back to article Google vanishes Android apps from citizen phones

Google has reached out over the airwaves and removed a pair of applications from users' Android phones, saying the two apps violated its terms of service. Like Apple, Google has a "kill switch" that allows it to remotely remove mobile apps that have already been installed by end users. The tool is mentioned in the terms and …

COMMENTS

This topic is closed for new posts.
  1. tuna 1
    Pirate

    I Feel Better Already

    "Google insists that the tool will only be used for good."

    Googs, you keep using that word. I do not think it means what you think it means.

  2. Alastair 7

    Arguably...

    there's more of a need for a kill switch with Android. Apps aren't reviewed before posting, so in theory anyone could publish anything.

    I know the Google conspiracy theorists will circle around this one, but I'm glad it's there. Users have demonstrated themselves to be utter idiots, and I don't doubt that barely any of them read the warnings that say your hilarious fart app wants access to "perform functions that may cost you money" and "read your SMS inbox".

    There needs to be an off-switch for fraudsters, and personally I think it's worth the price.

    1. SilverWave
      Happy

      Agreed - Its needed.

      Its a balance to be sure, but you have to give your apps an unreasonable amount of trust tbh.

      I actually hope that Google do scan the crap out of anything that hits the Market and kills anything suspicious.

      If I didn't trust Google, (more or less ;-) then I wouldn't be using an Android now would I? D'oh!

      There have been a few apps that said they needed access to my contacts (which is way out of line) which I binned... but how many less technical users will think twice?

      HTC Desire ftw! LOL.

      1. Doug Glass
        Go

        How About ...

        ... it's mine. I paid for it. I'll fuck it up any way I want to since I do own it. No questions asked, no conference calls, no dirty looks just me an my hammer reconfiguring my property any way i want. Or installing what software I want no matter how it wrecks my property.

        Oh I forget, it's the digital age and we don't own property any longer. We just rent it. Kind of like beer. You only rent it too then piss it away. But if I wanted to, I could buy a six pack and pour every drop down the drain. But I'll just be damed if I'll ever buy a product from an brewery that will pours it down the drain for me without asking for permission first.

        1. Fred Fnord
          FAIL

          Ah, the libertarian contingent arrives

          > ... it's mine. I paid for it. I'll fuck it up any way I want

          > to since I do own it. No questions asked, no conference

          > calls, no dirty looks just me an my hammer reconfiguring

          > my property any way i want. Or installing what software I

          > want no matter how it wrecks my property.

          Shorter Doug: if I want to host a botnet from the 'privacy' of my own phone, and, say, send out spam emails and SMS messages (or even computerized telemarketing calls!) without my knowing it, I should have every right to do so!

          -fred

    2. Chris 35
      Thumb Up

      Re: Arguably...

      That was going to be what I researched before commenting. Is the vetting process with Android as strict and scrutinising as it is with Apple?

      I completely agree with you.

    3. Intractable Potsherd
      WTF?

      @Alistair and others ...

      ... your argument tends towards "The OS manufacturer knows best", and "People need to be protected from themselves". No doubt, then, when later versions of your favourite OS have kill switches so that you cannot install whatever software you want because it hasn't been "approved", you'll be as much in support?

      The installation of a kill switch into something you have bought, thus retaining to the manufacturer control over it, undermines the whole nature of ownership. It should not be tolerated, and actively fought.

      1. Daf L

        @Intractable ... Fair enough but...

        The kill switch only applies to Apps downloaded using the Marketplace which have Google's terms and conditions attached to them. You can install apps on your Android phone from anywhere, even write your own and install it. Therefore Google have no control over your device and what you install on it.

        The marketplace is a safer place where most average Joes will enter to get apps and they might well be ones that need protecting "from themselves".

        Imagine if Google's own marketplace hosts an app that is rogue - Google know about it, they have the technology to stop it, people's phones are getting pwned left right and centre and they sit back and do nothing - there would be outcries from the media about how much safer Apple was than Google.

        If you want to install an app from another source - go ahead. If you want to back up your apps so they can be reinstalled after they have been remotely pulled then go ahead, they won't be killed if you manually install them.

        1. SilverWave
          Go

          Its a feature not a bug - firefox AMO has the same ability

          Its needed in case a bad on slips through.

          Not rocket science.

        2. Joel Mansford
          Thumb Up

          Market Place only - fine

          As long as the kill switch is part of the Marketplace app (likely) and can only remove apps installed via the marketplace (not quite so likely I think) then I have no problem with it.

          The MarketPlace app fully manages your applications thus it can: Add new ones, upgrade existing and remove existing ones. You would expect that it could technically do the latter in the case of a revenue model where apps were to be 'rented' - so maybe I rent a sat nav app for 1 month whilst in Italy.

          If you don't like it uninstall the MarketPlace app - at least you can on Android!

          1. Alastair 7

            Eh?

            "As long as the kill switch is part of the Marketplace app (likely) and can only remove apps installed via the marketplace (not quite so likely I think)"

            Surely one rather depends on the other?

            In any case, the kill switch is indeed Marketplace-only. Don't like it, don't use it.

      2. Alastair 7

        @Intractable Potsherd

        Pretty obvious straw man argument there.

        Besides, the bigger point here that you're avoiding is the open nature of Android. Don't want a killswitch? Download a ROM with the killswitch removed, install and enjoy. Unlike the iPhone, pretty much every Android phone has a total separation between software and hardware that allows you to do anything you want with it. Thus, it has absolutely no effect on the whole nature of ownership.

        Default safe setting for the plebs, available tweaks for the tweakers.

    4. Annakan
      IT Angle

      So you like to be treated as an ignorant irresponsible money bag ?

