Google Has Android Remote App Install Power, Too

← Back to Stories (view on slashdot.org)

Google Has Android Remote App Install Power, Too

Posted by timothy on Friday June 25, 2010 @02:51PM from the coming-and-going dept.

Trailrunner7 writes "The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn't the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on users' phones as well. Jon Oberheide, the security researcher who developed the application that Google remotely removed from Android phones, noticed during his research that the Android OS includes a feature called INSTALL_ASSET that allows Google to remotely install applications on users' phones. 'I don't know what design decision they based that on. Maybe they just figured since they had the removal mechanism, it's easy to have the install mechanism too,' Oberheide said in an interview. 'I don't know if they've used it yet.'"

28 of 278 comments (clear)

Min score:

Reason:

Sort:

kinda scary by grapeape · 2010-06-25 14:54 · Score: 5, Insightful

So how long until we see someone attempt to exploit this?
1. Re:kinda scary by FooAtWFU · 2010-06-25 15:16 · Score: 5, Insightful
  
  How long until someone exploits this? Well, I bet Google or some other vendor will try to sell it as part of an offering for businesses within the next 2 years. Remote software installs would be very useful in the enterprise.
  
  --
  The World Wide Web is dying. Soon, we shall have only the Internet.
2. Re:kinda scary by MrNaz · 2010-06-25 15:30 · Score: 5, Insightful
  
  I think that remote anything should be opt-in by the user, or, in an enterprise setting, should be added on by the enterprise before distributing the units. I do not welcome the idea that *all* Android handsets will have remote add/remove package functionality out of the box, for all users.
  Imagine the fun law enforcement and government agencies will have with this. Remote install app that silently forwards mic input to an eavesdropper.
  Is there even a way to turn this feature off? I.e., lets say I buy a handset and I definitely do *not* want Google nuking my apps remotely or adding apps to my phone remotely without my knowledge.
  This is the reason that I think the FOSS community should back MeeGo. It's the only *true* open source system out there that's open enough that the Many Eyeballs principle can be applied to, and that is open enough that we'll eventually see custom distros of the OS emerging.
  
  --
  I hate printers.
3. Re:kinda scary by Anonymous Coward · 2010-06-25 15:47 · Score: 4, Insightful
  
  Imagine the fun law enforcement and government agencies will have with this. Remote install app that silently forwards mic input to an eavesdropper.
  Then they can remote install some kiddy porn images so they have excuse to raid his house and confiscate all his computer equipment.
4. Re:kinda scary by AnAdventurer · 2010-06-25 16:44 · Score: 5, Funny
  
  I am working one it. Just one more line of code, almost there.
  
  --
  6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
5. Re:kinda scary by MobileTatsu-NJG · 2010-06-25 17:45 · Score: 5, Informative
  
  I am working one it. Just one more line of code, almost there.
  I like to lick butts!
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
6. Re:kinda scary by MobileTatsu-NJG · 2010-06-25 17:47 · Score: 5, Funny
  
  Wait! I didn't post that!!
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
7. Re:kinda scary by MikeDaSpike · 2010-06-25 17:51 · Score: 5, Interesting
  
  Not to mention, google already announced you will be using this feature before. If you haven't seen this years google I/O then I'll tell you: you will be able to install apps on your phone from any device in the cloud.
  
  And besides, it's not like google is targeting you specificaly, they target all phones with that app installed. The purpose of it is to remove a malicious app before it can do any more damage.
  
  Example: I make an app branded as a porn site viewer, it works as one but it also sends information gathered from your sdcard/phone for some nefarious deeds. Removing it from the market would stop the app from spreading, but it has already been installed on thousands of phones, setting a flag on the market for "uninstall from phone NOW" would fix this.
  
  I know google could be more gentle about it and warn the user and ask for the app to be removed, but it's not like they use it on every app that pisses them, only on those that disregard their stated rules. So far google has been following the rules, so articles like this are just spreading FUD.
8. Re:kinda scary by TheRaven64 · 2010-06-25 21:06 · Score: 4, Informative
  
  @MikeDaSpike
  This is not twitter. We can tell that you are replying to MikeDaSpike because you pressed the Reply to This button under his post and so your post shows up in the thread below his.
  
  --
  I am TheRaven on Soylent News
Good thing that wasn't Apple by BlueBoxSW.com · 2010-06-25 14:54 · Score: 5, Funny

Slashdot headline would have been:
"Evil Apple Hides Secret Rootkit Installer on All iPhones"
1. Re:Good thing that wasn't Apple by Mitchell314 · 2010-06-25 15:09 · Score: 4, Funny
  
  Then it wouldn't have been news. :P
  
  --
  I read TFA and all I got was this lousy cookie
2. Re:Good thing that wasn't Apple by Darkness404 · 2010-06-25 16:03 · Score: 4, Funny
  
  No, no, the real news is "Disable hidden secret Apple rootkit by holding iPhone in left hand!"
  
