Google Finally Uses Remote Kill Switch On Malware

Hugh Pickens writes writes "The Google Mobile Team has announced that in addition to removing the 21 malicious applications from Android Market that were downloaded 50,000 times, suspending the associated developer accounts, and contacting law enforcement about the attacks, they are remotely removing the malicious applications from affected devices. 'We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,' wrote the team on their blog. 'For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).' Google's actions come after numerous complaints in tech publications. "Does Google really want its Android Market to gain the reputation of being a cesspool of malware? 'Certainly not,' wrote Nicholas Deleon in TechCrunch. 'But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.'"

GJ GOOGLE

[Soilworker]

Good job again google. That's why you're on top.

Re:GJ GOOGLE

[Rosyna]

Good job again google. That's why you're on top.

So it's a good thing that Google can, has, and will continue to remote remove (remote kill) applications downloaded onto phones.

Apple has removed apps from their store, but never from the phone itself once the app has been downloaded.

Re:

[RoFLKOPTr]

This whole thing is hilarious, because iirc there was a story on this very website only a few months ago condemning Google for even HAVING a remote kill switch.

Re:GJ GOOGLE

[Deathlizard]

Except that it's unlikely that this will totally clean the problem.

This Exploit Rooted phones. That means Google lost control of the phone the second the user installed and run the malicious app. They could remove all of the malicious apps all day long but all that does is remove the Trojan Horse that dropped the rootkit.

As for the removal tool Google is planning to send. If the virus programmers have any sort of brain the first thing they're going to do is block the removal tool from removing the rootkit by sending a patch to the rootkit. It wouldn't surprise me if the rootkit doesn't phone home soon and download something to either spoof that the rootkit was removed or block the rootkit remover altogether and disable apps (either from Google or a third party) designed to remove the exploit. Google giving them a heads up through the blog post that they got 72 hours to code such a patch just made the virus writers job even easier.

Now I'm not saying that Google is handling this totally incorrectly. If I was Google, I would have taken many of the steps that they are currently doing, except I would not publicly lay out the plan until after it was executed. I know it would give Google Bad PR by sending apps without user knowledge, but it would have minimized a counterattack time frame from the virus writers and would have been the safer option overall. I just hope that Google has another strategy if this one fails, such as carrier involvement to recover and possibly disable remaining infected phones until it can be cleaned by a carrier tech.

Re:

[siddesu]

Not quite. It would be a really good job if it asked me for permission before it activated the remote kill feature, not just send me a notification. Google should not totally forget the OS they developed is running on my device.

Re:

[whitehaint]

Well considering that Google fixed something a 3rd party created and that Microsoft is the creator of the problem in it's systems I fail to see the correlation.

Re:

[Flytrap]

FTA: "The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher..."

So if a malware writer takes advantage of a vulnerability in an old or unpatched instance of Windows its Microsoft's fault... but if they take advantage of an exploit in Android its not Google's fault.

This logic does not compute.

Re:GJ GOOGLE

[rainmouse]

Well considering that Google fixed something a 3rd party created and that Microsoft is the creator of the problem in it's systems I fail to see the correlation.

To be fair if Microsoft started remotely removing software from your computer that they deemed a threat there would be a considerable backlash.

Re:

[locallyunscene]

Well I'm not going to say that position is right or wrong, but it is defensible. Microsoft, Apple, and Amazon have used these types of powers do enforce copyright, not provide better service to the users. Google has not (yet).

Personally, if Microsoft or Apple had done this I would say it is the correct use of a kill switch, but be worried about the precedent of using it. I feel pretty much the same way about Google using it.

Re:

[GigsVT]

MS's malware thing works OK for certain things. It's not meant to catch everything, Microsoft Security Essentials or the Onecare scanner is more for that.

Keep in mind they mainly created the removal tool to get severely broken computers up to the point that their security updates and service packs wouldn't make the situation worse.

Re:GJ GOOGLE

[tomhudson]

The next time Microsoft releases a patch for a security vulnerability I would like to see this sentiment repeated.

Okay, next patch Tuesday, someone please make Haven happy and post a "Good job again google. That's why you're on top." post.

Re:

[jelizondo]

You should be careful with what you post!

Did you know that postings like yours can cost lives?

Good Lord! I almost choked on my dinner when I laughed out load!

