Google Exercises Mobile Authority, Remotely Nukes Apps from Android Phones
Google Exercises Mobile Authority, Remotely Nukes Apps from Android Phones
Posted 06/28/2010 at 5:10am
| by Paul Lilly
15
Comments
Print
For the first time ever, Google has gone and pushed the big red button labeled "Remote Application Removal." In doing so, the sultan of search remotely wiped out a pair of free apps from hundreds of Android smartphones, and felt justified in doing so because the apps ran afoul of Android's Terms of Service (TOS), Google said.
Jon Oberheide, the developer who coded the apps and voluntarily removed them from the Android Market after Google asked him to, described the software as proof-of-concept programs. Oberheide says he wanted to find out if how difficult (or easy) it would be to distribute apps that could later be used to launch an attack and seize control of handsets.
"An attacker who develops legitimate-looking apps and distributes them on the Android Market could gather a large install base and if there was a vulnerability within the Android operating system or Linux (upon which Android is based) the attacker can phone home to see if there is an exploit to download and push it out to all the phones he controls and take complete control of the phone via the kernel," said Oberheide, who works at a security start up called Scio Security.
Those who installed one of Oberheide's apps -- one of which was disguised as a preview of the Twilight Saga: Eclipse movie -- received a message that read "Hello World."
While Oberheide's apps were harmless, they could have just as easily been malicious. This all begs the question, should Google have exercised, or ever exercise, its right to push the big red button and nuke your apps from afar? Users seem split on this one, with some saying it's no big deal, while others are downright pissed that Google would use its authority on harmless apps.
What's your opinion? Tell us what you think in the comments section below.
More like this
15
Comments
Comments are closed on this article
MrBlonde81
June 28, 2010 at 2:54pm
I wouldn't want an app installed on my phone, that could be/intended to be malicious. That said, I didn't have the any of the apps that were removed.
I do keep track of what apps are updated, but rarely just let everything auto update. I also remove apps that don't work, (so if I did download that Twilight app, it'd be removed after the first attempt) so I won't be affected by having a useless app on my phone.
What would happen if a legitimate app then adds malicious code? Does my Droid's Free Wallpaper app get remotely removed? Sure! What if it's an app I paid $1, or $5 for? Well my answer is less enthusiastic and depends on the answer to "Is google going to give me a refund?"
PawBear
June 28, 2010 at 12:40pm
Caboose, this is an addendum to my earlier comment. Maybe someone can enlighten me on how to respond to other comments. I haven't figured it out.
My suggestion that Google inform it's user base first before pulling an app is dependant on sites like this. Not everyone would know, but it would at least appear transparent. I would wonder if they couldn't build this kind of communication directly in the os, or is it already?
"Either we conform the Truth to our desires or we conform our desires to the Truth."
Caboose
June 28, 2010 at 1:07pm
below the post is a little speach bubble with a + in it. That's the reply option.
As for your suggestion about them posting it on websites like these. It'd be very difficult to get all tech sites to release the info at the same time, all over. Plus not everyone reads these sites. And at times, some people don't really have much access to the net. It'd be almost like Dodge posting a recall on 'Motor Trend's website'. You wouldn't think to visit Motor Trend's website to check for product recalls.
I guess Google could post something on all Google homepages. A red box with text in it that reads "ANDROID MARKET NOTICE: Product X has been removed from the market and will be removed from all Android handsets due to 'Reason Y'. Click here for more information'
-= I don't want to be dead, I want to be alive! Or... a cowboy! =-
PawBear
June 28, 2010 at 5:22pm
Ahhhhh... Thank you. I had to turn off AdBlock Plus to see it.
"Either we conform the Truth to our desires or we conform our desires to the Truth."
Albuca
June 28, 2010 at 12:21pm
I completely agree with Google's course of action on this one. It’s why the
big companies have the big red button in the first place. At least they were
smart and told people this is what we did, and this is why we did it.Personally, I'm not expecting the same transparency from Jobs. It’s known
that Apple has a kill switch, but as far as I know, the public has never been
told if it has been used or not.Sore 1 for Google, 0 for Apple (probably won’t ever change)
MdX MaxX
June 28, 2010 at 12:08pm
Google should have the power to quarantine malicious apps, but the user should still have control over whether to delete the app or unblock it and keep using it. I know that there's a slim-to-none chance that Google would mistakenly pull an app, but I'm all for giving the user as much control as is practical, even if the user doesn't really need that level of control.
PawBear
June 28, 2010 at 9:40am
Would Google retain more credibility had users been informed first? Explanations can go a long way to preventing upset.
*** "Either we conform the Truth to our desires or we conform our desires to the Truth." ***
Caboose
June 28, 2010 at 10:19am
That can get kinda tricky, mass SMS? But what about those that don't subscribe to any sort of SMS feature, or have it blocked?
Could email everyone? But then people will start bitching about privacy concerns. And phone calls are out of the question.
Unless Google has a method of issuing important/critical messages/alerts to all Android users regardless of what Android OS they're using (official builds, or mods).
-= I don't want to be dead, I want to be alive! Or... a cowboy! =-
TheZomb
June 28, 2010 at 3:02pm
A notification within the OS saying an app was removed. If they have system to remotely remove an app they can implement one to tell you about it.
Alphadog
June 28, 2010 at 8:32am
Just like Microsoft, Google now has numerous operating systems for many devices. Both companies are responsible for the quality and integrity of their software which reflects on their brand name. Microsoft tries to squash viruses and rootkits with security updates, monthly signature updates and other removal tools. In my opinion, Google is trying to do the same by means of remote access to OSes on mobile devices.
Kudos to them for implementing this feature--as long as they don't abuse it.
Caboose
June 28, 2010 at 7:02am
This shouldn't be an issue. If an app goes against the ToS, and/or is found to be malicious, Google should have every right to remove it from the market and Android handsets without a second though.
-= I don't want to be dead, I want to be alive! Or... a cowboy! =-
Aviar
June 28, 2010 at 6:47am
Being an android user, I think that in certain instances like this, it's ok to push the button on apps. Devs that do this type of thing should be banned from releasing anything further on the marketplace though. There's no need for someone to be releasing apps like this. Gives everyone in the open source community a bad name.
Remember, don't take life too seriously. You won't make it out alive anyways.
bigdog9586
June 28, 2010 at 5:53am
Didn't someone do that with a movie or something and then agreed to credit those that it did it to.
azathir
June 28, 2010 at 6:17am
Amazon remotely deleted a couple of ebooks from users' Kindles. Quite a different situation considering these apps had absolutely no functionality whereas those books obviously did.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 12 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 12 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 10 hours ago
