Slashdot Mirror
Google Remotely Nukes Apps From Android Phones
itwbennett writes "Google disclosed in a blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market. From the post: 'Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them. After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.' The blog post comes a day after security vendor SMobile Systems published a report saying that 20% of Android apps provide access to sensitive information."
Update: 06/25 16:44 GMT by S : Clarified last sentence, which incorrectly suggested that 20% of Android apps were malicious. According to the report (PDF, which we discussed recently), "a majority of these applications were developed with the best of intentions and the user data will likely not be compromised.
security vendor SMobile Systems published a report saying that 20% of Android apps are malicious.
No, the report said that 20% of apps require access to sensitive data (ie your address book) or functionality to perform their job. You'd think people would have noticed by now if 1 in 5 Android apps were "malicious".
which is totally what she said
Why do they have to have or at least exercise this feature of the ToS?
Why couldn't they just get a list of those who have it installed (surely they know that?) and then email them? Beats this draconian/big brother approach in my opinion...
ilovegeorgebush
No, they deleted it FROM MY TELEPHONE. Not stopped selling it in their store, not rejected it in the review process, not sent me an email telling me that there was something wrong with the app and maybe I might want to delete it. THEY DELETED IT FROM MY TELEPHONE.
Without asking me.
I thought I could run any app I wanted? That is what you people told me.
And 20% malicious apps? As if there weren't enough problems getting iphone 4s as it is....
I dunno, wasn't the hype that Android is all open and based on Linux, and _totally_ unlike the iron grip that Steve Jobs has on the iPhone?
And weren't most of us ranting about how even DRM and "Trusted Computing" are bad because someone else gets to decide what you can or can't run on your computer? When did _that_ become good if it's Google doing it?
A polar bear is a cartesian bear after a coordinate transform.
Yes, and you'd think that "itwbennett," the submitter would know that, since he is affiliated with itworld (check his home page), the publisher of the linked articles.
Odd, that although he references a slashdot article from a few days ago, instead of linking to that article, or the article that links to (on CNET), or to the source of the report, or even to the report itself, he links to a rehash on itworld.
Tagged as a slashvertisement for self-promotion.
"National Security is the chief cause of national insecurity." - Celine's First Law
Just an FYI, even though Apple has some of the most draconian app policies ever--they have never remotely nuked an application from someone's phone. They have taken apps off of the market, but they have never actually removed it from your device. I ran GVMobile for a long time until it stopped properly authenticating, for example.
When you install apps from the market or elsewhere, Android prompts you in advance letting you know of all of the permissions this app requires.
There is with this at all. It is no different from random app X requiring my root password and prompting for it. If I trust the app and give it up, this is not a security issue.
This is how you allow apps to have access to these low level permissions, without disallowing them totally, liek Apple in it's walled garden.
It is why there are so many more in-depth Android apps than there are iPhone ones. You can replace the dialer, replace the address book, etc.
This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.
So "when it's in service of a good cause," violating user privacy and the ability to own your phone is okay? Or is any measure acceptable if it's claimed to be to eliminate a risk? Or is it Google good, Apple bad, still? I'm very confused.
I don't want this. Not on Android. I specifically bought an Android phone to get away from the Apple control freakery. That was the only reason I wanted Android -- no big brother overseeing. Now I find that Google can throw a remote kill switch?
Do NOT want.
Yes I can see the argument that the app killing on this occasion was a Good Thing. But no, really it's a Bad Thing, because it represents the top of a slippery slope.
Hands off my phone please people who are not me!
They asked you in the Terms of Service you agreed to when you used the Android Market for the first time.
You do not have to get your apps through the Android Market. Anything you install outside of the Market is your responsibility.
The Busy Coder's Guide to Android Development
This is something that Apple has never done! I still have the NetShare app on my iphone and it is still working with iOS4. Even though it breaks Apple's term of service, Apple has never done anything to break the App!
This is exactly the same as the Kindle 1984 issue
Uh, No... it's not. The Kindle users with copies of 1984 *paid* for those copies - the apps that were removed were free apps. And, the apps did not do what they had claimed and had a hidden, although non-malicious purpose.
The only way this would be similar would be if the Kindle copies of 1984 had been free, weren't actually 1984 when you tried to read them, and reported back to the publisher any information that they thought was relevant.
A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
I think that point is that if Apple did this it wouldn't just be shrugged off. The Android fanbois would be coming out of the wordwork to howl about how Apple is messing with people's phones.
Can someone please explain to me, who never owned an Android phone, how the hell this kind of thing is possible ? I can understand that App Store is like a debian repository where packages need to be approved to be available and that malicious packages that get erroneously accepted can be removed.
What I don't understand is how it can remotely removed. By default Android has a backdoor for Google ? Is that true of any version of Android ? Can we remove it from the code (since, unless I am mistaken, Android is OSS) ?
I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do. I agree that in the present case, this was for a greater good, but this is not the point. If I buy an Android phone, do I own the damn phone and do I control it or not ?
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Enough with the constructive content, focus on rants and inane bitching, or go somewhere else.
When the app is clicked on, it should open a page that says: "Note: Google has determined this app to be malicious / in violation of terms of use. Tap here for a complete explanation. The app has been removed from the store, and running it is not safe. Tap here to safely and permanently remove this app"
-- 'The' Lord and Master Bitman On High, Master Of All
You do not have to get your apps through the Android Market.
AT&T routinely removes the checkbox to enable software from "Unknown sources" from its Android phones' firmware.
This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.
Or maybe, just maybe, the security vendor is on their own payroll and is attempting to drum up some fear and uncertainty and doubt in order to sell their own products. Kinda like all the other security vendors out there have been doing for years and years and years.
I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do.
Actually, Apple has never done this until now. Yes, they have the infrastructure to do so, but so far they have never used it.
> AT&T asked for my 1st born and 10 years indentured servitude in their TOS.
How do you know that if you didn't read it?
He doesn't. It's called being sarcastic (a lost art it seems).
> It was 900 pages so I didn't read it.
And yet you agreed to it. Fool.
That put him in the same boat as 99.9% of the population. Care to make a bet that you've actually read the terms of license of all the neat stuff you own and use?
Let's be serious here. If people did actually read over these license terms, do you really think they would completely understand what they are accepting? I've seen an instance or two in law where one paragraph on say page 10 has an exception on page 31 and written in an obscure way.
Even people with a Bachelor in law would get confused. We wouldn't otherwise need to go to court when there is disagreement.
> Oh well, I guess that makes it right and okay then.
Unconscionable terms are unenforceable. You're still a fool for agreeing to unread terms, though.
You can only avoid it being enforced if you have at least have two of the following:
1. The proper knowledge of the law to defend yourself in court (or perhaps sue in this case).
2. The time for a lenghy battle.
3. The money for a lenghy battle.
Or make a big enough stink on the television to make said company look bad and reverse their decision.
I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do.
I hate iPhone OS policies as much as the next geek (why don't I get an upgrade for security on my original iPhone, even to iOS 3.1.4?), but even Jobs doesn't delete apps from your phone. Any apps once through the store, are yours, lock, stock, and barrel. They may prompt you to upgrade, they may stop selling an app, but they don't delete them. What google should be doing is sending these users an email and free SMS letting them know that they "should delete app $FOO because it's potentially dangerous. For reference, please see https://google.com/android/press-release/93857293875928.html" Maybe some people wanted these apps... like the friends of the security researchers in question.
Actually the iPhone has the exact same "kill switch" for the exact same purpose. http://www.iphonealley.com/node/2928