Not having someone around for a Heimlich maneuver with posts like yours is very dangerous.

Please give proper warnings before posting like this again.

Thank you

Re:

[tomhudson]

So you would have really liked this [slashdot.org] blast from the past :-)

For a few weeks, when you searched for Maureen O'Gara, it was the #2 hit.

Re:

[Em Ellel]

The next time Microsoft releases a patch for a security vulnerability I would like to see this sentiment repeated.

Generally I think when Microsoft release a patch of a security vulnerability - I do say good job. Everyone has security problems, the issue is how they deal with it - and Microsoft in the past often ignored the issue for a long time (I dont deal a lot with Windows these days, but it does seem that that has shifted as of late)

Of course as others pointed out - this less like Microsoft patches to their own code and more like forced Anti-Malware install - for which I have mixed feelings.

Re:

[artor3]

"We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices" sounds an awful lot like Google is patching their own code.

Re:

[_Sprocket_]

The next time Microsoft releases a patch for a security vulnerability I would like to see this sentiment repeated.

If you can point to a post on /. where the general consensus is that Microsoft did something wrong by releasing a patch, then you'll have a point. The same goes for Apple while we're at it.

260,000 infected Android devices

[Anonymous Coward]

Correction: The malware was downloaded 260,000 times, not 50,000 as initially reported. source [techcrunch.com]

Re:260,000 infected Android devices

[HLJ76]

Also the summary notes only device information was potentially stolen, but fails to note that the malware was able to download more code [pcmag.com] that could do just about anything with the device. Can the market patch remove that code from the device, or will it only remove the downloaded apps leaving all post-downloaded code there to do whatever it wants to do?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Slashdot hypocrites..

[Anonymous Coward]

If I was to s/Apple/Google/ people would be declaring how this is censorship and true evil and how Apple kills a kitten every time someone jailbreaks an iPhone.

Really?

[SanityInAnarchy]

How the hell did you get to +5 insightful by implying that we can't tell the difference between preventing people from doing what they want with a device, and preventing developers from taking advantage of users?

Seriously, this is like implying that when we say "Good job" about putting spammers behind bars, you're surprised we weren't defending their freedom of speech. I know it's tempting to think in soundbites, but this isn't hard.

Re:Slashdot hypocrites..

[phantomfive]

Maybe, or maybe Apple not letting me put things I want on my phone IS annoying, but what Google is doing here is not. There really is a difference between purging malware (which no one wants) and purging stuff people do want. Really.

Is Android free software? If so, no hypocrisy.

[jbn-o]

This is the difference between free and proprietary software: Apple's software is proprietary—you have no way to restrict Apple from using their power to "kill" (their term) applications on your computer. If Android is free software—software which respects your freedom to control your computer—it's up to you to make things better by hacking software or getting more knowledgeable people involved. Free software lets you choose to remove the code that grants Google app-killing power (or hav

Re:

[CheerfulMacFanboy]

Which is why I am probably going to go with Andriod and not an iPhone when I upgrade my phone next week.

Android phones unfortunately are expensive, but in the end the developers will hopefully start sticking with Android and not put up with th*s crap.

They already are - why else would all the malware writes work exclusively on Android, apart from a few still sticking to jailbroken iPhones?

Re:

[Kalriath]

Be careful though, some handset manufacturers are DRMing the boot loader to only load signed code so that you can't remove operator branding and install custom ROMs.

Re:Is Android free software? If so, no hypocrisy.

[Keen Anthony]

I bought my 16GB iphone for about $189 at my Apple Store. I renewed my 2-yr contract with Verizon and got an additional discount which I assume was for customer loyalty. Hopefully, you have an option like that available to you. I initially bought a Droid X full price. I don't think the iPhone is that much more expensive than full retail price I paid for my Droid.

The one thing I do love about Android phones is that I can write my own app and put it onto my phone. I need only checkmark a setting that lets me load non-market apps at my own risk. I don't have that ability with iPhone. I'm still waiting to get listed as an iPhone dev, but once that happens I believe it will mean I can live test my own homegrown apps on iPhone after (at least if my reading of Apple's terms is correct).

I believe we're giving undue credit to Android for being open. Android itself is open and free. But from what I've seen on the various HTC and Motorola Androids I've bought in the last year, each vendor's specific Android is not that open. Is Moto's Blur not proprietary? What about HTC's Sense UI? I've been told countless times to stop supporting Motorola because Motorola locks down their phones, thus taking away from that openness that is Android. Is it all a lie? People are telling me to buy HTC because they play well with modders.

