not get a free pass on this, any more than Apple would, and it's made me reconsider my intended purchase very carefully. Not that I'm about to become an iSlave to Jobs ... but I am equally unwilling to become a gSlave to Google. This kind of unilateral tampering with other people's property, ToS or not, simply should not be condoned or tolerated, whatever their motivation.

    --
    The Future of Human Evolution: Autonomy
  19. Where's the outrage? by khchung · · Score: 3, Insightful

    Wow, Google pulled an Amazon here, remotely DELETED an app from users' phone... and half of the posts here are OK with it?!

    Where's the outrage? Isn't the big ADVANTAGE of Android is that it is YOUR phone, which you CONTROL, and that YOU decide what to put on it? Now Google, not only told you they hold a REMOTE KILL switch, but actually went and DID a remote kill, and wow, half of the posters here are fine with it.

    Amazing.

    --
    Oliver.