×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Remotely Nukes Apps From Android Phones

timothy posted more than 3 years ago | from the probably-not-ones-you'd-want-to-hang-on-to dept.

Google 509

itwbennett writes "Google disclosed in a blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market. From the post: 'Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them. After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.' The blog post comes a day after security vendor SMobile Systems published a report saying that 20% of Android apps provide access to sensitive information." Update: 06/25 16:44 GMT by S : Clarified last sentence, which incorrectly suggested that 20% of Android apps were malicious. According to the report (PDF, which we discussed recently), "a majority of these applications were developed with the best of intentions and the user data will likely not be compromised.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

509 comments

oh noes! (4, Insightful)

Random2 (1412773) | more than 3 years ago | (#32688794)

They removed an app that violated the terms of service.

Seriously, stop with the fear mongering. Although I trust google as far as I can throw their data centers, citing false reports and spreading misinformation is just stupid.

Also, as pointed out in the previous article, those 'exposing' apps can only take what information you expressly give them. Thus it is not news.

Re:oh noes! (5, Insightful)

Anonymous Coward | more than 3 years ago | (#32688824)

No, they deleted it FROM MY TELEPHONE. Not stopped selling it in their store, not rejected it in the review process, not sent me an email telling me that there was something wrong with the app and maybe I might want to delete it. THEY DELETED IT FROM MY TELEPHONE.

Without asking me.

I thought I could run any app I wanted? That is what you people told me.

And 20% malicious apps? As if there weren't enough problems getting iphone 4s as it is....

Re:oh noes! (5, Insightful)

mmurphy000 (556983) | more than 3 years ago | (#32688964)

Without asking me.

They asked you in the Terms of Service you agreed to when you used the Android Market for the first time.

I thought I could run any app I wanted? That is what you people told me.

You do not have to get your apps through the Android Market. Anything you install outside of the Market is your responsibility.

Re:oh noes! (3, Insightful)

rolfwind (528248) | more than 3 years ago | (#32689016)

They asked you in the Terms of Service you agreed to when you used the Android Market for the first time.

AT&T asked for my 1st born and 10 years indentured servitude in their TOS. It was 900 pages so I didn't read it. Oh well, I guess that makes it right and okay then.

Re:oh noes! (0, Flamebait)

John Hasler (414242) | more than 3 years ago | (#32689154)

> AT&T asked for my 1st born and 10 years indentured servitude in their TOS.

How do you know that if you didn't read it?

> It was 900 pages so I didn't read it.

And yet you agreed to it. Fool.

> Oh well, I guess that makes it right and okay then.

Unconscionable terms are unenforceable. You're still a fool for agreeing to unread terms, though.

Re:oh noes! (5, Interesting)

tepples (727027) | more than 3 years ago | (#32689282)

You do not have to get your apps through the Android Market.

AT&T routinely removes [pcworld.com] the checkbox to enable software from "Unknown sources" from its Android phones' firmware.

Re:oh noes! (5, Interesting)

ClaraBow (212734) | more than 3 years ago | (#32688990)

This is something that Apple has never done! I still have the NetShare app on my iphone and it is still working with iOS4. Even though it breaks Apple's term of service, Apple has never done anything to break the App!

Re:oh noes! (2, Funny)

Culture20 (968837) | more than 3 years ago | (#32689092)

Agreed. I still have the original phonesaber app. Apple isn't _this_ evil; this is a blundering destructive evil. Apple is more of a practical, plotting evil.

Re:oh noes! (4, Interesting)

mcvos (645701) | more than 3 years ago | (#32689034)

No, they deleted it FROM MY TELEPHONE. Not stopped selling it in their store, not rejected it in the review process, not sent me an email telling me that there was something wrong with the app and maybe I might want to delete it. THEY DELETED IT FROM MY TELEPHONE.

That's exactly it. I applaud Google for removing a useless and deceptive app from their marketplace, but they should keep their fucking hands off my phone! I don't even want them to have the ability to remove stuff from my phone without my knowledge. Send me an email, send me some kind of alert on Android, make it very easy for me to remove it. All of that would have been fantastic. But removing stuff from my phone without asking me crosses a line that should not be crossed.

Re:oh noes! (3, Insightful)

Deliveranc3 (629997) | more than 3 years ago | (#32689114)

Agreed, now I need to be paranoid about degraded service. Such as my TruPhone app, which mysteriously crashes, or my alternative markets which seem to be having problems.

Further since I'm deploying these phoens I need to worry about Google breaking them in addition to users.

This is really a problem for them having corporate appeal.

Re:oh noes! (0, Offtopic)

CubicleView (910143) | more than 3 years ago | (#32689206)

Slashdot has a special offer at the moment. +5 insightful for worthless AC Trolling!!! Reply to this thread while it lasts, the madness must come to an end soon!!

Re:oh noes! (4, Informative)

msauve (701917) | more than 3 years ago | (#32689222)

Stop being disingenuous, they did it with prior notice, and with your permission.