I wasn't able to install all I wanted on my Droid. I was told I needed to root the phone. I had to wait until someone found a way to, and then risk following the steps. So, if at the end of the day, I'm still forced to root rather than jailbreak, how exactly am I realizing the difference between free and proprietary software? I haven't jailbroken my iPhone yet. I likely won't until I decide I absolutely need to have a bluetooth file transfer (something iPhone lacks), but until I do, I can at least enjoy an app market that is better for my needs.

Re:

[SenseiLeNoir]

I think its more of a case of WHY you need to root/jailbreak the phone which is where Android and iOS differ.

There are many reasons to root/jailbreak a phone:
1) Install own built apps/non marketplace apps
2) defeat the chroot jail (iOS) or access root user(android), in order to run an app that accesses APIs/features that normally need root (typically low level system software), such as network analysers, rootkits, etc
3) Install custom firmware
4) Modify radio/sim access/etc (remove provider lock)

Android (gene

Re:

[Keen Anthony]

No, I wasn't trolling, otherwise why would I even say anything positive about Android? In the case of my original Droid and my Droid X, I was able to run a backup copy the Tetris clone BitBlocks after it was no longer available in the market. Definitely a plus for Android since I only needed to run a backup app on my installation in order to create a new .APK and then reinstall as needed after checking to enable non-market apps. I need to root, however, in order to take advantage of some of AutoKiller Memor

Re:

[Keen Anthony]

Just a correction: bluetooth file transfers is something that Apple arbitrarily opted *not* to provide. This iPhone 4 is my first iPhone, and I ignored the platform before this one, so I don't know why the 4th iteration of this phone still doesn't allow this.

Re:

[PipsqueakOnAP133]

Let's see... Bluetooth file transfer is basically like FTP: You see a directory from the other device and can arbitrarily send/receive files.

You have an iPhone; so ponder this: where would Bluetooth FTPs go?

There isn't a shared storage space on the iPhone accessible by all applications. There is no SD card.

Each app has it's own sandboxed home directory. In fact, this is why there is no SD card.
On the upside, this is why backups/restore/uninstalls are so clean.

The only shared area is reserved by the system f

Re:

[Keen Anthony]

Thank you, really. That's the best explanation I've gotten so far after asking about. I've gotten really canned responses like: "Apple will likely give that feature when they figure out how to make it perfect", and "Bluetooth file-sharing is a bad paradigm. MMS pics and videos, email the rest, share between clouds", etc.

Re:

[SenseiLeNoir]

Thanks for clarifying that!

I understand what you are trying to say.

Ok, to respond to the issue about provider lockdowns. Unfortunately this is an issue with ALL phones (except the iPhone). The providers like to "customize" their phones, and android phones are also victims of this butchery. the iPhone does not suffer so much because of Apples "approach", but thats why they have different tarrifs. I have a sim free HTC Desire, and get all the features advertised, so i get the hotspot, and stuff built in, I di

Re:

[shentino]

First of all, it would be Apple doing the actual killing. Apple is not a force of nature that is immune to moral codes, or the law for that matter.

Second, participation in the android app store is optional.

Re:Slashdot hypocrites..

[rjstanford]

Not quite. You did choose to install it. It just does something that Google (or Microsoft or whoever) feels that you probably don't want it to do. Or at least, it's doing something that they don't want it to do. So they delete it.

All good, right? Well, as long as you trust their opinion of what software should do more than your own. Which is a point always brought up by Android fans to stomp on the Apple store. Except when google does it because... um... they said they wouldn't? And that's...better?

Re:

[thegarbz]

Hardly. One side bans even mildly obscene boobies despite having the facilities to control the age of the people they are distributing content to, will ban any product that competes with own said products, anything which doesn't conform to the perfect world as defined by Father Jobs, and when something does slip through the censor and people do download it, when they remove it they also nuke it from all the phones.

The other remote nukes malware and otherwise couldn't give a fuck.

I can tooootally* see

Re:

[rjstanford]

Then why not send everyone a message saying, "Hey, you chose to install this app, and that's cool and all, but its doing bad things, would you like to remove it? [Yes] [No]" That would be completely reasonable and in full keeping with their advertised goals. The fact is that either platform allows someone else to decide (at their total discretion) that you don't need an app you've chosen to install, and lets them remove it without your consent.

