Google remotely wipes apps off Android phones

[CommanderFrank]

Google has been live testing an app removal program for the Android phone. It gives Google the ability to remotely remove malicious applications installed through Android Market.This can be a very useful safeguard to protect the Droid against attack, but, could also be a indication of what control an application provider can hold over the end user.

This marks the first time Google has used the Remote Application Removal Feature that allows the company to delete apps for security reasons that have been installed through Android Market.The apps were proof-of-concept programs designed to test the feasibility of distributing a program that could later be used to take control of the device in an attack, according to Jon Oberheide, the developer who wrote and distributed them.

 

[DonInKansas]

*Cue the folks in tinfoil hats citing a world takeover*

 

[NKDietrich]

As long as it's "malicious applications" and not "applications that conflict with Judeo-Christian moral values" that's cool with me.

 

[yang88she]

wrapping tin foil around my evo 4 G...oh wow, I have better internets!

 

[Neb]

One thing to note is the fact that this only applies for Android Market apps. If that particular app is downloadable online and you still wanted it, then you can go reinstall it from the internet rather than the market. Or if you prefer to be super paranoid, only install apps from the internet and not from the Android Market.

 

[Mchart]

You gotta love the duality some people show towards stuff like this.

Apple tried doing this with iPhone apps not to long ago, and people got into an uproar.

Google does it and no one cares.

 

[niconx]

Yet another reason why "cloud" computing will never take over.

 

[TheDeek]

You gotta love the duality some people show towards stuff like this.

Apple tried doing this with iPhone apps not to long ago, and people got into an uproar.

Google does it and no one cares.

Apple does it to items that may or may not be malicious, they pull back apps because they feel like it or somebody complains enough about the content of an app or if it violates their draconian terms of service.

Google on the other hand has only done it in cases where the app is malicious or violates their rather laissez faire terms of service.

It's not a duality, the two companies have vastly different approaches to their App markets.

 

[TheDeek]

Remote Application Removal Feature? really? RARF?

"Awww man, my iBoobs app totally got RARF'd!?!?!"

 

[Weenis]

Apple does it to items that may or may not be malicious, they pull back apps because they feel like it or somebody complains enough about the content of an app or if it violates their draconian terms of service.

Google on the other hand has only done it in cases where the app is malicious or violates their rather laissez faire terms of service.

It's not a duality, the two companies have vastly different approaches to their App markets.

Please, your logic laden response will fall upon deaf ears.

Silly you.

 

[NKDietrich]

You gotta love the duality some people show towards stuff like this.

Apple tried doing this with iPhone apps not to long ago, and people got into an uproar.

Google does it and no one cares.

See my post above. Apple will remove apps because it doesn't comply with their moral standards or because they simply don't like them. I'll start bitching about Google when they start deleting apps at random and start playing content police.

 

[Etherton]

wrapping tin foil around my evo 4 G...oh wow, I have better internets!

but that would kill the reception... oh wait you said EVO 4G not iPhone 4.

Carry on...

 

[Zellio2010]

My head is full of sinus and I read the title as 'Google remotely wipes ass on android phones'...

 

[phide]

Apple does it to items that may or may not be malicious, they pull back apps because they feel like it or somebody complains enough about the content of an app or if it violates their draconian terms of service. Google on the other hand has only done it in cases where the app is malicious or violates their rather laissez faire terms of service.

This isn't about the app markets but about app kill switches. Google is remotely removing apps from users' phones via their remote removal protocol. Apple, so far, has only removed apps from its own store.

Both platforms have application kill switches. Apple, however, has not used theirs.

 

[dyzophoria]

but it has to be for the good for all since google is doing this and not apple

 

[kllrnohj]

You gotta love the duality some people show towards stuff like this.

Apple tried doing this with iPhone apps not to long ago, and people got into an uproar.

Google does it and no one cares.

Because there is one extremely important difference. With iOS, the app store is the *only* way to get applications. With Android, that isn't true. The remote removal *ONLY* applies to apps downloaded via the Market. Apps installed through any other means (web browser, sd card, etc...) *cannot* be remote removed.

Thus, people don't care because if Google starts abusing this, someone will come along and create their own marketplace to compete with Google's.

In short, the difference is Apple has complete control over what you can and can't install, whereas Google only has control over the marketplace, which is but a single channel to getting apps on Android.