Android Market TOS [google.com]

2.4 From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion.

Furthermore, having done it, they informed you.

From Google's blog [blogspot.com]:

If an application is removed in this way, users will receive a notification on their phone.

Still doesn't bode well (5, Insightful)

Moraelin (679338) | more than 3 years ago | (#32688836)

I dunno, wasn't the hype that Android is all open and based on Linux, and _totally_ unlike the iron grip that Steve Jobs has on the iPhone?

And weren't most of us ranting about how even DRM and "Trusted Computing" are bad because someone else gets to decide what you can or can't run on your computer? When did _that_ become good if it's Google doing it?

Re:Still doesn't bode well (4, Interesting)

bemymonkey (1244086) | more than 3 years ago | (#32688876)

Android is, for consumers, anything but open. We're still stuck waiting on ROM releases from manufacturers who don't care about supporting their old devices, even though the new devices are internally more or less the same...

It's a pocket-sized computer, so why don't we have pocket-sized operating systems instead of glorified firmware on them?

Re:Still doesn't bode well (2, Insightful)

Enry (630) | more than 3 years ago | (#32688978)

There's plenty of unofficial ROMs you can install that have the additional functionality. In that way, it's more open than most other phones on the market.

Re:Still doesn't bode well (2, Insightful)

AHuxley (892839) | more than 3 years ago | (#32689074)

Anything but open is true, think of Android as Microsoft's reimagining of Linux with a $699 2 year plan.

Re:Still doesn't bode well (1)

Simon Brooke (45012) | more than 3 years ago | (#32689100)

Android is, for consumers, anything but open. We're still stuck waiting on ROM releases from manufacturers who don't care about supporting their old devices, even though the new devices are internally more or less the same...

No, you're not. [cyanogenmod.com]

It's a pocket-sized computer, so why don't we have pocket-sized operating systems instead of glorified firmware on them?

Well, that's because it has the same operating system that runs most of the world's supercomputers [itwire.com] on it. For heaven's sake, what more do you want?

Re:Still doesn't bode well (4, Informative)

Timmmm (636430) | more than 3 years ago | (#32689118)

It's a pocket-sized computer, so why don't we have pocket-sized operating systems instead of glorified firmware on them?

Two reasons:

1. Drivers. Many are still closed source.
2. The baseband image (i.e. the bit that talks to the mobile network). This is *always* closed source, and there's no way manufacturers are going to release the documentation for it...

Apparently Google are going to try to separate the UI from the base system better in future so upgrades will be easier. I'll believe it when I see it though.

Re:Still doesn't bode well (0)

Anonymous Coward | more than 3 years ago | (#32688888)

Yep, thats why i rock a Nokia N900 running Linux

Re:Still doesn't bode well (3, Interesting)

dpolak (711584) | more than 3 years ago | (#32688938)

Open source and having safeguards are 2 different things.

If you want to root your phone and make a virus on it to steal your own data, go for it.

If you post it as an app in the marketplace and misrepresent it, plus the app is malicious then any responsible company needs to be able to protect their customers and their business.

I agree with the fact that they have this ability, and applaud them for using it on this. It puts out a warning shot to others not to do the same thing.

As for personal data and Google, they're the same as Apple and any other company. Expect that what you do with their services will never be private. Apple is now selling their customers data, it seems to be the way of the US corporate bound Internet.

Re:Still doesn't bode well (5, Insightful)

LordAndrewSama (1216602) | more than 3 years ago | (#32689252)

I agree with "needs to be able to protect their customers and their business" and disagree with "did something to my goddamn phone without my express permission".

How about a compromise? A notification that says "WARNING - This App is malicious, we recommend you remove it. [Uninstall App] [Cancel]"

Protecting their users without having the ability to remotely alter my phone without my permission. win-win.

Re:Still doesn't bode well (3, Insightful)

Sockatume (732728) | more than 3 years ago | (#32688940)

If the application had been downloaded and installed outwith the Android Market, which is an option on Androi,d then Google could not have done this, so yes, you have that freedom.

Re:Still doesn't bode well (5, Insightful)

MORB (793798) | more than 3 years ago | (#32689042)

Google has a lot of control on the android market, true. But unlike the iphone it is not the exclusive way to distribute apps.

You can install a .apk (android aplication package) from any source. Web, email, or tossing it on your sd card through usb.
Setting up a third party app store for android as tightly integrated as android market is also perfectly possible.

So essentially yes, you can do whatever you want. It also means that google have to keep playing fair with android market if they want to avoid people defecting to third party app stores.

Re:Still doesn't bode well (1, Interesting)

Anonymous Coward | more than 3 years ago | (#32689050)

There is a fear that Android is "less secure" because it's open, and because there is no central authority that reviews the apps.

By nuking this apps, Google basically said "Hey, Android is safe! Viruses have no chance!" This is an important message, both for virus writers and the public (except masochistic nerds who want the freedom to run viruses).