Yay openness.

Re:

[rjstanford]

It's a bit more clear-cut than that. The applications are advertised as doing something. They also happen to exploit a vulnerability in the OS, in a way that can't possibly have to do with advertised functionality. There is very little chance that users installed the software for these "extra features," especially because they have just about no way of even knowing they exist.

So why not patch the vulnerability instead of removing the software that's currently using it?

Look, I'm not trying to stand up for malware, just pointing out that in each case its the OS/appstore vendor making a determination that you, the user, don't actually want the application that you, the user, installed. The difference is that one vendor has been very up-front about telling the userbase that they're going to do this, and the other one has had some of its fanatical userbase choose it because they'd n

Re:

[rjstanford]

To clarify, I meant in terms of pushing a minor OS patch, not in rolling the device up to 2.2.x or wherever the trunk fix lies.

Re:

[Duradin]

Stop browsing bizarro.slashdot.org and you'll see what they're on about.

More overreaching "sole discretion" terms.

[Animats]

These "remote removal" schemes seem to come with a "sole discretion" clause. Not, say, "after confirmation by the US Computer Emergency Response Team".

Re:

[fermion]

I think it would be much better to have a blacklist of known infected apps. The phone can check against this lis, and, just like other malware detectors, note that it is dangerous, and why, and then prompt the user for removal.

Of course no one, not even the OHC, believes the user owns the mobile device and as such should have complete control over what happens on it. So, as expected, Google does as it pleases when it pleases, even when here is a genter and equally effective alternative.

Re:

[Firehed]

I think it would be much better to have a blacklist of known infected apps. The phone can check against this lis, and, just like other malware detectors, note that it is dangerous, and why, and then prompt the user for removal.

Ehh... while I like your sentiment, it's just not a good idea. People just don't give a crap about security (those not reading /. anyway), and that kind of opt-in prevention will be about as effective as Windows XP pre-SP2, which is to say not at all. Especially if something pops up while the user is in the middle of doing, well, pretty much anything - they're just going to hit the "shut up and go away" (cancel) button.

I think there should be a published list of deleted apps (they can push an update of thi

Openness and Archos

[tepples]

Quoth Nicholas Deleon in TechCrunch:

But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.

This might be true with respect to application developers but not hardware manufacturers such as Archos. To remain cost-competitive with iPod touch, Archos devices are missing various input and output components not needed in a portable media player, such as a cellular radio, compass, and GPS. However, because certain versions of Google's Android Compatibility Definition Document (CDD) list these components as requirements, Archos hasn't been able to include the Android Market application with the devices. To access the Market (and not the AppsLib that has a far smaller selection), one needs hacks [arctablet.com] that Google could cease-and-desist, just like it cease-and-desisted CyanogenMod for including Google applications [gizmodo.com].

Re:Openness and Archos

[teh31337one]

Oh come on. The google apps are their own proprietary apps, and manufacturers pay to have them - that's why CM couldn't include them. Market place is controlled by Google, and they can remove malicious applications if needed. Device manufacturers have to meet the minimum spec to have market access.

Re:

[jscotta44]

"minimum spec"? Hmmmsounds like someone else (not the developer) is setting standards that the developers have to live with if they want to participate in Google's sand box. Doesn't Apple get spanked here for doing that?

Re:

[teh31337one]

It's stuff like: having a camera, GPS, access to the internet, a touch screen etc.

Re:

[jscotta44]

And your point is? I know what the minimum specs are. However, isn't point of open systems that I can put up whatever I want –including hardware and software? Who is Google to be telling anyone that there system on the open market doesn't meet minimum specs? Who died and made them Apple to make such decisions?

Re:

[teh31337one]

They're not mandating it on anyone. These min specs are for having access to the android market on your device. Android market is proprietary - Google get a 30% cut from app sales, and they have specs that OEMs have to meet to gain access to the market.

The min specs might be cost prohibitive

[tepples]

Then why has Google required GPS even to be able to download applications that do not use the GPS, a compass even to be able to download applications that do not use a compass, telephony even to be able to download applications that do not use telephony, etc.? Can you recommend a product that A. runs Android, B. costs $200 to $300 like an iPod touch without a telephone service commitment, C. meets the min specs for access to the platform's largest app market, and D. is sold in the United States, which is my home country and Slashdot's? Unlocked phones tended to fail B last time I checked, Archos 43 fails C, and Samsung Galaxy Player failed D last time I checked.

