Google Remotely Nukes Apps From Android Phones 509
itwbennett writes "Google disclosed in a blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market. From the post: 'Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them. After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.' The blog post comes a day after security vendor SMobile Systems published a report saying that 20% of Android apps provide access to sensitive information."
Update: 06/25 16:44 GMT by S : Clarified last sentence, which incorrectly suggested that 20% of Android apps were malicious. According to the report (PDF, which we discussed recently), "a majority of these applications were developed with the best of intentions and the user data will likely not be compromised.
Re:Draconian? (Score:2, Interesting)
Yeah, I chose to reply - someone else can Mod Parent Up.
This sounds like an Apple move - "the App wasn't malicious but we didn't like it so we nuked it for you."
Total Slippery Slope - what else can they nuke when the Mafiaa decide "you have a copy of Oh Mickey In Spanish that violates copyright law so we'll nuke it for you."
Re:Still doesn't bode well (Score:5, Interesting)
Android is, for consumers, anything but open. We're still stuck waiting on ROM releases from manufacturers who don't care about supporting their old devices, even though the new devices are internally more or less the same...
It's a pocket-sized computer, so why don't we have pocket-sized operating systems instead of glorified firmware on them?
First time this has happened (Score:5, Interesting)
And Android prompts you for all these permissions (Score:5, Interesting)
When you install apps from the market or elsewhere, Android prompts you in advance letting you know of all of the permissions this app requires.
There is with this at all. It is no different from random app X requiring my root password and prompting for it. If I trust the app and give it up, this is not a security issue.
This is how you allow apps to have access to these low level permissions, without disallowing them totally, liek Apple in it's walled garden.
It is why there are so many more in-depth Android apps than there are iPhone ones. You can replace the dialer, replace the address book, etc.
This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.
Re:Still doesn't bode well (Score:3, Interesting)
If you want to root your phone and make a virus on it to steal your own data, go for it.
If you post it as an app in the marketplace and misrepresent it, plus the app is malicious then any responsible company needs to be able to protect their customers and their business.
I agree with the fact that they have this ability, and applaud them for using it on this. It puts out a warning shot to others not to do the same thing.
As for personal data and Google, they're the same as Apple and any other company. Expect that what you do with their services will never be private. Apple is now selling their customers data, it seems to be the way of the US corporate bound Internet.
Re:oh noes! (Score:5, Interesting)
Re:oh noes! (Score:5, Interesting)
No, they deleted it FROM MY TELEPHONE. Not stopped selling it in their store, not rejected it in the review process, not sent me an email telling me that there was something wrong with the app and maybe I might want to delete it. THEY DELETED IT FROM MY TELEPHONE.
That's exactly it. I applaud Google for removing a useless and deceptive app from their marketplace, but they should keep their fucking hands off my phone! I don't even want them to have the ability to remove stuff from my phone without my knowledge. Send me an email, send me some kind of alert on Android, make it very easy for me to remove it. All of that would have been fantastic. But removing stuff from my phone without asking me crosses a line that should not be crossed.
Re:Still doesn't bode well (Score:1, Interesting)
There is a fear that Android is "less secure" because it's open, and because there is no central authority that reviews the apps.
By nuking this apps, Google basically said "Hey, Android is safe! Viruses have no chance!" This is an important message, both for virus writers and the public (except masochistic nerds who want the freedom to run viruses).
Re:oh noes! (Score:5, Interesting)
You do not have to get your apps through the Android Market.
AT&T routinely removes [pcworld.com] the checkbox to enable software from "Unknown sources" from its Android phones' firmware.
Re:oh noes! (Score:5, Interesting)
Surely the big difference is that Amazon deleted a book that people intended to read. I don't see any potential harm in Google deleting applications that did nothing except trick users into downloading them and then send user data back to the application author.
If this is what Google intends to use the remote-delete function for then I see it as more akin to antivirus, and most people have no problem with their antivirus program deleting viruses. Those that do can choose not to use antivirus - in this case, not to use the Android Market.
Re:And Android prompts you for all these permissio (Score:5, Interesting)
This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.
Or maybe, just maybe, the security vendor is on their own payroll and is attempting to drum up some fear and uncertainty and doubt in order to sell their own products. Kinda like all the other security vendors out there have been doing for years and years and years.
Re:oh noes! (Score:3, Interesting)
I CARE. I want that ability there. If an app has the potential to harm me or my family financially or damage my phone, I want it gone.
If Google only warned people, How many people would not get the warning until it's too late? How many would even do anything about it. Heck, one person I know didn't even realize what the notification bar WAS, and he had 20 app updates to install after I showed him.
I wouldn't mind seeing a configurable option, but I like that Google (and Apple, for that matter) can catch malicious programs before they harm a bunch of people.
Remember, using your phone costs money. There are at least 3 ways I could directly cost you thousands of dollars with an application: I can make phone calls. I can use tons of data. I can send out text messages. If I had to choose between the current system and no protection at all, I'll take the current system.
Re:But what if I liked the application (Score:3, Interesting)
I agree. I agree entirely. I own an iPhone.
I'd like to stop hearing about how Apple is a terrible corporation because they do a thorough (sometimes overzealous) vetting of the applications that go up on the store before they go there. I'd also like to stop hearing about how because they've laid out a certain set of restrictions (i.e., no porn apps), they're trying to brainwash us. At least they told everyone in advance what they're getting into.
This is something that Google should have the right to do, and something that they should do if they have to. The security and utility of the network may be at stake in some cases.
I know a lot of people are aghast that google has poked at your phone from afar, now, but you're not the only one on the network, no matter what you think. If an app is bad -- maliciously or otherwise -- it's not fair that you get to keep it and screw other people up. Your right to own any app you want ends when it has the potential to impact my network security or service.
These are the conditions of owning a little computer attached to a wireless network in the modern age. If you don't like it, I'm afraid that's too bad.
Re:Where's the outrage? (Score:3, Interesting)
Amazon did it to non-deceptive, paid-for content, without any supporting provision in the TOS under which the content was acquired.
Google did it for deceptively-labelled, free content, under TOS that permitted exactly the action taken.
While there might be legitimate reasons to object to the second as well as the first.
That's one big advantage, yes. One aspect of that advantage is that you have the choice to install third-party apps from an app store which, among other things, reserves the right to remotely remove them in the discretion of the store owner, and the choice to install third-party apps, instead, from alternative sources.
If you choose to exercise the former choice, that is you choice.
Yes, I am happy with people having a choice on the device between using acquiring apps through a venue which openly has a remote kill switch and through alternative venues, and I see no reason to be unhappy with the choice made here to use the remote kill switch Google reserved.
Why should I be unhappy?