Agreed - Its needed.

Its a balance to be sure, but you have to give your apps an unreasonable amount of trust tbh.

I actually hope that Google do scan the crap out of anything that hits the Market and kills anything suspicious.

If I didn't trust Google, (more or less ;-) then I wouldn't be using an Android now would I? D'oh!

There have been a few apps that said they needed access to my contacts (which is way out of line) which I binned... but how many less technical users will think twice?

HTC Desire ftw! LOL.

How About ...

... it's mine. I paid for it. I'll fuck it up any way I want to since I do own it. No questions asked, no conference calls, no dirty looks just me an my hammer reconfiguring my property any way i want. Or installing what software I want no matter how it wrecks my property.

Oh I forget, it's the digital age and we don't own property any longer. We just rent it. Kind of like beer. You only rent it too then piss it away. But if I wanted to, I could buy a six pack and pour every drop down the drain. But I'll just be damed if I'll ever buy a product from an brewery that will pours it down the drain for me without asking for permission first.

Re: Arguably...

That was going to be what I researched before commenting. Is the vetting process with Android as strict and scrutinising as it is with Apple?

I completely agree with you.

@Alistair and others ...

... your argument tends towards "The OS manufacturer knows best", and "People need to be protected from themselves". No doubt, then, when later versions of your favourite OS have kill switches so that you cannot install whatever software you want because it hasn't been "approved", you'll be as much in support?

The installation of a kill switch into something you have bought, thus retaining to the manufacturer control over it, undermines the whole nature of ownership. It should not be tolerated, and actively fought.

Its a feature not a bug - firefox AMO has the same ability

Its needed in case a bad on slips through.

Not rocket science.

So you like to be treated as an ignorant irresponsible money bag ?

Because there is no reason for them to REMOVE the app.

They could, for instance flag it to display a message at launch explaining the potential problem and asking for removal or not, THAT would be talking to me like an human and respecting MY property.

Again, that would you say if your car dealer came into your house, cracked open the garage and took whatever he wants in "your" car ? (he is covered it is line 18 of your 25 page "contracts" that says that you pay for the care but he still owns it, you know the one ? )

How come that the fact it "seems" immaterial makes any such thing acceptable ?

Something that is build is mean to be used, or you don't build it.

And humans there NEVER able to resist using anything they built, so .... it will be used and used and abused.

Again the problem is that with people like you quitting from exercising any responsibility and judgment and happily delegating judgment about what is "good" or "bad" to a third party (here a business company), and even saying thanks when they are invaded and stolen from, people like "me" and all the ones that can't tolerate such things have their basic liberties more and more eroded every day.

So if you could please remember that you are a citizen and not only an infantile consumer, I would be glad.

as if you cared of course.

Cheers

Market Place only - fine

As long as the kill switch is part of the Marketplace app (likely) and can only remove apps installed via the marketplace (not quite so likely I think) then I have no problem with it.

The MarketPlace app fully manages your applications thus it can: Add new ones, upgrade existing and remove existing ones. You would expect that it could technically do the latter in the case of a revenue model where apps were to be 'rented' - so maybe I rent a sat nav app for 1 month whilst in Italy.

If you don't like it uninstall the MarketPlace app - at least you can on Android!

Ah, the libertarian contingent arrives

> ... it's mine. I paid for it. I'll fuck it up any way I want

> to since I do own it. No questions asked, no conference

> calls, no dirty looks just me an my hammer reconfiguring

> my property any way i want. Or installing what software I

> want no matter how it wrecks my property.

Shorter Doug: if I want to host a botnet from the 'privacy' of my own phone, and, say, send out spam emails and SMS messages (or even computerized telemarketing calls!) without my knowing it, I should have every right to do so!

-fred

Yes, but what...

> "This application seems to be doing something dangerous. Please click here for more

> information and countermeasures."

Yes, but what if the program uses social engineering to trick the users first?

i.e. imagine http://www.theregister.co.uk/2010/03/29/cross_days_trojan/ , but for Android phones and distributed "legally" through the Android store.

The game could just tell users in advance that Android will sound a false alarm and that the user should just ignore it. Say we have an ignoramus major, Stanley Stupid, will just abide by the warning and ignore Androids warning as advised (or maybe he's doing it at three in the morning half-asleep/is drunk/is high on substances whose legality is questionable/is "special"). Oops, there goes the user's address book online credentials for Amazon mobile.

Now, let's say Stanley Stupid is friends with a "typical"(*1) lawyer named Richard Fish, who suggests that Stan there sue Google (instead of the developer, who conveniently used a fake name and non-existent e-mail address to post to the Android store and provided the address and phone number of a strip club in Jamaica). Also, Fish is well aware that Google is already in trouble with the Feds over the Street View Wi-Fi sniffing hoohah. Guess what happens next.