Re:

[tehcyder]

And your point is? I know what the minimum specs are. However, isn't point of open systems that I can put up whatever I want –including hardware and software? Who is Google to be telling anyone that there system on the open market doesn't meet minimum specs? Who died and made them Apple to make such decisions?

No one is forcing you to use Android Market, but if you do, it is owned by Google so they can set whatever rules they want.

The whole idea that Android is an open system is ridiculous, Google are better than the Apple walled torture palace, but they're not exactly the GNU Foundation.

Re:

[jscotta44]

No one is forcing you to use Apple's store either. Just jailbreak your iPhone and have at it. Overall I agree with your sentiment, except that Google is better than Apple. My experience with both has led me to prefer Apple and its ecosystem. However, I am glad we have the choice. Now we just need a few more players to get serious so we can have just a bit more choice to keep Google and Apple honest (wellas honest as they can be).

Re:

[tepples]

Use a different marketplace, download .apk's directly from the net

So how do I convince my bank to offer its check deposit application in AppsLib or offer bare .apk's so that I can deposit checks with my Archos 43's camera?

Re:

[tlhIngan]

Use a different marketplace, download .apk's directly from the net

Have you ever tried it? Very, very, very few apk's are actually available outside the marketplace. And alternative marketplaces are just as dismal. I've tried GetJar, SlideMe and APKtor. You'd be hard-pressed to find any that have more than around 10,000 apps. Especially places like GetJar and SlideMe.

Face it, the only way to get apps outside the Marketplace is ... pirating via BitTorrent. Most devs only stick with the official Google Marketp

A realistic minimum spec plz

[tepples]

Device manufacturers have to meet the minimum spec to have market access.

But if Google doesn't set a minimum spec that's realistic for a PDA, then Google is handing the PDA market to Apple with its iPod touch. Microsoft had already left the PDA platform market after discontinuing Windows Mobile Classic (formerly Pocket PC) in favor of Windows Phone 7.

Re:

[teh31337one]

The min spec was created with phones in mind. If Archos want official access to the android market, they have to add in the camera, GPS etc like Samsung have done. And there is no PDA market. There's a phone market, and a market for PMP style multi media devices.

PMP with camera, GPS, etc. for $249?

[tepples]

If Archos want official access to the android market, they have to add in the camera, GPS etc like Samsung have done.

Is it possible to add such components and still come in close to the $249 price point?

And there is no PDA market. There's a phone market, and a market for PMP style multi media devices.

Then please allow me to rephrase: If Google doesn't set a minimum spec that's realistic for a PMP-that-runs-apps, then Google is handing the PMP-that-runs-apps market to Apple with its iPod touch.

Re:

[Trufagus]

This connection between 'openness' and Google messing up and letting a virus get through is a bunch of crap.

You can have an App Store that is 'open' but still blocks all virus and malware, and that is what Google is attempting to do - they just blew it this time.

Open can have many meaning, but in this case it includes stuff like allowing free competition - not blocking apps just because they go against the interests of the platform's sponsor or their buddies.

It does NOT mean that every single app posted to

Re:

[tepples]

So Google has an 'open' policy regarding what apps can put distributed in the market, even if they don't have an open policy regarding buyer access to the market.

To me, making it easier to sell apps than to buy apps sounds backward. Why is backward desirable?

Android is safer than iPhone..

[WarwickRyan]

Angy Birds, for example, collects a heck of a lot of personal information on the iPhone. Why? Because the user isn't warned about it. Their Android application has so far been much cleaner, mostly because Android asks the user to give the app permission to access certain data.

Link: http://www.observer.com/2010/media/angry-birds-and-other-must-have-apps-collect-more-personal-data-you-think [observer.com]

Re:Android is safer than iPhone..

[Ender_Wiggin]

Actually Apple DOES warn you, via the GPS icon in the top menu bar. In Settings, you can disable Location services for any specific app and see if it's accessed your location in the last 24 hours.

Re:Android is safer than iPhone..

[jscotta44]

Please stop using facts to correct Adroid fans. It really confuses them.