      Because there is no reason for them to REMOVE the app.

      They could, for instance flag it to display a message at launch explaining the potential problem and asking for removal or not, THAT would be talking to me like an human and respecting MY property.

      Again, that would you say if your car dealer came into your house, cracked open the garage and took whatever he wants in "your" car ? (he is covered it is line 18 of your 25 page "contracts" that says that you pay for the care but he still owns it, you know the one ? )

      How come that the fact it "seems" immaterial makes any such thing acceptable ?

      Something that is build is mean to be used, or you don't build it.

      And humans there NEVER able to resist using anything they built, so .... it will be used and used and abused.

      Again the problem is that with people like you quitting from exercising any responsibility and judgment and happily delegating judgment about what is "good" or "bad" to a third party (here a business company), and even saying thanks when they are invaded and stolen from, people like "me" and all the ones that can't tolerate such things have their basic liberties more and more eroded every day.

      So if you could please remember that you are a citizen and not only an infantile consumer, I would be glad.

      as if you cared of course.

      Cheers

      1. James Butler

        @Annakan

        "They could, for instance flag it to display a message at launch explaining the potential problem and asking for removal or not.."

        Using which API? The one every Android developer is forced to use? Oh wait ... that's Apple's developers. So which API are you recommending Google use to insert this "launch" message?

        The reality is that by using the Marketplace to install the app, Google obtains a mechanism (activity record and device id) to update or remove the app that is not necessarily available in the app, itself. What you describe implies greater intrusiveness than Google has ... the ability to get into every app's code and modify whatever they want.

        If you received word that Google had the ability to reach into and reprogram any Android app, as you suggest they should, would that make you feel better?

        1. JonHendry

          Seriously?

          "Using which API?"

          Um, the OS that launches the app. In the part of the OS that launches the app, it'd check the app against a list of naughty apps. Before the app itself even actually starts.

          You know, like OS X warns you if you try to run a program you downloaded which hasn't been run before.

          No "greater intrusiveness" involved, no "ability to get into every app's code" needed.

  3. Shannon Jacobs
    Big Brother

    Power always gets abused

    Well I, for one, AM very annoyed by this abuse of power and take it as additional evidence of the growing evil within Google. Are we just past the point where it is possible to design a safe OS even for a so-called small device like a phone? Or how about degrees of death? Rather than just assume an absolute power to kill any application the user might want to run, Google starts with lower levels of death, like a system to first tell the user "This application seems to be doing something dangerous. Please click here for more information and countermeasures."

    Not much of a defense, but I don't really blame Google for becoming evil since the rules of the game basically require companies to become evil--especially if a company wants to be 'successful' as the current laws define it. The laws are clearly evolving in the direction of more evil, though that is only the natural consequence of a money-dominated political system where evil companies are the same companies that are most concerned with and willing to bribe politicians to write the laws they find most convenient. Just ask BP and ExxonMobile and Goldman Sachs and their evil peers how things work these days. Another minor loophole in quasi-defense of Google: the current laws were mostly created before Google existed, so Google isn't even responsible for the old part of it.

    None of this makes evil into a good thing--but I sadly believe that America has passed the point of no return. Amusingly enough, I think that President Obama, many Democrats, and even a few true Republicans understand the real problems with corporatism as a political system. Companies are NOT human beings, but only immoral fictions. However, the neo-GOP is too well entrenched (and too well funded by corrupt companies) for the problems to be fixed.

    Google is just going with the flow--the flow of corruption.

    1. Anonymous Coward
      Pirate

      Yes, but what...

      > "This application seems to be doing something dangerous. Please click here for more

      > information and countermeasures."

      Yes, but what if the program uses social engineering to trick the users first?

      i.e. imagine http://www.theregister.co.uk/2010/03/29/cross_days_trojan/ , but for Android phones and distributed "legally" through the Android store.

      The game could just tell users in advance that Android will sound a false alarm and that the user should just ignore it. Say we have an ignoramus major, Stanley Stupid, will just abide by the warning and ignore Androids warning as advised (or maybe he's doing it at three in the morning half-asleep/is drunk/is high on substances whose legality is questionable/is "special"). Oops, there goes the user's address book online credentials for Amazon mobile.

      Now, let's say Stanley Stupid is friends with a "typical"(*1) lawyer named Richard Fish, who suggests that Stan there sue Google (instead of the developer, who conveniently used a fake name and non-existent e-mail address to post to the Android store and provided the address and phone number of a strip club in Jamaica). Also, Fish is well aware that Google is already in trouble with the Feds over the Street View Wi-Fi sniffing hoohah. Guess what happens next.

      There are a lot of things that can earn one a Darwin Award, but downloading a trojan disguised as a game that cleverly fibs to the user so he ignores any warning the OS throws up isn't one of them.

      (*1) Typical here means typical in the sense of how TV portrays them.

      1. Shazback
        Pint

        AC Engineering

        If it was a very good social engineering, it would probably pop up that message on its own, but as a "cover" for asking to send data home/gain su to access other data. After all, if you're Joe Average, when you get a full-screen pop-up that can't be avoided that says "This application seems to be doing something dangerous. Please click here for more information and countermeasures.", are you going to click on the little "No" button, or on the big "Please click here" button?

        The first "application" could probably find a way to interfere with what is being displayed, and thus the "please click here" can download another application, which asks for all imaginable permissions, except the end user sees only nice reassuring messages by Android that they're "removing" or "isolating" the application and "retrieving data"...

        I'll just drink to it being there, but in a way that hopefully serves more as a deterrent than as an actual "kill switch".

      2. Shannon Jacobs
        Thumb Down

        Whe cares what nameless people say?

