I think most people are aware that Google, Apple, and pretty much any other company with a mobile apps store reserves the right to pull an application from their market at anytime they see fit. And the presence of application kill switches – the ability to disable an app on your device remotely – is a necessary security measure in a world where consumers frequently share sensitive information with a program they trust on their mobile devices: For example, banking login information and credit card numbers. But what you may not know is that Google can completely uninstall an app on your device. Whether or not you would be prompted in such a situation is unclear.
In a post on the Android Devloper’s Blog, Rich Cannings recently described a situation where such action was necessary. What was not revealed were the name of the apps of which he spoke. I would be very interested in more details on this front. What do you think about this procedure? Do you think a user should be prompted before removal? After? Under what circumstances is remote removal of apps acceptable? Speak up in the comments.
The complete blog entry:
Exercising Our Remote Application Removal Feature
Posted by Tim Bray on 23 June 2010 at 10:35 PM
[This post is by Rich Cannings, Android Security Lead. — Tim Bray]
Every now and then, we remove applications from Android Market due to violations of our Android Market Developer Distribution Agreement or Content Policy. In cases where users may have installed a malicious application that poses a threat, we’ve also developed technologies and processes to remotely remove an installed application from devices. If an application is removed in this way, users will receive a notification on their phone.
Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.
The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.
This remote removal functionality — along with Android’s unique Application Sandbox and Permissions model, Over-The-Air update system, centralized Market, developer registrations, user-submitted ratings, and application flagging — provides a powerful security advantage to help protect Android users in our open environment.