This isn't about the app markets but about app kill switches. Google is remotely removing apps from users' phones via their remote removal protocol. Apple, so far, has only removed apps from its own store.

Both platforms have application kill switches. Apple, however, has not used theirs.

Apple, however, censors the only method of getting apps. Google has no such ability.

 

[FallOutBoyTonto]

its also been discovered that Google can remotely install apps as well as removing them...

 

[Mchart]

See my post above. Apple will remove apps because it doesn't comply with their moral standards or because they simply don't like them. I'll start bitching about Google when they start deleting apps at random and start playing content police.

This has nothing to do with the news article.

When apple kills an app in the app store it's out of the app store. However, it does not remove it from someones device, nor does it remove it from their computers own library. I still have 'Tris' even though it was removed from the app store.



As for people saying the app store is the only means of availability - Technically, yes. However, anyone who is willing to use an Android phone can just as easily get an iPhone and jailbreak it. A jailbroken iphone can get apps from more places then just the app store. So I don't really see that argument as valid.

Yes, there is a major duality crisis going on here.

I own both products, and it gets a little sickening seeing so many people bash Apple for what amounts to basically nothing, but giving Google and Android free reign simply because it's cooler for all the little wanna-be nerds to jump on the Google bandwagon and bash Apple.

 

[Derangel]

This isn't about the app markets but about app kill switches. Google is remotely removing apps from users' phones via their remote removal protocol. Apple, so far, has only removed apps from its own store.

Both platforms have application kill switches. Apple, however, has not used theirs.

Apple hasn't had to use theirs as their insane app approval process can catch this stuff. That would be one good thing about the approval process. Google doesn't really approve apps for the Android market so that would be why they had to use it. As far as I know, Google has yet to randomly remove things from the Market Store for no apparent reason. Apple likes to do this on top of never explaining what they will and won't accept and their code of conduct for apps seems entirely based on what they feel like doing from one moment to the next. That is why Apple gets shit for their policies.

 

[tazeat]

Don't screw this up Google.

I still couldn't imagine owning an iPhone without a jailbreak.... Just as I don't own any Android phones without root...

 

[Cored]

This has nothing to do with the news article.

When apple kills an app in the app store it's out of the app store. However, it does not remove it from someones device, nor does it remove it from their computers own library. I still have 'Tris' even though it was removed from the app store.



As for people saying the app store is the only means of availability - Technically, yes. However, anyone who is willing to use an Android phone can just as easily get an iPhone and jailbreak it. A jailbroken iphone can get apps from more places then just the app store. So I don't really see that argument as valid.

Yes, there is a major duality crisis going on here.

I own both products, and it gets a little sickening seeing so many people bash Apple for what amounts to basically nothing, but giving Google and Android free reign simply because it's cooler for all the little wanna-be nerds to jump on the Google bandwagon and bash Apple.

+1

I can't tell if it's willful ignorance or just stupidity.

 

[kllrnohj]

As for people saying the app store is the only means of availability - Technically, yes. However, anyone who is willing to use an Android phone can just as easily get an iPhone and jailbreak it. A jailbroken iphone can get apps from more places then just the app store. So I don't really see that argument as valid.

That argument is complete bullshit. Anyone willing to use an Android phone can just as easily jailbreak an iPhone? Bullshit. Pure and simple bullshit. Android is just as easy to use as iOS, and jailbreaking is not easy. Jailbreaking also involves you in a never ending struggle to stay one step ahead of Apple, not to mention you *can't* jailbreak new phones immediately. I've got an iPhone 3GS I'd love to jailbreak, and guess what? I can't. Hack isn't available for it yet.

So I don't see your counter-argument as anything close to valid. It is absolutely ridiculous.

I own both products, and it gets a little sickening seeing so many people bash Apple for what amounts to basically nothing, but giving Google and Android free reign simply because it's cooler for all the little wanna-be nerds to jump on the Google bandwagon and bash Apple.

Apple has repeatedly censored apps for no apparent reason and then caved in to public outcry - how is that "basically nothing"? I'm certainly not giving Google free reign, which is why I bought an Android phone in the first place - because Google *doesn't* control it. And let me point out that so far Google hasn't abused its remote kill. So far Google has *only* remote killed apps that weren't doing what they were supposed to. So far in the abuse race, Apple is still king of the hill by far - unchallenged, even.

 

[phide]

So far in the abuse race, Apple is still king of the hill by far - unchallenged, even.