        If you actually believe in your mumblings, put your name on them.

        I think you are attempting to describe an extremist scenario where Google might have good reason to use the big bomb.

        Oh wait. Perhaps the reason you don't want to use your name is because you write so poorly and unclearly? In that case, you should include you name so we know where to direct our sympathies.

    2. Doug Glass
      Go

      Google Has Trolls Too ...

      ... and they all just downvoted your comment.

    3. Mephistro
      Terminator

      @Shannon Jacobs

      "Are we just past the point where it is possible to design a safe OS even for a so-called small device like a phone? "

      Yes, we are. We left it behind when the complexity level of our machines exceeded that of an analog telephone. PBCAK -that is, lazy & ignorant users- and social engineering conspire to make security for these small devices an unattainable idea.

      Add to that that many smartphone applications have lots of security implications - SMS, schedules, geolocation, remote payment systems... - and you get the actual situation, which is a total nightmare.

      "This application seems to be doing something dangerous. Please click here for more information and countermeasures."

      There is a large % of users who will just close the warning message and ignore it. I earn my living as an IT consultant and have seen this behaviour thousands of times. These users think something along the lines of "the IT guy will fix it", "I'm in a hurry and the job needs to be done" or "I want my porn NOW!"

      So a kill switch seems to me a sensible -though partial - solution, and I haven't any issues with it, as long as it's not abused.

      As other commenters said, you are free to use the marketplace or obtain your software somewhere else.

  4. Mark Graybill

    Another reason to buy a China Phone

    They just sell me a phone with lots of features, not a lifestyle and certainly not a nanny to "protect" me. I've bought three non-chinese phones since I got my Sciphone G2. And I'm presently using my Sciphone G2 while the others have either been given away or are gathering dust.

    My next buy will be another china phone. They've got wifi, java--all the goodies. It costs less than half a comparable phone from the majors. And nobody has a kill switch for it.

    1. Anonymous Coward
      Anonymous Coward

      A fool and his money are soon parted

      One phone is enough for me, until I grow another head.

    2. Anonymous Coward
      Troll

      Yeah,

      and the People's Eavesdropping and Credit Liberation apps was a nice bonus, too!

      I jest, I jest. Sort of. Maybe.

  5. Pablo
    Flame

    Wow, that sucks

    I thought freedom from this kind of crap was the main selling point for Android phones. I admit I wasn't really in the market for a smartphone anyway, but if I was, it would have been Android powered, until I read this. Unless there's some way to turn that feature off, it's a deal breaker.

    If it asked your permission, that would be one thing. That would be a good feature in fact. I could probably even be convinced that a no-prompt kill switch was acceptable if it were reserved for genuine emergencies (e.g. an app the exploits a security hole and trashes your phone), but that Google would use it for apps that were merely "practically useless" suggests they have no intention of practicing such restraint.

    1. Anonymous Coward
      Anonymous Coward

      blah blah

      Did you even read the article? The apps misrepresented its intention in a bid to get people to download them. The apps were for research only with no other use for the user. The researchers removed the apps from the repository and Google removed them from the phones because they serve no purpose.

      Google have stated that this removal feature will not be used much, and will be reserved for Genuine emergencies like security risks etc.

      And by your attitude it appears that you won't be getting any kind of smart phone in the future. You say you weren't looking for one anyway so why bother commenting!!

      1. Dave Murray
        Big Brother

        blah

        Did you even read what you posted? If the apps do nothing and serve no purpose then where is the genuine emergency? If they delete apps simply because they do nothing and the description was wrong then they will delete anything they feel like. Removing them from the store is fine but deleting them from other people's property is not.

      2. Intractable Potsherd
        Stop

        @AC

        "Google have stated that this removal feature will not be used much, and will be reserved for Genuine emergencies like security risks etc." - but this was not a security risk, at least according to the article: it was merely useless. Google have undermined their own argument with the first documented use of this "facility".

        There is something very wrong with a business plan that says that the purchaser of a tool is at the mercy of what the manufacturer says is acceptable.

      3. Anonymous Coward
        Anonymous Coward

        But it *was* misused

        This wasn't an emergency was it? A waste of time perhaps, but not an emergency and certainly not worth using the kill switch.

      4. DZ-Jay

        @AC: blah blah

        >> "Google have stated that this removal feature will not be used much, and will be reserved for Genuine emergencies like security risks etc."

        I don't get it, first Google claim that there was no harm or risk, since the app basically did nothing, yet they went ahead and used the kill switch they claim will only be used for "emergencies". How is this not abuse of the power?

        They have control to do something which is controversial and claim to reserve the right in case of an emergency, then go ahead and exercise that power on a self-proclaimed non-emergency situation. And on top of that, they use double-speak to convince us that "no, really, we don't mean to use it, it's only for emergencies. Really. For sure. Trust Us (tm)."

        -dZ.

        -dZ.

        1. Daf L

          Harmless???

          The two applications were designed to be able to pull remote code down to rootkit your device. They phoned home and at any time could brick your phone or worse.

          One app was designed to be a fake app for promoting Twilight. Although they were only proof of concept by a security researcher - they could have been used for malicious purposes if the backdoor had been exploited. Hence leaving apps on the phone that were constantly phoning home ready to download malware and bypass the Davlik VM is not something you would really want on your phone. Anyone clued up wouldn't have downloaded it, anyone a little bit switched on would have removed it themselves already. If you really wanted to run the app you could have downloaded it via anywhere on the internet (not the Marketplace) and ran it - or just run the app installer directly from your phone and it wouldn't have been removed.

          The researcher was actually impressed that the apps were remotely removed.