Re:Still doesn't bode well (1)

AC-x (735297) | more than 3 years ago | (#32689178)

The difference is with Android you can still install apps from outside the market, which google has no power over. With the iPhone the only way to install apps from outside the app store is to hack the phone.

Re:oh noes! (4, Insightful)

Richard_at_work (517087) | more than 3 years ago | (#32688892)

This is exactly the same as the Kindle 1984 issue, and it most certainly is news - Google removed an installed app from an end user phone without their permission, and that is a bad thing regardless of why they did it.

If the app violated the terms of service, then Google should have ceased to supply it (if the author hadn't removed it first), but they should most certainly not have altered an installed application.

Re:oh noes! (5, Insightful)

Oliver Wendell Jones (158103) | more than 3 years ago | (#32689006)

This is exactly the same as the Kindle 1984 issue

Uh, No... it's not. The Kindle users with copies of 1984 *paid* for those copies - the apps that were removed were free apps. And, the apps did not do what they had claimed and had a hidden, although non-malicious purpose.

The only way this would be similar would be if the Kindle copies of 1984 had been free, weren't actually 1984 when you tried to read them, and reported back to the publisher any information that they thought was relevant.

Re:oh noes! (1, Insightful)

laffer1 (701823) | more than 3 years ago | (#32689102)

Google should have created a feature to notify/ask the user about removing the application on their phone. There's a big difference between warning someone and just deleting something.

To me it's irrelevant they were free applications. I don't care if a book or an app are free or I paid $10 for them.. don't delete stuff on my phone or ebook reader.

Re:oh noes! (4, Insightful)

Richard_at_work (517087) | more than 3 years ago | (#32689110)

Whether payment was made or not is actually irrelevant as it doesn't alter the ethical, moral or legal consideration in this - Google altered a device it does not own, and has no legal standing to touch.

Money don#t change ANYTHING (1)

aepervius (535155) | more than 3 years ago | (#32689318)

The fact is that once the apps/book was on YOUR device, it was *deleted* without your approval. Whether $ were shelled or not, this is exactly the kind of things what we around here call draconian control.

Re:oh noes! (1)

Timmmm (636430) | more than 3 years ago | (#32689148)

Rubbish. If there's a banking app that also logs your account details, do you think we should leave that on people's phones. (By the way, this has already sort of happened in Android.)

Granted it *should* at least tell them "This app has been found to be malicious and will be removed."

Re:oh noes! (4, Interesting)

Kijori (897770) | more than 3 years ago | (#32689336)

Surely the big difference is that Amazon deleted a book that people intended to read. I don't see any potential harm in Google deleting applications that did nothing except trick users into downloading them and then send user data back to the application author.

If this is what Google intends to use the remote-delete function for then I see it as more akin to antivirus, and most people have no problem with their antivirus program deleting viruses. Those that do can choose not to use antivirus - in this case, not to use the Android Market.

Re:oh noes! (1)

Andy Smith (55346) | more than 3 years ago | (#32688914)

As one of the readers of this web site, I am very interested in this story. Thus, it _is_ news.

You no like? No read.

Re:oh noes! (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#32688950)

Sounds good,

When are all the anti iPhone fanbois going to stop with their fearmongering?

Nice to see you guys dont like what you dish out.

Re:oh noes! (1)

know1 (854868) | more than 3 years ago | (#32689022)

Also, as pointed out in the previous article, those 'exposing' apps can only take what information you expressly give them.

[citation needed] Once the code is run, you can't be totally sure what it will do, unless you compiled it from source.

What the hell dude, enough with the sensationalism (5, Informative)

somersault (912633) | more than 3 years ago | (#32688796)

security vendor SMobile Systems published a report saying that 20% of Android apps are malicious.

No, the report said that 20% of apps require access to sensitive data (ie your address book) or functionality to perform their job. You'd think people would have noticed by now if 1 in 5 Android apps were "malicious".

Re:What the hell dude, enough with the sensational (0, Offtopic)

Jimmy King (828214) | more than 3 years ago | (#32688868)

Wish I could mod this up even more. I came in here to bitch about the same thing. Fucking ridiculous shit.

Re:What the hell dude, enough with the sensational (5, Informative)

msauve (701917) | more than 3 years ago | (#32688874)

Yes, and you'd think that "itwbennett," the submitter would know that, since he is affiliated with itworld (check his home page), the publisher of the linked articles.

Odd, that although he references a slashdot article from a few days ago, instead of linking to that article, or the article that links to (on CNET), or to the source of the report, or even to the report itself, he links to a rehash on itworld.

Tagged as a slashvertisement for self-promotion.

And Android prompts you for all these permissions (5, Interesting)

brunes69 (86786) | more than 3 years ago | (#32688902)

When you install apps from the market or elsewhere, Android prompts you in advance letting you know of all of the permissions this app requires.

There is with this at all. It is no different from random app X requiring my root password and prompting for it. If I trust the app and give it up, this is not a security issue.