Re:

[PipsqueakOnAP133]

Oh right, everybody here seemed to have missed the fact that the Settings thing defaults to asking for permission every time any location data is requested.

Depending on the icon only means you explicitly told the OS to stop asking me everytime XYZ wants to get my current location (both coarse-grained wifi and fine-grained AGPS).

(To be honest, I don't even think the icon distinguishes between coarse/fine. I thought it's "any")

Re:

[R3d M3rcury]

You're somewhat correct. However, if you develop a "full screen app" (ie, one that does not have the status bar at the top of the screen), the user will not see the Location services icon.

So a game like Angry Birds could access the GPS without letting the user know.

Re:

[CheerfulMacFanboy]

So you're comparing the ability to opt out via settings which rarely anyone will look into, and a vague catch all GPS icon with an itemized list of activities an app performs before installation. Sorry but regardless of how you defend this one Apple sucks at this compared to Android.

Considering that on an iOS device also informs the user and asks for permission the first an app uses GPS - how does Apple suck compared to Android? Because it actually gives more information about apps using GPS to the user than Android? Too confusing for you?

Heck, Something as simple as changing your Android phone’s wallpaper or downloading a ringtone could transmit personal data about you, including your location, without your knowledge. [wired.com]. Android, not iPhone.

Re:

[Shadowmist]

Angy Birds, for example, collects a heck of a lot of personal information on the iPhone. Why? Because the user isn't warned about it. Their Android application has so far been much cleaner, mostly because Android asks the user to give the app permission to access certain data.

Link: http://www.observer.com/2010/media/angry-birds-and-other-must-have-apps-collect-more-personal-data-you-think [observer.com]

Not much of a distinction because if you don't agree you don't get to play.

Re:

[teh31337one]

That was a feature that was implemented for people who wanted an ad free version of the game. It would charge you via text message for it. BUT it was something they were not going to ad to the market version of the game. It did, and they fixed it by releasing an update the next working day.

Android security

[Anonymous Coward]

Is this the way Android security will be handled (after-the-fact cleanup via the marketplace)? It just seems to me that since the manufacturers don't seem to be too keen on supporting their handsets for longer than it takes them to get the next model out the door, and since the service providers like to sit on updates or block them altogether the actual vulnerabilities are unlikely to be fixed.

I was stupid enough myself to buy a Sony-Ericsson Android device only for them to basically drop it a month later, so presumably it will always be vulnerable to the holes used by this round of malware?

Certification

[Midnight Thunder]

What would be nice, is even if the market place is left open, there would be an option to pay Google to certify your application. The idea being that people can then choose between "certified" apps or uncertified ones. This would help give users some sort of reassurance, but still leave the choice option open.

As to the kill switch, does Google print a list of applications to which it was applied?

Re:

[Midnight Thunder]

Forgot to say that the certification process would include a set of API usage tests and behavior tests. No application developer would be forced to go through the process, but if the fee is low and on a yearly basis, then I imagine many develops would want to reassure the customer base.

Re:

[jelizondo]

Exactly my thoughts

Hopefully someone from Google is reading this thread; keep it open but allow those willing to pay a little extra security.

It won't work because many people will go for anything that is "free" or "cheaper", but at least you have an option.

Re:

[dragonturtle69]

This would be a good compromise.

Seems like a good standard

[gman003]

One of the things I noticed was "and contacting law enforcement about the attacks". I think that could be a pretty good standard to follow for using a remote-deactivation capability, to prevent it from being abused. "If it's serious enough to use a kill switch, it's serious enough that someone will be filing a lawsuit, and we're sure enough of it that we're reporting it to police (under threat of perjury)."

This is probably the best compromise. Obviously, some people would prefer no kill switch at all, while others would like the kill switch to be used on practically anything they don't like. If "serious enough and sure enough to sue" is the standard being used, it won't affect free speech (since, if you would be sued over it already, we've already lost that battle), and it makes accidents much less likely. Now, requiring that lawsuit to be won would make it even safer, but you run into the problem of it continuing to do damage for the years it takes to finally settle the suit.

Overall, I would like to see that standard officially written and adopted, even if it isn't made legally binding. It would make me feel a lot better about the existence of a kill switch, knowing that it will only be used in truly serious cases.

No compromise is necessary

[randallman]

A compromise is not necessary. At least not for situations like this one.