          1. This post has been deleted by its author

        2. Lou Gosselin

          @DZ-Jay

          Android users are fond of being in control, and this article proves that google has a back door, which is very unsettling. I am very glad that you recognize this abuse as controversial, however you mis attributed the "For sure. Trust Us (tm)" - that's the slogan for the apple mobile camp.

      5. Tom 13

        Buying an overpowered PC and then using BOINC to run units for the SETI project

        serves no useful purpose and is for research only. That doesn't mean somebody out there should have a kill switch that will remove from my system. Okay, so technically I gave up on SETI and now run it for three other programs that are probably a bit more useful, but the principle still applies.

  6. Winkypop Silver badge
    Big Brother

    It's the way of the future people

    The MAN will decide what you can/can't do, and what you can know and read....

    1. Doug Glass
      Go

      Only If ...

      ... you buy into the technology. And so far there are alternative communication paths. The problem is, people will give up their very souls just to be cool and modern. I actually feel sorry for them, no wait ... I don't either. You buy into "the system" you get what you pay for so stop the whining.

  7. Grifter

    How does this work?

    Can they nuke any program you download and install, or is it only programs obtained through their appstore?

    1. frymaster

      only through the app store

      only apps managed (i.e. downloaded by, and monitored for updates by) google marketplace

    2. Anonymous Coward
      Anonymous Coward

      Presumably they can do anything at all

      For example, run a root shell, install software to spy on you, turn your phone into a paperweight, etc.

  8. Elwell
    Boffin

    Jon Oberheide

    .. has all the details on his blog about it

    http://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/

    1. Pablo
      Big Brother

      To Summarize

      The Marketplace is just as much a backdoor as the apps in question. Good to know.

  9. Greg J Preece

    What's to stop you reinstalling?

    This isn't the nicest thing to happen to you, but as someone else said, the Android Market isn't vetted, so perhaps in their case it's more needed. If they're removing apps for being malicious rather than being competition, then maybe that's fair enough.

    This being Android, however, what's to stop you reinstalling the app from another location?

  10. Anonymous Coward
    Thumb Down

    Publicitiy stunt

    A day or so after a company reports (rightly or wrongly, it doesn't matter as the PR-damage was done) that 20% of apps on the Android Marketplace are potential malware, Google pulls a publicity stunt designed to make the droid-drones feel all warm and cuddly about themselves ... 'oooh look, Google will keep us safe'

    I find that rather pathetic, especially when - as the poster above mentions - these apps are being painted as 'completely harmless' by Google. If they are completely harmless, and so useless that people are removing them shortly after downloading, why the need to kill them? Could it be that they aren't actually completely harmless? If they were only breaking the T+C's of Google's marketplace, shouldn't Google's actions have been limited to removing the apps from the store but leaving them untouched on people's phones (which is what Apple do when this sort of thing happens on their store)?

  11. Anonymous Coward
    Unhappy

    Look at it from a software developer angle....

    You've developed some software for the Android and decided to sell it. People buy it. Google decide to flick the "kill" switch. Your reputation is pants, and you have all those people knocking on your door asking for their money back.

    Who would sensibly develop apps for any platform that has such a switch?

    Google should carry the can for these costs, it will give them a chance to reflect on the seriousness of flicking that switch: perhaps developers need to pay a nominal sum to Google as insurance against such a thing happening.

    1. Someone Else Silver badge
      WTF?

      I'd put a title, but I can't be arsed...

      "[...] perhaps developers need to pay a nominal sum to Google as insurance against such a thing happening."

      That is SO Chicago...

    2. Tom King 2
      Thumb Down

      So no one "sensibly" develops for iPhone?

      Assuming you read the article (please say you did read the article and didn't comment after just reading a paragraph or summary...please!!), should developers never develop for the iPhone, then?

      And, since the kill switch was used on some software (research notwithstanding) with a sole purpose of tricking users into downloading an app that actually could damage your phone's OS, do you then have a problem with having a framework in place used to remove such cruft? With the tons of apps that allow you to download pr()n that haven't been killed like this, is there some pattern you are imagining that makes you think Google would arbitrarily kill apps even though they do exactly what they say without the app stealing your info or otherwise infecting your phone? Compare that to what the pr()n apps Apple kills before they ever hit the app store. And, no, I don't watch pr()n on my friggin' phone.

      Kill some malware, tin-foil-hat wearing psychos yell, "Google is the devil!" Let the malware be, maybe put some warnings up but give the user a choice that allows their personal information stolen, wannabe-victims yell, "Google is the devil!"

    3. david wilson

      @AC 25/6

      >>"You've developed some software for the Android and decided to sell it. People buy it. Google decide to flick the "kill" switch. Your reputation is pants, and you have all those people knocking on your door asking for their money back"

      What about:

      There's *no* kill switch. You've developed some software for the Android and decided to sell it. People buy it. Google decide to say your software is a security risk and mail people suggesting they uninstall it ASAP. Your reputation is pants, and you have all those people knocking on your door asking for their money back.

      With or without a kill switch, were Google to decide to declare your software dangerous, the end result seems likely to be much the same.

  12. Doug Glass
    Go

    Where's All The Screaming?

    Let me get this straight. You buy the device, and own it, and subsequently install software of your choosing, and Google will remove the software if they don't like it and there's nothing you can do about it.

    Where's all the righteous indignation that always follows articles talking about Microsoft Windows' kill switches and the like? I'm glad vehicle manufactures haven figured out how to do this. Buy a foreign part for your Ford truck and have Ford suddenly deactivated it at 70MPH on the interstate because they don't like who you bought it from. Wait, GM can do that with OnStar: shut you down when, well .... any time they feel like it. Oh I forget...has to be a ligetimate reason. Yeah right.

