Google uses kill switch to remove Android apps
by Steve Ragan - Jun 25 2010, 10:00On Wednesday, Android security lead Rich Cannings said in a blog post that Google had remotely uninstalled an application from all Android devices that were running it. The kill switch option, used sparingly by Google, was a clean-up effort, and not one that targeted a malicious application.
“Recently, we became aware of two free applications built by a security researcher for research purposes,” Cannings noted [link]. “These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET.”
For those unfamiliar, the 'permission.INTERNET' function means that the application can access the Internet from the mobile device. As is the case with many functions, the user needs to allow this access before it can connect to the outside.
Once the unnamed researcher removed the applications from the Android Marketplace, Google used the kill switch to clean up any remaining installations.
Customers impacted by Google’s decision were given a notice on their devices explaining that Google had removed the applications. For the most part, according to Cannings, most users uninstalled the programs once downloaded, as they were practically useless.
“The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications,” Cannings added. “In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.”
On Tuesday, a day before Google remotely killed the benign applications, SMobile, a security vendor in the mobile communications space, issued a report that looked at more than 48,000 applications available in the Android Marketplace.
SMobile’s report showed that 20 percent of the applications granted access to private and sensitive information on the device where it is installed, while some five percent had the ability to place calls without user intervention.
While that may look bad, it still leaves more than 70 percent of applications earning a passing grade. However, in a press release on the report, SMobile didn’t mention a seriously important observation related to grantable permissions.
When an application from the Android Marketplace wants access to anything, a user needs to permit that access. In some cases, this permission granting can come from simply installing the application. However, in the majority of cases, users see a visible and clearly marked permissions warning.
Also, the press statements and release material failed to mention the community policing that many Android applications have, where if something isn’t worth downloading, the comments on the application will tell a compelling story - not to mention the reporting of suspect applications.
In the end, the best advice is to pick applications wisely, read comments or other reviews, and weigh them against your own need for the application and its functionality. This also means you should review the applications you use as well.
Google has measures to protect against malicious applications, but they aren’t foolproof. Being observant will add to those protections.
Comment on this Story