This is how you allow apps to have access to these low level permissions, without disallowing them totally, liek Apple in it's walled garden.

It is why there are so many more in-depth Android apps than there are iPhone ones. You can replace the dialer, replace the address book, etc.

This company is fear-mongering about nothing to such a degreee that I wonder if they are on Apple's payroll.

Re:What the hell dude, enough with the sensational (1)

Monchanger (637670) | more than 3 years ago | (#32688992)

This. And as I posted yesterday, that "security report" was self-promotion of their "security software".

Re:What the hell dude, enough with the sensational (1)

Fnkmaster (89084) | more than 3 years ago | (#32689024)

Moreover, it was 20% of Android apps require some sort of permission that gives them access to some subset of your personal data or phone functions in order to operate. Only something like 2% required permissions to access phone/contact features, most likely because they are dialer/launcher replacement/address book apps.

In comparison, on your desktop Windows machine, 100% of apps have access to your filesystem that contains lots of personal data. And all your apps pop up Windows requesting permission to modify your computer (i.e. root access) all the time. And nobody gets hysterical, they just click OK constantly.

What a stupid meme this is. Android's permission model isn't perfect and could use some clarification and simplification, but it's much better than the other mainstream desktop OSes or phone OSes.

Re:What the hell dude, enough with the sensational (1)

MikeK7 (1826472) | more than 3 years ago | (#32689076)

security vendor SMobile Systems published a report saying that 20% of Android apps are malicious.

This is even more misleading than the average Slashdot post.

Re:What the hell dude, enough with the sensational (1)

somersault (912633) | more than 3 years ago | (#32689330)

security vendor SMobile Systems published a report saying that 20% of Android apps are malicious.

This is even more misleading than the average Slashdot post.

And that's really saying something, considering that 80% of Slashdot posts are malicious!

Re:What the hell dude, enough with the sensational (1)

ShakaUVM (157947) | more than 3 years ago | (#32689200)

Yeah, "20% are malicious" is pure and utter FUD.

"20% of apps might use personal data" just doesn't have the same ring to it, I guess.

But what if I liked the application (4, Insightful)

ZeroExistenZ (721849) | more than 3 years ago | (#32688808)

This raises again the question wherever we need to call murder and fire about privacy and "it's my phone don't touch it" kindof thing.

OTOH, the marketplace is a "trusted content provider" in control and under the responsability of google. In that regard, I think they have the right and obligation to "keep the market clean", for me it would become unacceptable if they start to remove applications who are "breaching vague copyright claims", and take a weak stance or remove applications on nonsene like that.

If the application would've advertized or mentioned it was "for research purposes", I don't think google should've removed it.

But it's my phone, and if I want to run malicious software on it, I feel I should be able to do so. But I cannot expect the "marketplace" to hold malicious software because I want that possibility.

Re:But what if I liked the application (1)

somersault (912633) | more than 3 years ago | (#32688834)

it's my phone, and if I want to run malicious software on it, I feel I should be able to do so.

Fair enough.

If I want to kill those who enable the creation of botnets, I feel I should be able to do so.

Where do you live? :)

Re:But what if I liked the application (2, Insightful)

ZeroExistenZ (721849) | more than 3 years ago | (#32688904)

Fair enough.
If I want to kill those who enable the creation of botnets, I feel I should be able to do so.

I'm a developer, I love to experiment and thinking "outside of the API" and such. It's why I've been extatic with access to opensource smartphones (before Neo1973, think 5 years ago, I was hoping for an affordable wifi-enabled cellphone with decent API to implement VOIP dailing and implement my messaging and email off the GSM grid to cut costs and for coolfactor. Android has brought this to the world.).

So it's a bit the interpretation of google what is malicious or not (I'm not a hacker, I just poke around) and shouldn't control what I want to do with my device. But it's perfectly acceptable for them, according to my concepts, to enforce their interpretation of "malicious" onto people using the marketplace, as they trust google to make a good judgement and for this software to be clean.

I live in Belgium, lets have some fun ;)

Re:But what if I liked the application (5, Insightful)

Yvanhoe (564877) | more than 3 years ago | (#32689058)

Can someone please explain to me, who never owned an Android phone, how the hell this kind of thing is possible ? I can understand that App Store is like a debian repository where packages need to be approved to be available and that malicious packages that get erroneously accepted can be removed.

What I don't understand is how it can remotely removed. By default Android has a backdoor for Google ? Is that true of any version of Android ? Can we remove it from the code (since, unless I am mistaken, Android is OSS) ?

I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do. I agree that in the present case, this was for a greater good, but this is not the point. If I buy an Android phone, do I own the damn phone and do I control it or not ?

Re:But what if I liked the application (5, Funny)

Anonymous Coward | more than 3 years ago | (#32689138)

Enough with the constructive content, focus on rants and inane bitching, or go somewhere else.