    Wow, the electronic age is fabulous, just fabulous. I'm so pleased there are corporations out there that can think for me and make the right decisions for me. Those old farts who resist intrusions into their privacy and personal decisions are just so old fashioned and out of touch.

    No wait, I'm and old fart like that. Where's my Glock?

    1. Imagus
      Stop

      Better get used to it...

      Soon the whole internet will have a "kill switch" and apparently Obama is the one who can have his fingers on it. Read it here: http://tinyurl.com/3638rsy

      Of course, he'll only use it "for good", so don't worry, they know exactly what's good and what isn't.

      Amazon got to test the technology first (you don't honestly believe it was an accident, do you?), now Google and others will adopt the technology too, until all the iphone-staring zombie sheeple think it's "normal".

      Sad. Oh so sad.

  13. Aculeo

    Lesser of Two Evils

    Until recently I was pretty cagey about Google. Actually, I'm still pretty cagey about Google. But I admit I was lured by the shiny smartphones, and in a contest between Google and Apple, I decided I'd sooner put up with ads and be free to do what I please than be controlled at every end and turn; so I went with Android.

    Does this story make me regret that decision? Certainly not.

    "But unlike Google, to our knowledge Jobs has never pulled his 'kill switch' lever."

    Which presumably makes their overall tyrannical approach to marketing okay now?

    It must be difficult for the Reg when there's a direct opposition between Google and Apple and they're forced to decide which is the lesser of two evils. And that word 'evil' doesn't half get used a lot in articles and comments round here, doesn't it? Between the Reg and the Daily Mail using it for everything and everybody they're somewhat distrustful of, you have to wonder if the word has any real meaning left any more.

    I'm not overly happy about what's been done, though I think I'd have to agree with Pablo: the system should certainly ask permission before it uninstalls anything. If it explained and asked me, I'd probably agree - I haven't found many apps* yet that I can't live without - but we know Google, and we know they don't like to ask permission in case people say no. I'm not sure if Google's sneakiness in that respect is worse than Apple's entirely overt attitude that an iPhone is still their property so they have the right to do what they like with it.

    That said, I'd probably have to disagree with Shannon Jacobs: if an application is found to be dangerous I think an immediate execution is probably the only way to go, as long as it's either my decision or the company asks me permission to do it.

    ---

    * I'm not sure if the term 'app' is Apple's trademarked property yet.

  14. JohnG
    Big Brother

    OTT

    Whatever the justification, Google's action is a bit OTT. Why not just block the application with an accompanying informative message advising uninstallation and include a means for the user to remove the block if they see fit?

  15. Pavlov's obedient mutt
    Joke

    Apple bad?

    I must have misread the article as I can't find a side swipe at Apple in there

    Guess it's the friday morning slip

  16. AllenJB
    Welcome

    Go Google!

    As a Nexus One owner, I'm glad they have and use this facility. All the evidence so far says they've only used it to protect users, so I don't see a problem.

    Until there's at least a shred of evidence they even intend to use this feature maliciously, I will be much happier knowing it's there and used than not having it.

    1. Intractable Potsherd
      Alert

      That's fine, AllenJB...

      ... but in that case, it should be made clear that this is some form of lease, not purporting to be a sale of goods. If the provider retains some control you are not the owner, and that relationship should be made clear.

    2. Anonymous Coward
      Stop

      How exactly...?

      How does remotely removing applications that have no harmful effect 'protect users'?

      1. Anonymous Coward
        Anonymous Coward

        No harmful effect?

        The two applications were designed to be able to pull remote code down to rootkit your device. They phoned home and at any time could brick your phone or worse.

        One app was designed to be a fake app for promoting twilight. Although they were only proof of concept be a security researcher - they could have been used for malicious purposes if the backdoor had been exploited.

        The researcher was actually impressed that the apps were remotely removed.

        1. Frank 2
          Troll

          Sergey...

          is that you?

        2. Gareth.
          Thumb Up

          Well Said, AC

          I agree with you, Mr AC.

          What options were available to Google? Leave the app until it does do some damage, or be proactive and remove it before it does? I'm glad they chose to take the sensible approach and remove it. TBH, though, they are damned if they do and damned if they don't.

          It's not as if the apps actually did anything other than lie dormant until instructed to start doing naughty things. Nobody has lost out on this (apart from Google undeservedly getting some bad press). Luckily for those who downloaded the apps, they were POCs written by researchers - I wonder how many programs aren't as obviously rubbish yet have the same capability, e.g. is that app to show how little battery life is left really legit, and does that torch app really need to access the internet as well as all your personal data?

          Would there be such an uproar if you switch the platform and imagine this being a rogue application being deleted by your antivirus solution?

  17. Woodgar

    What about Microsoft?

    Surely, by implication, and using the same arguments Google have employed, Microsoft could say they are protecting their customers by building a kill switch into Windows that allows them to pull or disable any piece of software they took a dislike to?

    I don't much like the sound of that, and I don't even use Windows.

    Actually, I imagine this would be much easier to achieve in a linux distribution such as Ubuntu, as most users will have used the packet manager to maintain their system so it will be far easier to remove apps during their next system update. Can't see this happening, mind, as everyone will just move to a different distro.

    1. aThingOrTwo

      Windows

      If Microsoft had introduced mandatory code signing, file quarantine, sandboxing and a kill switch for Windows XP (maybe 2000) they would have saved the world's economies millions or maybe even billions of pounds. They also would single handily kill the anti virus market. I for one wouldn't weep for the loss of Norton.

      It's called vendor responsibility.

  18. MarkOne
    Stop

    @Pablo

    You should probably stop reading things on the Internet, if one single "news" post can sway you.