Consider something more like SSL's certificate revocation list. I know little about Android, but assuming it uses a software management system similar to Debian's dpkg, each software installation has a signature. For each repository (app store) the device uses, it would subscribe to an application revocation list. When an application is listed for removal the device could CHOOSE to remove the app OR NOT. I'm emphasizing choice, be

Re:

[gman003]

While that is probably a better solution, freedom-wise, it also ignores one simple truth:

User-friendliness.

Android, although based on Linux, is not Linux, and is not made for the type of person who uses Linux. It is made for the type of person who uses a cell phone. Most of them, on seeing a "The application 'AnnaKournikovaPics' has been disabled for security reasons", is more likely to click "Re-enable anyways" than "Why was this disabled?". Thus, the malware would not be removed; in the case of some

Google's responsibility

[krizoitz]

If smartphones were only owned/used by tech savvy people like most of us commenting/reading here, then their hands off approach to the Android Marketplace wouldn't be such a big deal, but thats not the case. Google and the carriers are marketing Android as an OS not just for the nerds but for everyone, because of that I think Google bears responsibility for what happened. Their hands off policy in the Android Marketplace pu users at significant risk for this malware in the first place, and does nothing to prevent it from happening again. Openness has its advantages, but those advantages are primarily useful to a select few. MOST users want a smartphone that is easy to use and lets them do things like browse the internet, check e-mail, consume media and play some games. MOST users are not tech savvy, and therefore MOST users aren't even going to know what to look for to try and avoid malware like this. Whats worse is that MOST users think Google is a trustworthy company so they will assume that the official Android Marketplace that ships on their phones and is provided by Google is a safe place to obtain apps. As we have found out recently, that is far from the truth. Google's free-for-all marketplace approach is harmful to average users. I'm not saying that the answer is to lock down Android to he same extent that Apple and Microsoft have done, but the totally open Android Marketplace should be an alternative, not the primary source. As the provider of the experience Google needs to set up a trusted marketplace where they put more scrutiny and oversight into apps and make THAT the default experience for the user. From within that marketplace Google could offer access to the untamed wilds that currently exist today, but MOST users wouldn't need to venture into that space, and would therefore be at far less risk than they are now.

within minutes?

[Bram Stolk]

Google:
Within minutes of becoming aware, we identified and removed the malicious applications.

But from the comments in the blog post, we can read that:
This is where the problem is. You became aware because someone had a contact inside Google who alerted to right people.
According to one of the developers of the hijacked applications, he had tried for almost a week to get in contact with someone through the normal channels to correct the situation.
I am sorry if I sounds harsh, but Google are a master of data processing, and surely you should be able to pick up a distress call from a developer within hours instead of a week.

Re:within minutes?

[Tacvek]

Google's biggest weakness is that they have virtually no support channels. They have a small number of email addresses/forms that can be used for that sort of thing, but the huge number of messages they get means those have huge backlogs. They have Groups for some topics, but my understanding is that many have nobody who is tasked with reading them, so messages only get read sporadically. (Like Dianne Hackborn is known to respond to messages on the Android Groups, but she is busy enough with Android development that she probably does not manage to read all or even most of he messages posted.)

Did they ask first?

[Kittenman]

Just wondering ... if Google remotely trashed people's appns without checking, then what we have here is not ownership of the phone, but a licence-to-use. It's up to people to do what they want with the phones, surely... even if they want to download "malware" (purposefully in quotes).

Of course if it's in the terms-and-conditions of connecting to the provider, that's something different. But otherwise ... heck, if I want to doodle on my copy of 'The Brief history of time', that's my affair. Not the publishers, or Hawk's.

Brave new world

[devent]

Welcome in the brave new world, where devices you bought don't belong to you anymore. Amazon remotely deletes bought books, Sony sues hackers that modifying their own PS3s, Microsoft threats to sue everyone who tries to use their Kinec with not approved means, and now Google remotely deletes applications and installs new ones.

Is that the future of computing?

Re:

[devent]

It's all relative what "possible" means. The current state is that only for few geeks it's "possible". The iPhone, Android, Windows Mobile, and certainly in the future Meego are all nice locked in. Sure, you can unlock the iPhone and WM, and you can use a different market or no market for the Android. In the case of the iPhone and WM you loose your warranty if you do it and Android is locked down from the cell phone manufactures or carriers.