Both companies are doing what they need to do to in order to protect their users, yet going about it in different ways. Apple is being proactive. Google is being reactive. Apple is restricting your choices, but Google is giving you the freedom to choose.

Which is better? That's a question I can't answer.

 

[TexUs]

Two things.

1) Android can be set to block this stuff. It's like Windows. Generally, you can do whatever you want to do...
2) Google is very free in their apps. When they use this power, I'm sure it's got to be some VERY cruddy stuff (last time I heard of it being used, it was a "test" application that a developer put out... not useful for anything)

Not really defending it, but this is better than Amazon deleting books you paid for and enjoy...


Now, FWIW... Malicious Apps can (and have) gotten through Apple's App Store. There's currently a class action suit against a company that harvested iPhone contacts for an unknown reason... And Apple approved the App.
What Apple checks for is restricted APIs. As long as that's OK, you sail through the approval process. Apple's approval process isn't for helping the user, it's for helping Apple (to make sure nobody creates a better Bluetooth app, or a better Voice app, etc).

Whereas with Google's fine-tuned security controls, Android can actually be a bit more secure.

Why malicious software isn't on either platform as a problem (that we've yet seen)... Is both Google and Apple verify the developer. Nobody is going to submit a malicious app when Google or Apple know exactly who you are and where to find you.

 

[slayer9019]

kinda scary.......

 

[kllrnohj]

Both companies are doing what they need to do to in order to protect their users, yet going about it in different ways. Apple is being proactive. Google is being reactive. Apple is restricting your choices, but Google is giving you the freedom to choose.

Which is better? That's a question I can't answer.

Google is protecting users from malicious apps.

Apple is protecting users from controversial ideas. Heaven forbid if there is a woman's tit in an iOS app or political commentary.

Two different kinds of "protecting". Google is actually protecting its users from harmful apps (so far), Apple is engaging in blatant censorship. That isn't protection, not even close.

As for which approach is better, that is without a doubt Google's. You just questioned whether or not free speech is better than censorship, and came to the conclusion that you don't know.

 

[phide]

Stop acting so hopelessly melodramatic for a moment and consider what I'm saying. You've no doubt read the iPhone SDK agreement, so you know (roughly) what apps are prohibited from inclusion from the App Store and which are not. Along with the prohibition of nudity and apps that duplicate base iPhone functionality are apps that are malicious. The consequence to this "curated" application marketplace is that, along with the prohibition of malicious apps, you have to tolerate Apple's censorship and occasional feature crippling. As an iPhone user, I'm more than well aware of these issues but have accepted them as negative aspects to an otherwise overwhelmingly positive experience I've had with the platform.

So, Apple has the capacity to prevent applications that are malicious from being installed on users' phones (and also the capacity to flip the kill switch on apps that somehow get through the approval process anyway, like Google) because of their approval process. They also prohibit apps for various other reasons (the censorship aspect).

300+ users installed the apps Google killed a couple days ago. With a process to prevent apps of that nature from making it to the Marketplace, that number could have been zero. I have no quarrel with Google's approach — they've taken the route they've taken because they have a certain perspective on mobile computing that doesn't dictate holding users' hands — but what I'm suggesting is that there is no "best way": it differs from user to user depending on that user's needs and that user's expectation for the behavior of applications he downloads from each platform's app marketplace. Neither platform is without flaw in this respect.

 

[TexUs]

300+ users installed the apps Google killed a couple days ago. With a process to prevent apps of that nature from making it to the Marketplace, that number could have been zero.

The App would have passed through Apple's App Store, too.

Short of a full on App Audit, neither company can stop malicious apps.

 

[kllrnohj]

Stop acting so hopelessly melodramatic for a moment and consider what I'm saying. You've no doubt read the iPhone SDK agreement, so you know (roughly) what apps are prohibited from inclusion from the App Store and which are not. Along with the prohibition of nudity and apps that duplicate base iPhone functionality are apps that are malicious. The consequence to this "curated" application marketplace is that, along with the prohibition of malicious apps, you have to tolerate Apple's censorship and occasional feature crippling. As an iPhone user, I'm more than well aware of these issues but have accepted them as negative aspects to an otherwise overwhelmingly positive experience I've had with the platform.

The problem with that is the rate at which Apple changes the iPhone SDK agreement. If you bought an iPhone 3GS at launch, you've seen the agreement updated and restricted even further several times over the past year.