    There is a black on white difference between how Apple and Google operate their stores/marketplaces.

    Apple, they review everything, reject lots and it may take upto a month for you app to appear.

    Google, it appears straight away, no review, it's ready to sell.

    Clearly a recall switch is more important for Google, and it more likely to have to be used. Any idiot can work that out.

    As a user and a developer, I much prefer Googles setup.

    1. Pablo

      To clarify

      I certainly didn't mean to suggest I would ever buy an iPhone.

  19. Captain Underpants
    Boffin

    I'm intrigued

    While I don't entirely like this sort of thing, I can understand the reasons for it existing - aside from anything else, with a Marketplace where software vendors can charge for their products, Google would likely face the pointy end of some sort of class-action lawsuit if it became apparent that they *didnt* have something like this at their disposal.

    The question I've got is whether the remote-nuke option can be deployed on handsets where the user has opted to install software from non-Marketplace sources. *THAT* would be a bigger issue, IMO.

  20. Anonymous Coward
    Thumb Down

    Welcome to the future: you don't need to think - we'll do it for you.

    "Hopefully, we never have to pull that lever," Jobs said, "but we would be irresponsible not to have a lever like that to pull."

    Why? You are not my nanny and it is my phone! I am completely against this type of "protection". Explain clearly how to remove a "malicious" application and I will remove it from my phone if I want to.

    1. aThingOrTwo

      As other people have pointed out…

      As other people far brighter than me have pointed out we tried the give the users enough rope to hang themselves experiment, it didn't work: it's called Windows.

      Just because you might be happy to do this, doesn't mean everyone will be. And there is a stack of evidence that left to their own devices many users to a very poor job of keeping their machines secure and free from threats.

  21. Anonymous Coward
    Unhappy

    Open source?

    First: why can't it be opt in or opt out? My phone my software my responsibility and if I don't want to think I can choose Google to make the decisions for me.

    Second, until then, Andriod is open source right? So why isn't there a fork that removes this feature?

    1. Anonymous Coward
      Anonymous Coward

      Android open sourciness

      Not everything people associate with Android is open source. Many of the google apps, including the app store interface, are closed. The open part of Android doesn't need a fork because it doesn't have access to the app store or its revocation procedure in the first place.

    2. Richard Sloan
      Megaphone

      Remove this feature.

      If you are using Cyanogenmod, just reflash the Cyanogenmod image, but do not flash the google apps image afterward, that way you are left with pure android without the additional google apps including the market and its killswitch.

      Android itself is open source but I don't think the google apps themselves are, so you are unlikely to be able to remove just this one feature from the market, however it only affects things installed by the market so you can always copy the .apk files somewhere after installing, uninstall them, then reinstall using the .apk files.

      The only thing that I am aware of aside from this that Google pulled from the market in US regions was wireless tether at the behest of T-mobile USA because them and all other US providers are extremely anal over tethering, but still hosted the installset for it freely available to download on google code's page so noone was really left out. They did not use a killswitch on it to my knowledge.

      This was also a pretty clear cut violation of TOS as well, unlike Apple's "Steve Jobs has suddenly decided he doesn't like your app, has changed his mind about some feature your app has, might link to some 3rd party contect that we don't like or you've made something better than the built in apps and we don't want to get shown up so we pulled it with no warning" approach. It is things like this that mean that I'm likely to upgrade to a Nexus One instead of a new iPhone next month when the contract on my G1 expires.

      If you really are paranoid about google/apple just get a Nokia 6310i and have done with it. If you are paranoid about everything perhaps mobile communications are not for you.

  22. Anonymous Coward
    Boffin

    Why does it have to be silent removal?

    If Google decides they don't like a particular app why couldn't they simply have set a flag that causes a pop-up to display next time you run it? It would say something like:

    ========================================================

    "Google has determined that this app contravenes its terms of service and would like to remove it. You may elect to keep it as long as you understand that Google will not be responsible for anything it does.

    Please Click one of [Remove] or [Understood]

    This message will not be repeated."

    ========================================================

    If necessary for legality the response chosen could be logged either on the device or over the web.

    After all -- computers are supposed to make our lives easier. Not do things behind our backs without telling us.

  23. A J Stiles
    Megaphone

    How is this even remotely legal?

    Removing an app that I bought and paid for, from a phone that I bought and paid for, seems to me to be a clear-cut breach of the Misuse of Computers Act 1990 and/or the Criminal Damage Act 1971. Expecting me to agree to this as a condition of sale would run afoul of the Unfair Contract Terms Act 1977, as amended.

    1. DryBones
      FAIL

      Eh?

      So, let me see here. Not only would you have had malware on your phone that you wanted to keep, but you paid for it, too. I'm not sure what point you were trying to make, but your post translates as "proud to be sheeple" and justifies all the nannying you're raging against.

      Congratulations on your wonderful own-goal. Tosser.

  24. Tel
    Stop

    Legal?

    While it might be a bit difficult to place a mobile device into the category of 'computer', a computer is, indeed, what a smartphone is, these days. Certainly the processing power on these gadgets is far in excess of what was available on desktops when a certain Computer Misuse Act was written - you know, the one that criminalises access to a user's computing device by a third party without the knowledge or permission of the owner of the device.

    It seem to me that were Google to remotely remove any software installed on any UK phone that they would be breaking the law.

    1. Jonte Monkey
      Troll

      Permission...

      You mean like when you gave them permission by signing up to the terms and conditions of the Google application store?

      It should also be pointed out that If you didn't agree with their terms and conditions then you don't have permission to access their store and so it would be YOU who would be in breach of the computer misuse act.

