Slashdot Mirror
Google Finally Uses Remote Kill Switch On Malware
Hugh Pickens writes writes "The Google Mobile Team has announced that in addition to removing the 21 malicious applications from Android Market that were downloaded 50,000 times, suspending the associated developer accounts, and contacting law enforcement about the attacks, they are remotely removing the malicious applications from affected devices. 'We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,' wrote the team on their blog. 'For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).' Google's actions come after numerous complaints in tech publications. "Does Google really want its Android Market to gain the reputation of being a cesspool of malware? 'Certainly not,' wrote Nicholas Deleon in TechCrunch. 'But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.'"
Good job again google. That's why you're on top.
Correction: The malware was downloaded 260,000 times, not 50,000 as initially reported. source
If I was to s/Apple/Google/ people would be declaring how this is censorship and true evil and how Apple kills a kitten every time someone jailbreaks an iPhone.
And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.
These "remote removal" schemes seem to come with a "sole discretion" clause. Not, say, "after confirmation by the US Computer Emergency Response Team".
But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.
This might be true with respect to application developers but not hardware manufacturers such as Archos. To remain cost-competitive with iPod touch, Archos devices are missing various input and output components not needed in a portable media player, such as a cellular radio, compass, and GPS. However, because certain versions of Google's Android Compatibility Definition Document (CDD) list these components as requirements, Archos hasn't been able to include the Android Market application with the devices. To access the Market (and not the AppsLib that has a far smaller selection), one needs hacks that Google could cease-and-desist, just like it cease-and-desisted CyanogenMod for including Google applications.
What does this even mean? Apple wouldn't use their total control over their devices to remove malware from them? Of course they would, and they should!
how many iPhone apps leak the IMEI??
And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.
it didnt stop that flashlight app which doubled as a tethering tool - explicitly against apples rules at the time from getting approved, why would it stop malware?
How the hell did you get to +5 insightful by implying that we can't tell the difference between preventing people from doing what they want with a device, and preventing developers from taking advantage of users?
Seriously, this is like implying that when we say "Good job" about putting spammers behind bars, you're surprised we weren't defending their freedom of speech. I know it's tempting to think in soundbites, but this isn't hard.
Don't thank God, thank a doctor!
Angy Birds, for example, collects a heck of a lot of personal information on the iPhone. Why? Because the user isn't warned about it. Their Android application has so far been much cleaner, mostly because Android asks the user to give the app permission to access certain data.
Link: http://www.observer.com/2010/media/angry-birds-and-other-must-have-apps-collect-more-personal-data-you-think
I was stupid enough myself to buy a Sony-Ericsson Android device only for them to basically drop it a month later, so presumably it will always be vulnerable to the holes used by this round of malware?
This is the difference between free and proprietary software: Apple's software is proprietary—you have no way to restrict Apple from using their power to "kill" (their term) applications on your computer. If Android is free software—software which respects your freedom to control your computer—it's up to you to make things better by hacking software or getting more knowledgeable people involved. Free software lets you choose to remove the code that grants Google app-killing power (or have someone remove app-killing code on your behalf) leaving you free to independently determine what programs to run no matter who calls those programs "malware". After all, if it's your computer you should determine what you want running on that computer. Given this understanding, I don't see the hypocrisy. I also don't see the problem in jailbreaking an iPhone other than doing business with Apple in the first place (one should not reward one's "jailer").
Digital Citizen
You don't have to follow googles rules exactly. But you do need to follow the law somewhat.
Win for everyone except the malware authors. Screw those guys.
The reason for Apple's 'Walled Garden' has little to do with security, and Everything to do with control.
Apple takes the submitted app and runs it to see if it calls any prohibited APIs. Also they check if it accesses any data without authorization, such as when Apple blocked apps from using an ad framework that took too much OS data about its users.
Today on Slashdot, I'm going to pretend to be an outraged geek, disgusted by Google's outrageous and despicable behavior, and now finally seeing just how good and pure is Microsoft.
Boooo, Google! Hooray, Microsoft!