I wonder how people would react if Microsoft decides to delete soft

*Only* Information

[healyp]

FTFS: "we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI..."

Only the IMEI/IMSI!? You know only the things that uniquely identify YOUR phone among millions, and two pieces of information that are necessary required to clone a phone or SIM.

The attackers only got those, they weren't able to get anything important like facebook logins or anything...

"Finally"?

[Cyberllama]

As if we were all waiting on them to do this? You do understand a) this is the second time they've done this and b) all previous malware "threats" were theoretical attacks and demonstration apps -- not "in the wild" maliciously-intended exploits? The last time they did it was to remove an app created by a security researcher that could theoretically do all sorts of malicious things just to see if people would install it despite the warnings.

Where does "finally", figure into this -- except by way of yellow

Re:Way to go!

[Anonymous Coward]

And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.

Re:Way to go!

[Anonymous Coward]

And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.

it didnt stop that flashlight app which doubled as a tethering tool - explicitly against apples rules at the time from getting approved, why would it stop malware?

Re:

[Ender_Wiggin]

Apple takes the submitted app and runs it to see if it calls any prohibited APIs. Also they check if it accesses any data without authorization, such as when Apple blocked apps from using an ad framework that took too much OS data about its users.

Re:

[Bert64]

And they didn't catch the tethering app, what makes you think they would catch malware?
Malware could simply do something mundane until after Apple have done their tests, and then activate its malicious functions later down the line when lots of users have it installed.

Re:

[omglolbah]

1. Add time trigger to make the app only access bad stuff after a certain date or have it fetch a trigger from some server...
2. Turn over binary to apple.
3. Get verified.
4. flip switch
5. ???
6. Profit?

Re:

[mean pun]

The fact that the protection doesn't stop 100% of malicious apps doesn't mean it is not effective.

Re:

[dr2chase]

It's not effective enough, though it depends a lot on your threat model. Given that nation-sponsored malware has now been deployed and observed, and I think we need to be more careful.

Re:Way to go!

[DavidinAla]

The fact that Apple's approval process isn't PERFECT at stopping everything doesn't mean that Google's policy of stopping NOTHING until a quarter of a million people have already downloaded the malware is a good idea.

Re:

[CheerfulMacFanboy]

And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.

it didnt stop that flashlight app which doubled as a tethering tool - explicitly against apples rules at the time from getting approved, why would it stop malware?

Of course the real question is: if it isn't the walled garden, what else stops malware on iOS? And how can Android use that?

Re:

[Anonymous Coward]

The reason for Apple's 'Walled Garden' has little to do with security, and Everything to do with control.

Re:Way to go!

[thetoadwarrior]

Well yes you're right. Control is needed to try and attempt to keep quality high both in content and coding and to help keep security high.

Mobiles are different from desktops and I think resorting to virus scanning on mobiles would be awful. While Apple's approach is by no means perfect it is actually looking like the best solution. I just don't bother with the app market for my Android. There is a lot of shit in the market to sift through and while being concerned with how many apps ask for all sorts of permissions we're now finding out that actually a lot of bad stuff is getting through and not being found straight away.

I do think my next phone will be an iPhone. The games are definitely better and until Google proves to at least be more proactive on filtering out the rubbish then I just can't trust the apps and what is the point of a smart phone without apps?

If Google can tell me what the app needs access too then surely there is some way they could come up with a system that flags apps ask having questionable requirements and requiring someone at Google to personally review it before it makes it onto the market.

When you want people to tie all their personal information and even payment methods (ie Google Checkout) to a device it needs to have some sort of security. It is not good enough to kill it after it's been downloaded a quater of a million times. Alternatively they can come up with some sort of mobile virus / malware scanner and risk complaints about battery life and performance.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Haven]

What does this even mean? Apple wouldn't use their total control over their devices to remove malware from them? Of course they would, and they should!

Re:Way to go!

[CheerfulMacFanboy]

Because we know that Google has the guts to be controversial and do this, while Apple probably wouldn't.

So Apple got attacked when people heard the iPhone had a "kill switch" for apps - and then Google gets cheered on for actually using theirs on Android many times over - and then Apple gets attacked for not using theirs once?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[PipsqueakOnAP133]

Jailbreak, download all the apps from Cydia, setup wireshark, and let us know.

App Store apps can't get the IMEI.