      1. The First Dave
        Boffin

        @Jonte Monkey

        I take it you didn't read the piece in ElReg a day or three ago, where it was pointed out that because it is well known that most people don't read the fine print, and have no option to negotiate any way, it really isn't a contract, and anything remotely unfair can be challenged at a later date.

        What Google did this time probably wouldn't get them in any trouble, but when they do it for an app that is useful to an individual, even if it does have some malware properties, then removing it without that users permission probably would be illegal.

        (Disclaimer: IANA Jury - even lawyers could not give you a definitive answer on this sort of thing.)

      2. A J Stiles
        Alert

        terms and conditions of the Google application store

        Would those be the same "terms and conditions of the Google application store" that are actually illegal under UK and EU law? (Unfair Contract Terms Act 1977, as amended.)

  25. pip25
    Pirate

    I might have a solution

    I don't know if anyone noticed, but the Marketplace application doesn't work without background data transfer turned on - this might be one of the reasons why. So as long as you disable it while not explicitly browsing for apps, there's a chance that Google's remote install/remove facility will be nullified as well.

  26. copsewood
    Linux

    customer expectations

    The problem here is partly that mobile phones have traditionally been controlled by the phone company. If you have your phone on a contract or PAYG you expect the thing to work and the phone company to be able to make it work or you don't pay the phone company to use it. The phone company has to keep the thing operating on the correct frequencies and transmit power levels or the phone violates wireless regulations and creates unwelcome interference. So the part of the phone that talks to the phone mast becomes a liability if it is software controllable, but in a manner which the mobile phone company doesn't control.

    We now have mobile phones which run a selection of apps more like a traditional PC where the user of the PC is likely to expect to use software of their choosing as they see fit. But most mobile phone customers are probably not going to change the expectation that the mobile phone company are responsible for it all working or they don't pay the mobile phone company.

    For other users it is possible to have computers with mobile phone functionality where the part of the mobile which runs applications either is sold and stays unlocked or can be unlocked or rooted, while the part which handles the wireless frequencies and power levels remains under the control of the mobile phone company. What is needed here is clearer understanding by the mobile phone companies of the needs of the minority of customers who want control over their systems, and clearer language describing these products so those buying them know exactly the level of support expected by the supplier and the area of their own responsibility in relation to malware and potential costs.

  27. Michael Brown
    Jobs Halo

    love the openness

    So much for all the openness and "I can do what I want with it" free love nerdtastic-ness of Android. On the other hand the draconian, iron first dictatorship that is Apple has never used it's kill switch for the iPhone.

    1. Eponymous Cowherd

      Kill, Kill, Kiiiiilllllll

      ***"On the other hand the draconian, iron first dictatorship that is Apple has never used it's kill switch for the iPhone."***

      Probably because the "draconian, iron first dictatorship" kills apps that might be subject to the "kill switch" before they appear on the App Store.

      Its a bit of a two edged sword. If I have installed malware from the Android Market, I would want it removed from my phone ASAP. On the other hand, I would want to be sure only malware would be removed, and not just something Google disapproves of.

      I would really like to see settings option along the lines of:-

      "Allow Google to uninstall applications"

      Always [ ]

      Ask First [ ]

      Never [ ]

  28. Anonymous Coward
    Coffee/keyboard

    <removed by kill switch>

    "My next buy will be another china phone. They've got wifi, java--all the goodies. It costs less than half a comparable phone from the majors. And nobody has a kill switch for it."

    No in China they probably just kill the user.

    So this only happens if you download an app from Google's store AND acccept the TOS for the app or does this language in the TOS apply to the entire store? <obviously not an anroid user yet> But another reason to read or skim those TOS.

    Actually give the freedom associated with the OS, I don't conisder it to be a terrible thing. Prevents someone from placing an app that could do damage to the phone or make the phone available for other uses to a hacker.

    From the article, Apple does have the same switch in place so even though the Apple App store is always in lockdown, they have a panic button. Wasn't it with IP3G that a person was able to wipe their iphone remotely in case it was stolen? Would not be surprised if Steve Jobwell would send out that kill code to any iphone that has been jailbroken someday...probably sooner than later.

  29. Ben Rosenthal

    so they removed some malware?

    sounds good to me, I'm going to wait for an actual problem before I get up in arms about what they could potentially do.

    Are people really that surprised about the fact they can do this? Hasn't Amazon Kindle been doing it for years now?

  30. Andraž 'ruskie' Levstik

    And I'll keep on running...

    With whatever apps I want to use on the N900 and not have to worry about this :)

  31. Tom 13

    If as several posters have noted

    the apps actually were actual latent security threats, then Google did the right thing in pulling them, but badly botched the announcement. The announcement should clearly have stated they were potential security threats. Google choosing to go farther and say they were unaware of malicious intent on the part of the security researchers is optional. As a company I wouldn't get into trying to determine intentions. I would not denigrate their defenses but I also would not advocate for them either.

    As for all those posters saying you ought to have complete control over the phone you bought, I'd like to collect my nickel when your phone gets compromised because of other compromised phones on the system and Google having and using a kill switch would have saved YOUR phone. Of course, I know I won't, so just STFU.

  32. The Other Steve
    Jobs Halo

    Oh ROFL my AO

    Fortunately, unlike Apple, Google are a completely trustworthy multinational corporation who only have our best interests at heart.

    Oh, oh, I think a little bit of wee just came out.

  33. cynar
    Boffin

    Duel Route Mentality

    If you want total control over your app installations just install them manually! All you have to do is tick a box in the menu to say you know what your doing.

    Personally I like the way google has it set up. The market is a sandbox like system. And if something goes wrong google can pull the app. However, if I REALLY want it. I just install it myself. That way google have no control over it (for better or for worse). How is that not the best of both worlds?