Re:But what if I liked the application (2, Insightful)

Culture20 (968837) | more than 3 years ago | (#32689186)

I'm fine with repositories and security updates, but nuking an applications without asking first is what Steve Jobs does and that Google is not supposed to do.

I hate iPhone OS policies as much as the next geek (why don't I get an upgrade for security on my original iPhone, even to iOS 3.1.4?), but even Jobs doesn't delete apps from your phone. Any apps once through the store, are yours, lock, stock, and barrel. They may prompt you to upgrade, they may stop selling an app, but they don't delete them.

What google should be doing is sending these users an email and free SMS letting them know that they "should delete app $FOO because it's potentially dangerous. For reference, please see https://google.com/android/press-release/93857293875928.html [google.com]" Maybe some people wanted these apps... like the friends of the security researchers in question.

Re:But what if I liked the application (0)

Anonymous Coward | more than 3 years ago | (#32689254)

What I don't understand is how it can remotely removed. By default Android has a backdoor for Google ?

Yes.

Should have got a blackberry instead...

Re:But what if I liked the application (0, Flamebait)

noidentity (188756) | more than 3 years ago | (#32689116)

But it's my phone, and if I want to run malicious software on it, I feel I should be able to do so. But I cannot expect the "marketplace" to hold malicious software because I want that possibility.

I'd call remote deletion a malicious feature.

Draconian? (5, Insightful)

ilovegeorgebush (923173) | more than 3 years ago | (#32688814)

Why do they have to have or at least exercise this feature of the ToS?

Why couldn't they just get a list of those who have it installed (surely they know that?) and then email them? Beats this draconian/big brother approach in my opinion...

Re:Draconian? (1, Interesting)

TaoPhoenix (980487) | more than 3 years ago | (#32688852)

Yeah, I chose to reply - someone else can Mod Parent Up.

This sounds like an Apple move - "the App wasn't malicious but we didn't like it so we nuked it for you."

Total Slippery Slope - what else can they nuke when the Mafiaa decide "you have a copy of Oh Mickey In Spanish that violates copyright law so we'll nuke it for you."

Re:Draconian? (5, Insightful)

Anonymous Coward | more than 3 years ago | (#32688890)

Apple has never removed an App from anyone's phone. They have removed it from the APP Store.... that is a big difference.

Re:Draconian? (1)

Threni (635302) | more than 3 years ago | (#32688982)

> Total Slippery Slope - what else can they nuke when the Mafiaa decide "you have a copy of Oh Mickey In Spanish that violates copyright law so we'll nuke it for you."

So you don't run a virus checker on your windows boxes then? "Hey, I rather liked PWD_STEAL_32! You should have just emailed me to warn me about it! What kind of big brother move is it anyway".

So..we're already on a "slippery slope". Come back and talk about it when we've slipped down to an app getting pulled because BP/the government etc tell them too. And not before.

Re:Draconian? (1)

tophermeyer (1573841) | more than 3 years ago | (#32688994)

Total Slippery Slope - what else can they nuke when the Mafiaa decide "you have a copy of Oh Mickey In Spanish that violates copyright law so we'll nuke it for you."

This article has nothing to do with copyright. Not every article on this site needs to inevitably lead to discussion of copyright.

This sounds like an Apple move

That is a good point. It is a step towards the "walled garden" Apple experience, or shows at least a little but of interest, on Google's part, in maintaining the quality of their platform. This app served no useful purpose, and might have set a dangerous precedent for other apps to surreptitiously collect and report user data. The GP's suggestion of emailing affected users, while respectful of the user's free will, would do little to prevent future data miners from attempting to distribute similar apps. In fact, it would send the message that if they distribute enough such applications they will end up with a small percentage of mindless users that fail to remove the app from their phone.

This remote nuking (as is oft joked) is the only way to be sure.

Re: inevitably lead (1)

TaoPhoenix (980487) | more than 3 years ago | (#32689166)

That's why slopes are slippery. Go up a containing level.

There is little all about ________ remotely nuking _________ because ______ says it violates ______. There's some scary scope in those MadLib blanks. It also is a clear threat - they're demonstrating an extremely dangerous policy capability.

Re:Draconian? (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#32688998)

This sounds like an Apple move - "the App wasn't malicious but we didn't like it so we nuked it for you."

You mean other than the fact that Apple has never done this?

Re:Draconian? (1)

delinear (991444) | more than 3 years ago | (#32689070)

Definitely badly handled - how about the next time I restart the app, they just give me a splash screen explaining it's been flagged as... well, I don't know how to describe it since they even claim the app's not malicious, but I guess something along the lines of raising privacy concerns with a link through to a page explaining the issues and an option to allow or uninstall. That doesn't seem a problem - in fact make it a choice of the user when they first use the phone to decide if they want such flagged content automatically uninstalled or whether they preferred to be warned (by a system message immediately or by an email). There might be all kinds of legitimate reasons for wanting to keep a flagged app on the phone (security researcher, setting up a honey trap to trace people spreading malicious apps, etc), and I don't think it's any company's prerogative to remotely overrule that, whether the intention is purely benevolent or for financial/liability purposes.