  --
  Taxation is legalized theft, no more, no less.
3. Re:Good thing that wasn't Apple by ChatHuant · 2010-06-25 16:34 · Score: 4, Informative
  
  Any moment now, people will start saying that Google is the New Apple, which is the New Microsoft, which is the New...what? Commodore?
  IBM, grasshopper, Microsoft used to be the new IBM. Learn your history!
Really? by parc · 2010-06-25 15:01 · Score: 5, Interesting

You mean they can remotely install apps over the air just like every other modern phone on every other carrier I've ever seen?
This is a non-story -- OTA install is pretty much required by every carrier out there so they can force you to upgrade your phone.
1. Re:Really? by Hizonner · 2010-06-25 15:29 · Score: 5, Interesting
  
  Actually, according to a talk by Rich Cannings, Google's "Android Security Leader", at Usenix Security '09 in Montreal, Google can choose whether or not to have your phone ask you for permission for an OS upgrade. If they think it's important enough, they reserve the "right", and definitely retain the technical capability, to install an upgrade without asking. The carriers can probably also do OTA upgrades on their own initiative; that part wasn't clear to me.
  The whole tone of his talk was scary. There was no sign that he could imagine that somebody might not want to trust Google with total control of their phone, or that such distrust could possibly be legitimate if it did exist. His whole attitude reeked of "we know better than you do", and he seemed to think of the phone's owner more as a security threat than as the person who should be setting security policy. And he didn't even mention the possibility that Google might get compromised.
  He also seemed to think of the Android open source project as something to push code to as an afterthought, rather less important than the carriers... whose interests he seemed to think were terribly, terribly important.
  It was not reassuring.
  And, yes, my understanding matches yours. The article says that they can also install apps, in addition to OTA OS upgrades. In fact, as I read the supporting material, the Market application works by pushing an "INSTALL_ASSET" message to your phone... the same message they'd use to spontaneously install an app. So there's no fixing the problem without either disabling the Market entirely or patching the implementing code.
  And of course an OS upgrade could contain code to do anything they want, including enabling them to install apps if they weren't already able to do so.
2. Re:Really? by TheEyes · 2010-06-25 15:59 · Score: 5, Insightful
  
  ...he seemed to think of the phone's owner more as a security threat than as the person who should be setting security policy.
  To be fair, he does have a point, if in fact that was his view. I mean, how many zombified PCs are out there now, DDoSing servers and spamming the planet, just because their owners can't manage (at a bare minimum) to enable Automatic Updates? Millions? Tens of millions?
  I know hating Google is in vogue these days, but let's be honest here: so far, they're no Microsoft. They're not a convicted monopoly; they've gone out of their way to invest real resources in opening their services, actually spending money to make it easier for people to migrate away from Gmail and Google Docs; they sponsor and promote open source; and they compete by constantly making their products better, rather than trying to strong-arm people into buying their junk. So yeah, until they show otherwise, I'm going to be cautiously optimistic and give them the benefit of the doubt.
  The question is, is there a way for paranoid individuals to turn this capability off if they want to. Let the Joe Sixpacks of the world live in blissful ignorance, and let Google keep them from bringing the cell networks down with their inability to properly patch and protect their phones; just give me the ability to opt out if I know the risks, and choose to take them.
Not so terrible by Darkness404 · 2010-06-25 15:19 · Score: 4, Insightful

Really, this makes a bit more sense than having 234234234324234 OS updates every year. The majority of updates can be done by removing/updating apps, not to mention security patches. Really, some phones already have the latest Android they will ever get, barring rooting. But people will keep using that phone for 4+ years, that is a long time to have a security flaw out there that could steal information. Since the browser is going to be the main attack vector which is an app, it makes sense.

While this could be used to push more carrier crapware, I think updates and upgrades of installed apps are more likely to work for more phones and easier for the average user to use.

In all honesty, would you rather be using an outdated version of a browser with security flaws because your phone doesn't support Android 2.75 Double Chocolate Chunk Cookie or just have your browser update to a more secure version OTA?

--
Taxation is legalized theft, no more, no less.
1. Re:Not so terrible by Americano · 2010-06-25 16:42 · Score: 4, Insightful
  
  Yep, because google's not an advertising company, and would never want to, say, install an app that brings you the "great new feature" of automatically pinging their servers with a GPS coordinate and downloading location-relevant ads right to your phone!
  Point is - you aren't offered a choice. Point is - you aren't being asked, "is it okay if we do this?" I don't care what the feature is, I'd take severe issue with someone deciding, "here you need this." And let's be honest - updates aren't always flawless... if Google bricks my phone accidentally, will I be able to recover any important data I might have had on there?
It's to reinstall malware that they removed... by John+Hasler · 2010-06-25 15:26 · Score: 5, Funny

...when Slashdot raises a stink about them removing it.
"Oops. Sorry. Here's your keylogger back."