There are a lot of things that can earn one a Darwin Award, but downloading a trojan disguised as a game that cleverly fibs to the user so he ignores any warning the OS throws up isn't one of them.

(*1) Typical here means typical in the sense of how TV portrays them.

Google Has Trolls Too ...

... and they all just downvoted your comment.

AC Engineering

If it was a very good social engineering, it would probably pop up that message on its own, but as a "cover" for asking to send data home/gain su to access other data. After all, if you're Joe Average, when you get a full-screen pop-up that can't be avoided that says "This application seems to be doing something dangerous. Please click here for more information and countermeasures.", are you going to click on the little "No" button, or on the big "Please click here" button?

The first "application" could probably find a way to interfere with what is being displayed, and thus the "please click here" can download another application, which asks for all imaginable permissions, except the end user sees only nice reassuring messages by Android that they're "removing" or "isolating" the application and "retrieving data"...

I'll just drink to it being there, but in a way that hopefully serves more as a deterrent than as an actual "kill switch".

@Shannon Jacobs

"Are we just past the point where it is possible to design a safe OS even for a so-called small device like a phone? "

Yes, we are. We left it behind when the complexity level of our machines exceeded that of an analog telephone. PBCAK -that is, lazy & ignorant users- and social engineering conspire to make security for these small devices an unattainable idea.

Add to that that many smartphone applications have lots of security implications - SMS, schedules, geolocation, remote payment systems... - and you get the actual situation, which is a total nightmare.

"This application seems to be doing something dangerous. Please click here for more information and countermeasures."

There is a large % of users who will just close the warning message and ignore it. I earn my living as an IT consultant and have seen this behaviour thousands of times. These users think something along the lines of "the IT guy will fix it", "I'm in a hurry and the job needs to be done" or "I want my porn NOW!"

So a kill switch seems to me a sensible -though partial - solution, and I haven't any issues with it, as long as it's not abused.

As other commenters said, you are free to use the marketplace or obtain your software somewhere else.

Whe cares what nameless people say?

If you actually believe in your mumblings, put your name on them.

I think you are attempting to describe an extremist scenario where Google might have good reason to use the big bomb.

Oh wait. Perhaps the reason you don't want to use your name is because you write so poorly and unclearly? In that case, you should include you name so we know where to direct our sympathies.

Yeah,

and the People's Eavesdropping and Credit Liberation apps was a nice bonus, too!

I jest, I jest. Sort of. Maybe.

blah

Did you even read what you posted? If the apps do nothing and serve no purpose then where is the genuine emergency? If they delete apps simply because they do nothing and the description was wrong then they will delete anything they feel like. Removing them from the store is fine but deleting them from other people's property is not.

@AC

"Google have stated that this removal feature will not be used much, and will be reserved for Genuine emergencies like security risks etc." - but this was not a security risk, at least according to the article: it was merely useless. Google have undermined their own argument with the first documented use of this "facility".

There is something very wrong with a business plan that says that the purchaser of a tool is at the mercy of what the manufacturer says is acceptable.

Only If ...

... you buy into the technology. And so far there are alternative communication paths. The problem is, people will give up their very souls just to be cool and modern. I actually feel sorry for them, no wait ... I don't either. You buy into "the system" you get what you pay for so stop the whining.

I'd put a title, but I can't be arsed...

"[...] perhaps developers need to pay a nominal sum to Google as insurance against such a thing happening."

That is SO Chicago...

So no one "sensibly" develops for iPhone?

Assuming you read the article (please say you did read the article and didn't comment after just reading a paragraph or summary...please!!), should developers never develop for the iPhone, then?

And, since the kill switch was used on some software (research notwithstanding) with a sole purpose of tricking users into downloading an app that actually could damage your phone's OS, do you then have a problem with having a framework in place used to remove such cruft? With the tons of apps that allow you to download pr()n that haven't been killed like this, is there some pattern you are imagining that makes you think Google would arbitrarily kill apps even though they do exactly what they say without the app stealing your info or otherwise infecting your phone? Compare that to what the pr()n apps Apple kills before they ever hit the app store. And, no, I don't watch pr()n on my friggin' phone.

Kill some malware, tin-foil-hat wearing psychos yell, "Google is the devil!" Let the malware be, maybe put some warnings up but give the user a choice that allows their personal information stolen, wannabe-victims yell, "Google is the devil!"

To Summarize

The Marketplace is just as much a backdoor as the apps in question. Good to know.