Re:Draconian? (2, Insightful)

mmurphy000 (556983) | more than 3 years ago | (#32688896)

Mostly because they do not have email addresses of everyone. They have Google accounts, but not everybody who has a Google account for the purposes of Android uses GMail.

Re:Draconian? (1)

mcgrew (92797) | more than 3 years ago | (#32688974)

Why couldn't they just get a list of those who have it installed (surely they know that?) and then email them? Beats this draconian/big brother approach in my opinion...

"We're teh GOOGLE. Our motto is 'don't be evil', so by default nothing we do is evil! Evar! Not even removing YOUR app from YOUR phone without your permission. Don't believe us? Just ask our fanbois!"

Re:Draconian? (1)

maxume (22995) | more than 3 years ago | (#32689072)

Much of the point of the marketplace is that it is a walled-garden.

The part where Android is different than iPhone is the part where many of the phones come with the key to the gate, there is no need to pick the lock.

Daily dose of Obama's bullshit (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#32688820)

From the BBC News today:

"Many European governments have implemented severe austerity measures in recent weeks in order to cut debt levels.

In a letter to G20 leaders last week, US President Barack Obama warned against cutting national debts too quickly as it would put economic recovery at risk. "

Or, Europeans cutting national debts so quickly catches the attention of Americans who are already very concerned about Obama's spending orgy, which threatens our dear thin-skinned president's ideologically-driven agenda...

Google Fanbois will turn this around (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#32688858)

I guess I'll get modded down for this, but here goes...

20% of Android apps are malicious.

It doesn't matter what you tell them, but Google Fanbois will make up some excuse about how this is all part of His Brinny and Pagey-ness's big plan.

Re:Google Fanbois will turn this around (2, Informative)

Anonymous Coward | more than 3 years ago | (#32688924)

20% of Android apps are not malicious. 20% of Android apps have the potential to be malicious.

If you do not want an application to have the possibility of stealing your private data, then do not install that application! When you install an app on an Android phone, you are presented with a list over which data this application wants to access. If you don't like that the FTP app you are about to install have access to your SMS/MMS messages, then click on cancel and find another FTP client.

Re:Google Fanbois will turn this around (2)

delinear (991444) | more than 3 years ago | (#32688970)

Or they might, you know, point to the fact that it's not true. Hell, you don't even need to RTFA on this one, just RTFT(itle): "20 percent of Android apps can threaten privacy, says vendor". This is about the fact that apps give access to areas of the phone like web browsing, contacts, call notification (to be able to suspend, etc) and that there are privacy concerns. In no way does that even come close to malicious, in fact it's standard behaviour, this isn't a Google issue, all the other operating systems with user-installable apps do exactly the same thing, I think possibly the only difference is Google apps actually tell you in advance exactly which areas of the phone it needs access to, so at least you can make an informed judgement (i.e. why does this screensaver need access to my phone's dialler).

Just chalk this up to ITWorld being click-whoring sensationalist garbage and move on.

Re:Google Fanbois will turn this around (1)

owlstead (636356) | more than 3 years ago | (#32689054)

Hell yes, you will be modded down into oblivion for this. Not because you attack "Google Fanbois" but because you clearly haven't read the article (20% is not malicious). To make matters worse your argument is a pre-emptive ad hominem attack. Stating that you will get modded down for this certainly won't prevent it from happening.

Replying to A/C trolls, I know, I know...

The end is near!!! (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#32688862)

OMG apps being remotely disabled! What about my privacy? What about my rights of choice? What about... ... oh wait, it is Google, not Apple.

Nevermind. Let's get back to the show.

Big Apple vs Google distinction: (0, Troll)

pancakegeels (673199) | more than 3 years ago | (#32688884)

Google are not nuking Apps because the go against their ideology/ego/compulsiveness guidelines, but because they pose a risk.

Re:Big Apple vs Google distinction: (5, Insightful)

Americano (920576) | more than 3 years ago | (#32688952)

So "when it's in service of a good cause," violating user privacy and the ability to own your phone is okay? Or is any measure acceptable if it's claimed to be to eliminate a risk? Or is it Google good, Apple bad, still? I'm very confused.

Re:Big Apple vs Google distinction: (1)

tophermeyer (1573841) | more than 3 years ago | (#32689284)

It is in the ToS. Most of us probably didn't read it in detail (I know I didn't) but we agreed to it when we purchased the phone and downloaded the app from the Marketplace. If a user got their hands on an install file and installed this thing manually I don't think anyone at Google would bat an eye. This is just Google exercising stewardship over their distribution mechanism. They tend to be very hands off in this respect, but we can't expect them to allow total anarchy. No-one can really expect total control over all aspects of a device that operates on someone else's network, or even privacy on a mobile phone in general.

