Google has Your Back, Can Remotely Remove Android Apps

[Shadez]

Google has Your Back, Can Remotely Remove Android Apps


On 06.24.10, In News, by Kellex

​

Just so you know, Google has the power to remotely access your phone whenever they need to. Don’t freak out. It’s a good thing. They were recently made aware of a couple of applications released onto the market that were being using for security testing purposes and to protect all of the users who had downloaded these apps, Google stepped up and manually removed them…

Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET.


As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
After the researcher voluntarily removed these applications from Android Market, we decided to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.


The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.
​

Like they said, it’s nice to know they have the capability should they ever need to use it. Thoughts?


Source: Android Developers Blog
droid-life.com

 

[Shadez]

Surprised Steve Jobs doesnt have an app for this on his phone...

 

[DF Smod]

Definately a plus in my book, with Android being an open Market and young kids having smart phones we as parents can never be to cautious


Sent from my Droid thru Time and Space

 

[Shadez]

As long as its not used for content, but only malicious apps or apps that mis-represent themselves, it would be ok.. but also eerily reminding me of how apple controls its app..

 

[Backnblack]

Can any developer confirm this?

Not that I'm worried about it, but there has to be some indication of it buried somewhere in the source code.

 

[BasilofBakerStreet]

It's like Skynet... only good... for now...dancedroid

 

[Shadez]

We’ve known that Google had the ability to remotely remove apps obtained from the Market since before the G1 first hit users hands, but until this week it had gone completely unused.

What apps were so dangerous that they caused Google to forcibly yank them from users’ devices?
The early reports indicated that they were simply apps that did nothing and while that is technically true it isn’t really the whole story.


The apps in question were released into the Market by Jon Oberheide from a security startup, Scio Security. One of the apps appeared in the Market as a picture viewer with images from the soon to be released Twilight Eclipse, but the real purpose of the app was to expose what Oberheide deems to be a security flaw and that is the ability to have an app retrieve new executable code without the users permission once it is installed. Now in this instance Oberheide had no intention of doing anything malicious, but obviously this concept could potentially be exploited by less scrupulous folks.

Oberheide was contacted by Google after he spoke about his app at SummerCon last week and was asked to remove the app from the Market, which he did. While Google indicated that most users had already removed the app — apparently it didn’t deliver what the Twilighters were looking for — they went ahead and decided to make this a teaching moment of their own by hitting the kill switch, also known as “REMOVE_ASSET,” and thus pulled the app from anyone that hadn’t gotten around to deleting it themselves. The notifications in the post image are what a user sees when this happens on their device.


Google reported on their use of the feature and why it is a necessary tool in their developer’s blog.

The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.

This remote removal functionality — along with Android’s unique Application Sandbox and Permissions model, Over-The-Air update system, centralized Market, developer registrations, user-submitted ratings, and application flagging — provides a powerful security advantage to help protect Android users in our open environment.Rich CanningsAndroid Security Lead
​

Interestingly Oberheide in looking further into the event found that Google has a companion intent to “REMOVE_ASSET” named logically enough “INTALL_ASSET.” While the reason for the former is readily apparent it is a little less clear why Google would require the latter (perhaps some of our more developer minded readers might have some ideas). If you are interested in additional detail you can hit up the source link below for Oberheide’s own blog post on the the whole incident.


Personally I’m fine with Google having this capability in the name of security and they have probably earned our trust by implementing it only once in nearly two years, but I’m curious to see if most Android owners agree with me.



Does it bother you that Google can either wipe an app from or add an app to your phone as they see fit or do you find it comforting that that they can close the flood gates on a potential security threat if necessary?


Google can giveth apps and Google can taketh apps away – Android and Me

 

[Hiroller173]

Now that Verizon wants to charge for tethering, does this mean they will be able to - or have Google - remove any apps that we might have that does it for free?

Will they also have the ability to do this with rooted phones?

 

[DF Smod]

Now that Verizon wants to charge for tethering, does this mean they will be able to - or have Google - remove any apps that we might have that does it for free?

Good point, but I think they would only have access to apps that are stored in data/app that constantly sync with the Market, and not system/app and if it's stored on your SD they definately cannot get it from you, but they might be able to stop the app from communicating with the Servers, making it useless. I don't see it happening outside of an extreme circumstance, it would be silly if Google didn't have the option to control the Market, it is what they do with that control that makes the difference

 

[dmacleo]

wonder if restoring a backup then using titanium to unlink from market would "keep" the app.

 

[dwagner88]

Kinda funny. If this post was about apple, it would have been titled "Apple dictators infringe on your privacy!" But since it's about Android, google "has our backs." I'm not saying that what they did was wrong, just making a point.

 

[DF Smod]

Kinda funny. If this post was about apple, it would have been titled "Apple dictators infringe on your privacy!" But since it's about Android, google "has our backs." I'm not saying that what they did was wrong, just making a point.

That's just because Apple has a reputation for dictating and infringing, and Google has done nothing of the sort yet, as a matter of fact Google has taken the exact opposite road as Apple as far as Android is concerned and untill they show us different we have no reason to bad mouth the situation, only to state our opinions and concerns

 

[HarshReality]

WOOHOO! OnStar for Android!

Seriously.. alot like OnStar I dont think they should have the ability to do that but rather send a system message or the like with a que for uninstall upon reading.