    Cynar

  34. Chris Donald
    Thumb Down

    So that's three companies to avoid..

    I hadn't realised that Google had gone the way of Apple and made it possible to dictate what I might have installed on my phone. Same goes for the Amazon book removal thing.

    I really care less about the bullshit justifications too. I either get 100% personal choice and control of what I install (of what's been developed of course :P) or I'm not interested. The idea that the developer of the OS can dictate to ME, whether I can keep something I chose to install is frankly disturbing. So consequently I'm definitely and firmly staying 100% away from any vendor that operates such kill switches. Sad disappointment to see Google go Apple style.

    Bad move. Don't care about your bloody good intentions..the flaming road to hell is paved with them.

    Foolish control freaks.

  35. Lord Lien
    Pint

    Malicious Payloads

    I'm glad that Google (& Apple... does MS?) have this safety net in place to be honest. How does anyone know 100% there is no malicious payload coded in an app?

    If I was to code a genuine looking game/app on the Iphone/Android platform that everyone loved (think free section... lets face it we all download the free version 1st) that after 4/5 months of use did something malicious & there was nothing that could be done.... How bad would this look on Google/Apple?

    If your still moaning about them being control freaks. Please note you can still get phones that don't use Android/iOS. Plenty to choose from :)

  36. Chris Donald
    Heart

    Some folks really want to be nannied?

    Damn,

    I didn't realise that there are genuinely folks out there that think to be nannied is a good thing :P.

    Sorry but I'd rather take care of my own uninstallations than have some company decide for me that I might not be competent to sort it out for myself. IMHO that nanny needfulness hasn't done the UK much good...yep, that might seem a bit like joining two slightly unrelated things together, but to me requiring a 3rd party to look out for me like this is definitely heading in the direction of less personal responsibility+choice and more "please I need some nannying..."

    :-) :P

  37. Skrrp

    Google bashers with short meories ITT

    Lot of people here saying that Apple have never used their kill switch. They have.

    Admittedly, on a misappropriated advance model and not a consumer owned device, but they have.

    Also to note: Google here pulled 2 apps. The Apple kill switch use completely disabled the device.

    For the really paranoid android users, go into the settings menu and have a look at the permission sets of some of the deep OS level apps.

    1. aThingOrTwo

      Remote Wipe != Kill Switch

      You have it badly wrong. Apple used remote wipe, a separate and different feature to the kill switch for applications. The remote wipe functionality is an Exchange or MobileMe service and used if you phone is lost or stolen.

      The Kill Switch described here refers to the ability to wipe a single application from everyone's phones.

      Oh and by the way, remote wipe is being added to Android phones with the 2.2 Froyo update.

  38. DrXym

    Grow up people

    A kill switch is a legitimate last line of defence for app stores. Do you think Apple doesn't have this facility? Do you think most other online app stores don't either? Fact is that most stores that phone home have some way to kill apps or "update" them into oblivion.

    Even something as humble as a web browser can block Firefox maintain blocklists which let them disable plugins and extensions. It's already been used to disable a Java plugin which had an in the wild exploit. They've don't it before and doubtless they'll do it again.

    If you don't want someone remotely killing malicious apps on your phone, then don't get them from the marketplace. You have a choice on android. Get apps direct from the maker, or even from some dodgy pirate site. But don't come crying if your phone starts calling premium rate numbers in Senegal. You've gone outside the system and you forfeit any protections it may have had to prevent this happening.

  39. Andus McCoatover

    Prediction:

    Shortly, the most popular app. appearing will be a KillSwitchKiller. It'll be viral ...

  40. Anonymous Coward
    Alert

    is it good or google

    Google insists that the tool will only be used for good."

    i think they mean "used for google" - a slip of their tongue

  41. Anonymous Coward
    Anonymous Coward

    This reminds me

    Of the SSL function in Google.

    Unless I'm mistaken SSL has one password and Google have it. They have to give it up if any terrorist activity is detected, and the password is the same for any period of time.

    Why would anyone trust google?

  42. Anonymous Coward
    Thumb Down

    What a bunch

    of tinfoil hatted, whinging paranoid tards.

    When Google have remotely removed something that a) you've actually downloaded and installed on your phone, and b) was in any way useful to you and not useless malware - then you can come back and legitimately complain. Until then please STFU.

  43. Anonymous Coward
    Flame

    Kill the Kill Switch

    That's the app I want. Or maybe the one that asks me for authorization before doing the dirty deed, so I can decide if they should destroy my phone apps-- or not. Oh, and tell the minions of evil that the app was removed, whether it was removed or not....

    Why have open source if you can't make it work the way you want it to anyway?

    1. DryBones
      Coffee/keyboard

      Psst.

      You've obviously skimmed the comments listing here, so I'll help you out with what's been said in multiple posts. Please try to pay attention.

      You can install apps yourself, and supposedly can turn off the background channel that such updates are done through. This is the best approach, IMO. Those that just want it to work and don't mind having their apps looked out for can be blissfully ignorant. Those that are power users can turn off the delivery channel and download and install their own apps. You decide if you're a casual user, or a power user, and act as appropriate.

      No, I haven't tried it, because I have an iPhone and am still in the midst of a contract that I am for the most part content with. Might pick up an Android tablet once one comes out and proves that it isn't pants. If I can tether it to the iPhone and sync both with the Windows PCs, that'd finally be getting somewhere.

      Oh, prediction. If it hasn't already happened, some carmaker is going to come up with the bright idea that they can integrate a tablet docking port into the dash, and have it substitute for the LCD touchscreen. They can make an app for that.

This topic is closed for new posts.

Other stories you might like