The fact that the protection doesn't stop 100% of malicious apps doesn't mean it is not effective.
And they didn't catch the tethering app, what makes you think they would catch malware?
Malware could simply do something mundane until after Apple have done their tests, and then activate its malicious functions later down the line when lots of users have it installed.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
What would be nice, is even if the market place is left open, there would be an option to pay Google to certify your application. The idea being that people can then choose between "certified" apps or uncertified ones. This would help give users some sort of reassurance, but still leave the choice option open.
As to the kill switch, does Google print a list of applications to which it was applied?
Jumpstart the tartan drive.
Apple has a walled garden.
These applications had root-level access to all phones that were not patched with the latest version of Android (which given the state of Android updates left a couple hundred Nexus One/S owners safe while everyone else was left in the cold).
What's to stop malware with root-level permissions from disabling the kill switch next time?
Google needs to get the Android update situation under control. It's an absolute mess right now.
One of the things I noticed was "and contacting law enforcement about the attacks". I think that could be a pretty good standard to follow for using a remote-deactivation capability, to prevent it from being abused. "If it's serious enough to use a kill switch, it's serious enough that someone will be filing a lawsuit, and we're sure enough of it that we're reporting it to police (under threat of perjury)."
This is probably the best compromise. Obviously, some people would prefer no kill switch at all, while others would like the kill switch to be used on practically anything they don't like. If "serious enough and sure enough to sue" is the standard being used, it won't affect free speech (since, if you would be sued over it already, we've already lost that battle), and it makes accidents much less likely. Now, requiring that lawsuit to be won would make it even safer, but you run into the problem of it continuing to do damage for the years it takes to finally settle the suit.
Overall, I would like to see that standard officially written and adopted, even if it isn't made legally binding. It would make me feel a lot better about the existence of a kill switch, knowing that it will only be used in truly serious cases.
...and emulator software.
Gentoo Linux - another day, another USE flag.
The fact that Apple's approval process isn't PERFECT at stopping everything doesn't mean that Google's policy of stopping NOTHING until a quarter of a million people have already downloaded the malware is a good idea.
If smartphones were only owned/used by tech savvy people like most of us commenting/reading here, then their hands off approach to the Android Marketplace wouldn't be such a big deal, but thats not the case. Google and the carriers are marketing Android as an OS not just for the nerds but for everyone, because of that I think Google bears responsibility for what happened. Their hands off policy in the Android Marketplace pu users at significant risk for this malware in the first place, and does nothing to prevent it from happening again. Openness has its advantages, but those advantages are primarily useful to a select few. MOST users want a smartphone that is easy to use and lets them do things like browse the internet, check e-mail, consume media and play some games. MOST users are not tech savvy, and therefore MOST users aren't even going to know what to look for to try and avoid malware like this. Whats worse is that MOST users think Google is a trustworthy company so they will assume that the official Android Marketplace that ships on their phones and is provided by Google is a safe place to obtain apps. As we have found out recently, that is far from the truth. Google's free-for-all marketplace approach is harmful to average users. I'm not saying that the answer is to lock down Android to he same extent that Apple and Microsoft have done, but the totally open Android Marketplace should be an alternative, not the primary source. As the provider of the experience Google needs to set up a trusted marketplace where they put more scrutiny and oversight into apps and make THAT the default experience for the user. From within that marketplace Google could offer access to the untamed wilds that currently exist today, but MOST users wouldn't need to venture into that space, and would therefore be at far less risk than they are now.
And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.
It stops all that nasty malware from the App Store! Hear hear!
Instead, they let it in through the front door via a glaring remote web based security hole in the core system.
http://mashable.com/2010/08/02/ios-4-jailbreakme/
Device manufacturers have to meet the minimum spec to have market access.
But if Google doesn't set a minimum spec that's realistic for a PDA, then Google is handing the PDA market to Apple with its iPod touch. Microsoft had already left the PDA platform market after discontinuing Windows Mobile Classic (formerly Pocket PC) in favor of Windows Phone 7.