I think you are right. It is easy to paint Google and Apple as opposite ends of a Privacy/User Control spectrum, but in reality I think they are very close.

If it really was malicious, good. (1)

know1 (854868) | more than 3 years ago | (#32688886)

If it wasn't, bad. Simple enough. Apart from who decides that... I would hope in the future to see an option to disable this "feature" on android phones, but I doubt it will happen.

First time this has happened (5, Interesting)

magamiako1 (1026318) | more than 3 years ago | (#32688898)

Just an FYI, even though Apple has some of the most draconian app policies ever--they have never remotely nuked an application from someone's phone. They have taken apps off of the market, but they have never actually removed it from your device. I ran GVMobile for a long time until it stopped properly authenticating, for example.

Re:First time this has happened (0)

AHuxley (892839) | more than 3 years ago | (#32689090)

Yes cult like, you have to invite Apple in, most multinationals like a bait and switch or a first hit is free/open source.

User controllable permissions for all Apps (1)

Hohlraum (135212) | more than 3 years ago | (#32688900)

Google just needs to allow the user to revoke specific permissions to an application all together.

Big diffs with ANdroid vs. Apple (2, Informative)

brunes69 (86786) | more than 3 years ago | (#32688926)

You do not have to use the Market to install apps.

If Google removes an app you like from the market, or even does a remote-uninstall, you can just re-install it yourself, and it is then un-nukeable.

The market can only remote-uninstall apps installed via it.

And the issue is, erm, what exactly? (3, Informative)

IceFreak2000 (564869) | more than 3 years ago | (#32688932)

Just to clarify; Google nuked two applications that had been distributed via Android Market, which they explicitly reserve the right to do via their Terms Of Service [google.com] (see section 2.4).

However, if you don't like these terms there is nothing that stops you from downloading applications from alternative sources and installing them on your Android device - there are a number of alternate Android application stores like SlideMe [slashdot.org] and AndAppStore [slashdot.org] for example, not to mention downloading .apk files directly to your phone and installing that way bypassing Android Market altogether.

Besides, what are they supposed to do if there are malicious applications on Android Market? Pull them and leave affected users with crap on their devices?

Oh well, I'm perfectly happy with my HTC Magic running Cyanogenmod 5.0.8 downloaded and installed via Clockworkmod ROM Manager, which itself was downloaded from Android Market.

I would like to stop Google... (1)

bogaboga (793279) | more than 3 years ago | (#32688946)

...in its tracks as it tries to delete the targeted applications. Here's how I would like to accomplish my feat, Android being Open Source Software: -

As Google tries to remove the application from my phone, the phone would be configured to ring n a particular way, send me an email telling me what is going on, then block Google's action.

Sad thing is that I an no coder/hacker so I have no idea where to start!

Do not want (5, Insightful)

Andy Smith (55346) | more than 3 years ago | (#32688954)

I don't want this. Not on Android. I specifically bought an Android phone to get away from the Apple control freakery. That was the only reason I wanted Android -- no big brother overseeing. Now I find that Google can throw a remote kill switch?

Do NOT want.

Yes I can see the argument that the app killing on this occasion was a Good Thing. But no, really it's a Bad Thing, because it represents the top of a slippery slope.

Hands off my phone please people who are not me!

Re:Do not want (0)

Anonymous Coward | more than 3 years ago | (#32689064)

Now I find that Google can throw a remote kill switch?!

You actually would have found out sooner if you had read the TOS.

Re:Do not want (1)

MikeK7 (1826472) | more than 3 years ago | (#32689162)

What I don't want is malicious apps on my phone.

They determined that the sole purpose of the app was something other than what it said. I'm glad that Google had the balls to remove it automatically.

For those that want this app still, there is nothing to stop you installing it manually, where it will be beyond the power of Google to remove.

Look at it this way. Let's say that someone published a report saying that Google KNEW that 50000 people had malware on their phone, and chose not to remove it despite having the power to do so. This would make a lot of users very unhappy. Google's Market represents a middle ground between no control (which is still available through manual installs) and unfair over-the-top restrictions (such as on the iPhone).

It is in Google's best interest to use this power responsibly. For that reason, it is not unreasonable to trust them with it - for now.

Re:Do not want (1)

sirrunsalot (1575073) | more than 3 years ago | (#32689256)

Now I find that Google can throw a remote kill switch?

From Android Market Terms of Service [google.com]:

2.4 From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion.

What else is there to say, really? Your erroneous perceptions of a company do not constitute a legally binding agreement.

Re:Do not want (1)

Deliveranc3 (629997) | more than 3 years ago | (#32689340)

I agree, especially since this is a demonstration of the ability to do one of the worst possible things on your phone. Seems like this is the new sexyness for intrusion into people's phones, hackers are druling over exploiting/redirecting this.

It's nice that Android devices are really SMART PHONES, but that doesn't mean we need to move away from the "if I don't change anything, nothing changes" mentality that made Palm pilots so great.

