Google Finally Uses Remote Kill Switch On Malware

Hugh Pickens writes writes "The Google Mobile Team has announced that in addition to removing the 21 malicious applications from Android Market that were downloaded 50,000 times, suspending the associated developer accounts, and contacting law enforcement about the attacks, they are remotely removing the malicious applications from affected devices. 'We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,' wrote the team on their blog. 'For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).' Google's actions come after numerous complaints in tech publications. "Does Google really want its Android Market to gain the reputation of being a cesspool of malware? 'Certainly not,' wrote Nicholas Deleon in TechCrunch. 'But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.'"

Slashdot hypocrites..

[Anonymous Coward]

If I was to s/Apple/Google/ people would be declaring how this is censorship and true evil and how Apple kills a kitten every time someone jailbreaks an iPhone.

Re:Way to go!

[Anonymous Coward]

And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.

Re:GJ GOOGLE

[whitehaint]

Well considering that Google fixed something a 3rd party created and that Microsoft is the creator of the problem in it's systems I fail to see the correlation.

Re:Way to go!

[Anonymous Coward]

And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.

it didnt stop that flashlight app which doubled as a tethering tool - explicitly against apples rules at the time from getting approved, why would it stop malware?

Really?

[SanityInAnarchy]

How the hell did you get to +5 insightful by implying that we can't tell the difference between preventing people from doing what they want with a device, and preventing developers from taking advantage of users?

Seriously, this is like implying that when we say "Good job" about putting spammers behind bars, you're surprised we weren't defending their freedom of speech. I know it's tempting to think in soundbites, but this isn't hard.

Android is safer than iPhone..

[WarwickRyan]

Angy Birds, for example, collects a heck of a lot of personal information on the iPhone. Why? Because the user isn't warned about it. Their Android application has so far been much cleaner, mostly because Android asks the user to give the app permission to access certain data.

Link: http://www.observer.com/2010/media/angry-birds-and-other-must-have-apps-collect-more-personal-data-you-think [observer.com]

Re:Slashdot hypocrites..

[phantomfive]

Maybe, or maybe Apple not letting me put things I want on my phone IS annoying, but what Google is doing here is not. There really is a difference between purging malware (which no one wants) and purging stuff people do want. Really.

Re:Slashdot hypocrites..

[rjstanford]

Not quite. You did choose to install it. It just does something that Google (or Microsoft or whoever) feels that you probably don't want it to do. Or at least, it's doing something that they don't want it to do. So they delete it.

All good, right? Well, as long as you trust their opinion of what software should do more than your own. Which is a point always brought up by Android fans to stomp on the Apple store. Except when google does it because... um... they said they wouldn't? And that's...better?

Re:Way to go!

[Anonymous Coward]

The reason for Apple's 'Walled Garden' has little to do with security, and Everything to do with control.

Seems like a good standard

[gman003]

One of the things I noticed was "and contacting law enforcement about the attacks". I think that could be a pretty good standard to follow for using a remote-deactivation capability, to prevent it from being abused. "If it's serious enough to use a kill switch, it's serious enough that someone will be filing a lawsuit, and we're sure enough of it that we're reporting it to police (under threat of perjury)."

This is probably the best compromise. Obviously, some people would prefer no kill switch at all, while others would like the kill switch to be used on practically anything they don't like. If "serious enough and sure enough to sue" is the standard being used, it won't affect free speech (since, if you would be sued over it already, we've already lost that battle), and it makes accidents much less likely. Now, requiring that lawsuit to be won would make it even safer, but you run into the problem of it continuing to do damage for the years it takes to finally settle the suit.

Overall, I would like to see that standard officially written and adopted, even if it isn't made legally binding. It would make me feel a lot better about the existence of a kill switch, knowing that it will only be used in truly serious cases.

Re:Way to go!

[DavidinAla]

The fact that Apple's approval process isn't PERFECT at stopping everything doesn't mean that Google's policy of stopping NOTHING until a quarter of a million people have already downloaded the malware is a good idea.

Re:Way to go!

[CheerfulMacFanboy]

Because we know that Google has the guts to be controversial and do this, while Apple probably wouldn't.

So Apple got attacked when people heard the iPhone had a "kill switch" for apps - and then Google gets cheered on for actually using theirs on Android many times over - and then Apple gets attacked for not using theirs once?

Re:260,000 infected Android devices

[Anonymous Coward]

I'm hopeful you're not this much of an asshole in real life.

*Only* Information

[healyp]

FTFS: "we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI..."

Only the IMEI/IMSI!? You know only the things that uniquely identify YOUR phone among millions, and two pieces of information that are necessary required to clone a phone or SIM.

The attackers only got those, they weren't able to get anything important like facebook logins or anything...

Re:GJ GOOGLE

[rainmouse]

Well considering that Google fixed something a 3rd party created and that Microsoft is the creator of the problem in it's systems I fail to see the correlation.

To be fair if Microsoft started remotely removing software from your computer that they deemed a threat there would be a considerable backlash.

Re:within minutes?

[Tacvek]

Google's biggest weakness is that they have virtually no support channels. They have a small number of email addresses/forms that can be used for that sort of thing, but the huge number of messages they get means those have huge backlogs. They have Groups for some topics, but my understanding is that many have nobody who is tasked with reading them, so messages only get read sporadically. (Like Dianne Hackborn is known to respond to messages on the Android Groups, but she is busy enough with Android development that she probably does not manage to read all or even most of he messages posted.)