Google:
Within minutes of becoming aware, we identified and removed the malicious applications.
But from the comments in the blog post, we can read that:
This is where the problem is. You became aware because someone had a contact inside Google who alerted to right people.
According to one of the developers of the hijacked applications, he had tried for almost a week to get in contact with someone through the normal channels to correct the situation.
I am sorry if I sounds harsh, but Google are a master of data processing, and surely you should be able to pick up a distress call from a developer within hours instead of a week.
Bram Stolk http://stolk.org/tlctc/
only the devices with the malware are having code pushed. the dont need it, which is how you can clearly see that they are not patching their own code, only removing the malware. to prevent this from even occuring next time they might have to change their veting systems, and that might have a follow on affect on the code, but the security issue exists at a higher level.
Well yes you're right. Control is needed to try and attempt to keep quality high both in content and coding and to help keep security high.
Mobiles are different from desktops and I think resorting to virus scanning on mobiles would be awful. While Apple's approach is by no means perfect it is actually looking like the best solution. I just don't bother with the app market for my Android. There is a lot of shit in the market to sift through and while being concerned with how many apps ask for all sorts of permissions we're now finding out that actually a lot of bad stuff is getting through and not being found straight away.
I do think my next phone will be an iPhone. The games are definitely better and until Google proves to at least be more proactive on filtering out the rubbish then I just can't trust the apps and what is the point of a smart phone without apps?
If Google can tell me what the app needs access too then surely there is some way they could come up with a system that flags apps ask having questionable requirements and requiring someone at Google to personally review it before it makes it onto the market.
When you want people to tie all their personal information and even payment methods (ie Google Checkout) to a device it needs to have some sort of security. It is not good enough to kill it after it's been downloaded a quater of a million times. Alternatively they can come up with some sort of mobile virus / malware scanner and risk complaints about battery life and performance.
Of course if it's in the terms-and-conditions of connecting to the provider, that's something different. But otherwise ... heck, if I want to doodle on my copy of 'The Brief history of time', that's my affair. Not the publishers, or Hawk's.
"The greatest lesson in life is to know that even fools are right sometimes" - Winston Churchill
Welcome in the brave new world, where devices you bought don't belong to you anymore. Amazon remotely deletes bought books, Sony sues hackers that modifying their own PS3s, Microsoft threats to sue everyone who tries to use their Kinec with not approved means, and now Google remotely deletes applications and installs new ones.
Is that the future of computing?
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
Because we know that Google has the guts to be controversial and do this, while Apple probably wouldn't.
So Apple got attacked when people heard the iPhone had a "kill switch" for apps - and then Google gets cheered on for actually using theirs on Android many times over - and then Apple gets attacked for not using theirs once?
Fandroids hate facts.
1. Add time trigger to make the app only access bad stuff after a certain date or have it fetch a trigger from some server...
2. Turn over binary to apple.
3. Get verified.
4. flip switch
5. ???
6. Profit?
And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.
it didnt stop that flashlight app which doubled as a tethering tool - explicitly against apples rules at the time from getting approved, why would it stop malware?
Of course the real question is: if it isn't the walled garden, what else stops malware on iOS? And how can Android use that?
Fandroids hate facts.
Only the IMEI/IMSI!? You know only the things that uniquely identify YOUR phone among millions, and two pieces of information that are necessary required to clone a phone or SIM.
The attackers only got those, they weren't able to get anything important like facebook logins or anything...
It's not effective enough, though it depends a lot on your threat model. Given that nation-sponsored malware has now been deployed and observed, and I think we need to be more careful.
As if we were all waiting on them to do this? You do understand a) this is the second time they've done this and b) all previous malware "threats" were theoretical attacks and demonstration apps -- not "in the wild" maliciously-intended exploits? The last time they did it was to remove an app created by a security researcher that could theoretically do all sorts of malicious things just to see if people would install it despite the warnings.
Where does "finally", figure into this -- except by way of yellow journalism?