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Really Really Really? No. by Kludge · 2010-06-25 15:55 · Score: 5, Funny

My "most modern phone", the N900, is not bound to any carrier, and I am quite certain that my carrier does not have the ability or a clue how to install anything on it. I'm root. Not them.
Apple and Android folks: Enjoy being someone else's bitch.
Was this post obnoxious? Yes, in a very nerdy way.
1. Re:Really Really Really? No. by SpazmodeusG · 2010-06-25 18:07 · Score: 4, Informative
  
  Well the process would be just as hard on Android but he isn't running Android.
  His phone has an officially supported root mode. The root mode isn't killed by updates. It doesn't stop the updates from working. Nor does it prevent you using any applications you could use before like the app store. It doesn't void your warranty. It doesn't require a re-flash.
  So no, the process of getting root for you wasn't as easy for you as it was for the GP.
2. Re:Really Really Really? No. by cbhacking · 2010-06-25 19:23 · Score: 5, Informative
  
  Seriously, this is a worthwhile point. Maemo (OS on the N900) *IS* Linux, not a fancy face on top of it that takes away your control. The default user is not root, but you can become root. The package manager software is setuid root, but you can fix that if you want to make it impossible to install apps without entering a password.
  
  --
  There's no place I could be, since I've found Serenity...
Re:No by Anonymous Coward · 2010-06-25 16:07 · Score: 5, Insightful

Actually, this moves android from "my next phone" to a "definite maybe".
I do NOT like back doors. This makes the SSL Cert that would be used to prove one is google a very valuable target indeed. It really makes me wonder if it is a question of "if" or "when". On top of that, why should I trust google with this? If something needs to be installed, on MY PHONE, I want to be, at least, asked.
-Steve
Re:No by bertoelcon · 2010-06-25 16:28 · Score: 4, Funny

-Steve
Woz, doesn't Apple give you Iphones anyway?

--
Anything can be found funny, from a certain point of view.
Isn't Android Open Source? by warrior_s · 2010-06-25 16:36 · Score: 5, Interesting

Excuse my ignorance... but why is this a surprise when android is an open source OS? Why has anyone not noticed this in the source code!! Or is only kernel open source and not the other parts?
1. Re:Isn't Android Open Source? by dmesg0 · 2010-06-26 00:26 · Score: 4, Informative
  
  Pretty much only the kernel is open source and not the other parts.
  This is incorrect. Most of android is in AOSP, including the kernel, dalvik, UI, launcher, dialer, all the libs etc. You can build a fully working system from the open source components (that's how cyanogenmod is built).
  Only the google-specific applications (Maps, gmail, gtalk, google market, facebook, google voice ) are not open source. Many of them can be replaced with alternatives if one wants to release a system without paying to google: e.g. SlideMe market, one of many different e-mail/gps apps, etc.
  You can check the AOSP contents here.
Re:Drive-by installing by Anonymous Coward · 2010-06-25 16:53 · Score: 5, Informative

You're just flat wrong. WPA isn't compromised in any way even remotely as badly as WEP was/is.
WPA:TKIP can, in certain cases with certain AP's allow one to inject packets into the network. Packets won't come back to the attacker.
Perhaps one can use that as a way to leverage some additional resources to attack a network. Certainly, I wouldn't feel good with someone being able to inject packets - but it's not a game-over exploit like WEP was.
WPA-AES: There's simply no known attack against the cypher. You might be able to brute-force the key - but that's an issue of any shared-secret system - it doesn't have anything to do with the crypto in WPA:AES. The solution is to use a large key-space (all ascii characters, not just uppercase alpha's for example.) and long-ish. 10 chars or more. Bonus points for more random and less guessable secrets.
So, IMO, to claim "...it's not that much more secure than WEP was when it was introduced." is really a massive overstatement due to ignorance, at best or just plain falsehoods at worst.
Re:Call me clueless by AHuxley · 2010-06-25 17:24 · Score: 4, Interesting

Google wanted control so they pushed http://en.wikipedia.org/wiki/Android_(operating_system)
GPLv2 to bait you in, Apache 2.0 to close you down if needed.
You write the 'free' apps, hunt bugs, preach about the 'freedoms', Google tracks, sells ads, data mines, a push and profit with a sting in the tail it seems.

--
Domestic spying is now "Benign Information Gathering"