I do support Google taking total charge of their marketplace, and even warning about applications installed through user decisions or alternative markets... not everyone needs to go outside the walled garden. We just need to know when we do it.

The best thing about Android phones is that you can reinstall your OS, this is a pretty amazing security step.

P.S. I'm selling phones with VOIP configured, since everyone could be saving money and everyone seems to lazy to set it up themselves.

I'm ok with this (2, Insightful)

Genocaust (1031046) | more than 3 years ago | (#32688958)

For those of you complaining about this, please note that it was "per the ToS". Don't like it? Don't use the (Android) software, then. It's a free market -- vote with your money elsewhere. Until this remote nuke feature is used on something I've PAID for, and I'm left without my app or my money, I'm not too bothered by it as, again, I AGREED TO THE TOS.

Re:I'm ok with this (5, Insightful)

Lunix Nutcase (1092239) | more than 3 years ago | (#32689032)

I think that point is that if Apple did this it wouldn't just be shrugged off. The Android fanbois would be coming out of the wordwork to howl about how Apple is messing with people's phones.

Re:I'm ok with this (1)

laffer1 (701823) | more than 3 years ago | (#32689226)

I think the point is that we don't control the software on our phones, tablets, or ebook readers. It's not just a licensing problem anymore, we actually have little say in what gets installed/uninstalled on our mobile computing devices.

Let's turn this a bit. Imagine you installed Firefox in Windows and Microsoft removed it per their terms of service. (they are trying to rent software these days or put it.. in the cloud). They decided Firefox was out of date and insecure. Poof. If Microsoft (or apple) removed software that was free but something you thought had value, wouldn't it piss you off? Cost is irrelevant. It's not the cost of the software, but the value of the software to the user. Otherwise, something like Linux would be useless. What if Microsoft removed a Linux install? One can say the software is malware, but the next one might not be.

If you don't like my software analogy, consider buying a new PC from Dell. Imagine Dell removing Open Office because they only allow you to run Microsoft office per the purchase agreement for the hardware. Does that make sense?

We're asked to think of smart phones and these new tables as computing devices. As such, I expect the same freedoms for installing software on these devices that I have on my PC or Mac.

Re:I'm ok with this (1)

Mark19960 (539856) | more than 3 years ago | (#32689308)

I don't care either.
The apps did nothing.. NOTHING!
So they yanked a few bad apps off phones... So what?

To make it more interesting... they even disclosed it!
I know Apple has not pulled apps from the phones, but if they were malicious I bet they would.. and the same crybabies would be out here
balling about it.

Thanks Google, I appreciate you looking out for me.

What were the apps? (1)

Matt_Bennett (79107) | more than 3 years ago | (#32688966)

So, which apps? I've RTFA and it doesn't mention which apps were removed. I also wonder if this is done silently, or if there is some mention in the installer/Android Market that tells you what has happened. Yep, they can do this, and I still trust Google. Yes, they are a big company and have the potential to do nefarious things, but I don't really see it happening.

What is it with digital? (2, Insightful)

AHuxley (892839) | more than 3 years ago | (#32689026)

Sony removes Linux, Amazon removes books, MS removes music/Sidekick data issue, Apple watches over software, isp's shape traffic, telcos get a national security letter on domestic phone tapping ect . A search/ad company sucks up data around the world.
Then they expect the end users to take them seriously.
Time to think long and hard about any new 'rental' telco device.
Physical media and a fast desktop computer seem rather wise now.
Maybe try a http://en.wikipedia.org/wiki/MeeGo [wikipedia.org] supporting device to keep your property backed up and safe from remote interference/incompetence/mistakes.

Unpossible. (0)

Anonymous Coward | more than 3 years ago | (#32689038)

If Google exercised this kind of control over devices, that would be downright Jobsian and thus Evil, which Google cannot be. I mean, it's right there in the company motto.

Judging by the comments on these types of stories, it's only evil when Apple or Amazon or some other firm that isn't Google does something like this. Nothing to see here, move along.

What they should have done (5, Insightful)

Lord Bitman (95493) | more than 3 years ago | (#32689144)

When the app is clicked on, it should open a page that says: "Note: Google has determined this app to be malicious / in violation of terms of use. Tap here for a complete explanation. The app has been removed from the store, and running it is not safe. Tap here to safely and permanently remove this app"

Re:What they should have done (1)

John Hasler (414242) | more than 3 years ago | (#32689286)

In order to do that Google would have to install something on your phone "without your permission" (which they reportedly actually had via the TOS).

You can either not use the "app store" (there are reportedly other sources) or hack your phone to disable the removal.

Report does NOT say 20% are malicious (1)

harlows_monkeys (106428) | more than 3 years ago | (#32689242)

The blog post comes a day after security vendor SMobile Systems published a report saying that 20% of Android apps are malicious

Bullshit. The report says that 20% of the apps are capable of collecting information that could be misused but that most collecting it are doing it for well-intentioned reasons.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...