Also, the approval process and censorship has *nothing* to do with protecting users from malicious apps. It is Apple exploiting its position to prevent 3rd party apps from competing with Apple.

If you are OK with that, great, but to try and spin it as beneficial to users or protecting them from malicious apps is just weak.

300+ users installed the apps Google killed a couple days ago. With a process to prevent apps of that nature from making it to the Marketplace, that number could have been zero. I have no quarrel with Google's approach — they've taken the route they've taken because they have a certain perspective on mobile computing that doesn't dictate holding users' hands — but what I'm suggesting is that there is no "best way": it differs from user to user depending on that user's needs and that user's expectation for the behavior of applications he downloads from each platform's app marketplace. Neither platform is without flaw in this respect.

Apple's approval process wouldn't have caught this, nor will it catch malicious apps. They receive waaaay too many apps to do anything remotely close to a thorough inspection. They run it through a tool, flip through some screens, and flip a coin on whether it should be approved or denied.

 

[TexUs]

The problem with that is the rate at which Apple changes the iPhone SDK agreement. If you bought an iPhone 3GS at launch, you've seen the agreement updated and restricted even further several times over the past year.

If the updates correlate to the iTunes TOS updates, there's probably a new one out every week... When you update it that often you can't have expectations for anyone to actually read it.

Also, the approval process and censorship has *nothing* to do with protecting users from malicious apps. It is Apple exploiting its position to prevent 3rd party apps from competing with Apple.

EXACTLY true.

Apple's approval process wouldn't have caught this, nor will it catch malicious apps.

Again, exactly right.

They receive waaaay too many apps to do anything remotely close to a thorough inspection. They run it through a tool, flip through some screens, and flip a coin on whether it should be approved or denied.

They aren't exactly flipping a coin on whether to approve or deny it. They DO flip a coin on whether it's malicious though. They check for usage of restricted APIs (IE, "Does it compete with our stuff???") and that's about it.

 

[Azhar]

Both companies are doing what they need to do to in order to protect their users, yet going about it in different ways. Apple is being proactive. Google is being reactive. Apple is restricting your choices, but Google is giving you the freedom to choose.

Which is better? That's a question I can't answer.

We already know the answer, actually. It took Microsoft awhile to figure that out too. (read: UAC, sandboxing, Defender, default to standard user)

Google's making the same mistakes Microsoft did in the past, giving people too much freedom to publish apps. Look what happens when a virus hit Windows. What's the first thing it do? It modifies your HOSTS file and adds a DNS to an infected server and makes your browser and antivirus program redirect to a dead link when trying to update it, and most importantly, it disables any abilities to use your anti-virus software.

You can probably count on malicious app makers to disable any ways to remove it, including cutting ties to Google's killswitch.

Personally I don't see Apple's method to be any different from Freshmeat.org, Codeplex.com and Sourceforge.net. You cannot post malicious apps on there either and you don't see anyone complaining about it.

 

[phide]

The App would have passed through Apple's App Store, too.

I'm not so certain. There's certainly a great deal we still don't know about the approval process. To assume that it doesn't include any kind of basic checks for malicious behavior, when Jobs has commented specifically that malicious/misleading applications are not welcome and that Apple checks for that, is assuming a bit too much.

Also, the approval process and censorship has *nothing* to do with protecting users from malicious apps. It is Apple exploiting its position to prevent 3rd party apps from competing with Apple.

I certainly don't recall saying that censorship had anything to do with protecting users from malicious content (they are not directly related). However, there are types of applications that are restricted from inclusion in the App Store: malicious applications, applications that duplicate core iPhone functionality and applications that contain nudity, graphic violence and so forth. As I said, it's all in the agreement. A lot of the wording is horribly vague, certainly, but it's most assuredly there.

If you are OK with that, great, but to try and spin it as beneficial to users or protecting them from malicious apps is just weak.

I suggest you re-read any of my posts you did not fully understand, because I don't think I'm spinning anything here. If you need clarification, ask.

If the updates correlate to the iTunes TOS updates, there's probably a new one out every week... When you update it that often you can't have expectations for anyone to actually read it.

To my knowledge, the section I'm referring to hasn't changed.

They check for usage of restricted APIs (IE, "Does it compete with our stuff???") and that's about it.