Then why has Google required GPS even to be able to download applications that do not use the GPS, a compass even to be able to download applications that do not use a compass, telephony even to be able to download applications that do not use telephony, etc.? Can you recommend a product that A. runs Android, B. costs $200 to $300 like an iPod touch without a telephone service commitment, C. meets the min specs for access to the platform's largest app market, and D. is sold in the United States, which is my home country and Slashdot's? Unlocked phones tended to fail B last time I checked, Archos 43 fails C, and Samsung Galaxy Player failed D last time I checked.
If Archos want official access to the android market, they have to add in the camera, GPS etc like Samsung have done.
Is it possible to add such components and still come in close to the $249 price point?
And there is no PDA market. There's a phone market, and a market for PMP style multi media devices.
Then please allow me to rephrase: If Google doesn't set a minimum spec that's realistic for a PMP-that-runs-apps, then Google is handing the PMP-that-runs-apps market to Apple with its iPod touch.
http://www.binplay.com/2011/03/can-slashdotters-get-over-windows-geeks.html
Is there a list of apps that were removed?
I believe it was Douglas Adams who explained how careless talk costs lives.
A compromise is not necessary. At least not for situations like this one.
Consider something more like SSL's certificate revocation list. I know little about Android, but assuming it uses a software management system similar to Debian's dpkg, each software installation has a signature. For each repository (app store) the device uses, it would subscribe to an application revocation list. When an application is listed for removal the device could CHOOSE to remove the app OR NOT. I'm emphasizing choice, because the power to remove an application is transferred from the content provider to the device owner. The remote control stuff just bothers me, regardless of the controller's motives.
More thoughts. You could have more information in the ARL (application revocation list) including severity and a detailed message which explains the problem. This would allow the user to understand why the app is to be removed and to be made aware of what negative effects the malware may have imposed.
I imagine the reason for remote wipe is not so much to stop malware, but more likely for removing functionality against the user's will as Amazon has done with some of its e-books on the Kindle. I say this because a kill-switch implementation would surely be far more complex to implement than what I've proposed and I can't be the first to think of this simple solution to the potential malware problem.
Just think for one moment about our good friend, average joe phone user. He doesnt know much about computers, he just bought a phone where he can also play a game or two while on the bus, plus a whole load of good things he doesnt know about just yet.
For all the goodness of doing things the open way, that guy would benefit way more from having an approval process for apps. It would ensure that blatant attempts such as this dont get through, thus removing the problem befire it actually hits the user, not reacting to it after whatever damage is done. The question shouldnt be about whether such a process is needed, but who sets the criteria for approval. THAT would be a way to differentiate from all the Apple "badness". Skipping the entire process is basically asking users to trust all devs to play nice.
Finally !!! I have been looking forward to this. I agree healy, it was IMEI and IMSI numbers attackers would have gathered. Business Loans
Does anyone know how this would affect Android devices such as Archos tablets (specifically the 32 model)? I have the gapps4Archos hack and have account info on things like Gmail, Maps, etc.
Also, as someone noted above, did Google publish a list of the apps removed?
A) LOL, assuming that you are correct, you ignore the rest of the article: "it's harvesting—and delivering—much more. Your contacts, city, latitude and longitude, phone ID and username and password are all collected and sent to third parties."
So delete location: "Your contacts, city, phone ID and username and password are all collected and sent to third parties."
Damn, diversion tactics by focusing on just one aspect. Just like the company in question. NICE. Next time, pay attention to the advertisements and see if they're targeted to where you are (especially if you go to a new location / city without using GPS) I wonder if the GPS location icon shows if it's using wifi / wireless triangulation as it's instantaneous (it doesn't need to acquire a lock).
B) Did you notice that if you DO use the GPS for any reason, it's sent back home? Google maps? Sent to Google and the mothership. Facebook Places? Google + mothership. So even if APL has *NOTHING* to do with the app, you're still sending it. It's awesome since: 1) You agreed to it. I challenge you to find where you did. 2) Try finding the opt-out without searching for articles that mention this (as you wouldn't know about this if I didn't tell you / stumble into the articles that say so)