According to whom? We have no idea how many apps have been rejected due to containing malicious code, if any. Apple's been incredibly secretive about what the approval process specifically entails, much to the frustration of countless developers. Does Apple have the capability to reject malicious apps, however? Yes. Certainly they do have that capability: their method and infrastructure allows for it. Google could have that same capability but currently doesn't, as I understand it, which demands a reactive approach to addressing malicious applications in the marketplace and in the wild. Simple as that.

 

[TexUs]

We already know the answer, actually. It took Microsoft awhile to figure that out too. (read: UAC, sandboxing, Defender, default to standard user)

Google's making the same mistakes Microsoft did in the past, giving people too much freedom to publish apps. Look what happens when a virus hit Windows. What's the first thing it do? It modifies your HOSTS file and adds a DNS to an infected server and makes your browser and antivirus program redirect to a dead link when trying to update it, and most importantly, it disables any abilities to use your anti-virus software.

UAC protects the system. It won't do squat to stuff running in userspace.

Android does the same. Everything on the device that you interact with is generally running with the user token.
Running the wifi hotspot app requires root access. Hence where we get "root the phone" from... You have to gain root access to get those apps for free.

Google, in other words, has already implemented UAC.

I'm not so certain.

I am.
There's a class action suit going on because Apple passed an App through that harvested everyone's Contacts. Nobody really knows why it was harvested but that's besides the point.

It happens. Apple is not checking for what the Apps actually DO, but rather for what they USE ("Do they use our APIs???")

 

[TexUs]

Google, in other words, has already implemented UAC.

And, just as with UAC, if you allow an App access to all your stuff: that's your fault.

The only way to prevent that is hand-holding, which nobody wants.

 

[TechLarry]

I had to do a double-take. When I first read the headline, I thought it says "Google remotely wipes ass".

 

[beowulf7]

A commenter on CNET said it best: "The fun will start when some hacker figures out how to do this."

 

[kllrnohj]

A commenter on CNET said it best: "The fun will start when some hacker figures out how to do this."

If we assume Google is simply doing the basic HTTPS with a valid cert, then a hacker would have to hack into the market servers.

And if they hack into the market servers, why would they bother with remote wipes when they can just start siphoning off money?

I had to do a double-take. When I first read the headline, I thought it says "Google remotely wipes ass".

I lol'd

We already know the answer, actually. It took Microsoft awhile to figure that out too. (read: UAC, sandboxing, Defender, default to standard user)

Google's making the same mistakes Microsoft did in the past, giving people too much freedom to publish apps. Look what happens when a virus hit Windows. What's the first thing it do? It modifies your HOSTS file and adds a DNS to an infected server and makes your browser and antivirus program redirect to a dead link when trying to update it, and most importantly, it disables any abilities to use your anti-virus software.

You can probably count on malicious app makers to disable any ways to remove it, including cutting ties to Google's killswitch.

No, just no. You clearly have no clue how Android's permission system works.

I would *love* to see a similar permission system on a PC. It would be awesome and pretty much eliminate 99% of viruses overnight.

Personally I don't see Apple's method to be any different from Freshmeat.org, Codeplex.com and Sourceforge.net. You cannot post malicious apps on there either and you don't see anyone complaining about it.

Because that isn't what people complain about. People complain about Apple's draconian censorship and unability to install apps via an uncontrolled channel. If the approval process was only about preventing malicious apps no one would give a damn. People would actually be happy about it.

 

[Azhar]

No, just no. You clearly have no clue how Android's permission system works.

I would *love* to see a similar permission system on a PC. It would be awesome and pretty much eliminate 99% of viruses overnight.

So instead of acting all superior and shit why don't you explain it to me so I would have a clue next time discussions like this come up, huh?

 

[Sobek]

Sounds like this could be good in theory but is probably overkill. I installed Antivirus on my Droid a few months back and it said one of my apps was malicious. Looked it up online and sure enough it was. Uninstalled on the spot. It scans all my apps adn the updates before I install them so I dont really worry about it. Astro file manager backups FTW as well if you (or Google) delete an app you want to reinstall later. I've used this many times once I've learned that an update included ads that were intrusive to the app.

 

[beowulf7]

If we assume Google is simply doing the basic HTTPS with a valid cert, then a hacker would have to hack into the market servers.

And if they hack into the market servers, why would they bother with remote wipes when they can just start siphoning off money?

...

Android users can only hope that's a valid assumption. Also, some hackers may not have thievery in mind as in stealing money but might more vandal-oriented where they just want to mess around w/ apps, kind of like a proof of concept or something they can brag to peers about in the underworld.