Google can kill or install apps on citizen Androids Google has the power to not only remove applications from users' Android phones, but remotely install them as well. Last week, Google told the world it had exercised its Android "Remote Application Removal Feature," reaching out over the airwaves and lifting two applications from citizen handsets, and as pointed out by the man …
Is this really too much to ask?
That's what this is about. Not which Apps you can and can't access, but the apps they install for you. I am an open source user; but Nokia in their wisdom went and installed a small office application that can't read ODF and also can't be removed. Also, a game that I can't remove. Nice of them to waste my precious system memory for me, especially as the X6 doesn't have removable memory.
I was looking at Android tablets and also my next handset was going to be Android as well. I've just started reading on programming Android. Not any more I'm not.
Surely the fact that they can remotely install apps without authorisation has to be a lot more disturbing then their abililty to remove them wihtouth authorisation. Don't forget that this is a company which is proving itself to be highly untrustworthy. A fact that, thankfully, more people are, albeit slowly, waking up to.
A big software vendor introduces something that end users have no control over, it phones home automagically, it can add software or remove software at its own pleasure, and is vulnerable to impersonation or man in the middle attacks.
That's Windows Update, isn't it?
Not saying that what Google are doing isn't evil, but where's the equivalent fuss for the MS equivalent technique?
Just askin', like.
When I buy a computer from an OEM I'm ASKED what I want Windows Updates to do. I can disable it completely with one click - it's one of the first things you are asked when you "setup" Windows as a new user.
So I'm told about, can chose to enabled or disable it or I can be selective and say tell me, but I'll manually review the updates and install the ones I want at my leisure.
That is NOT what Google are doing. This has been 'discovered' by a researcher that they can install stuff remotely, you can't disable it as far as I know and it's completely out of your control.
Windows Update doesn't default to automatically updating your box, you have to explicitly agree to it (though yes it does twist your arm a bit about it), so at least you're aware of what will happen.
If there's an issue with WU it's how they're forever pushing guff at you like Silverlight et al...
IMO the Apple Updater is worse... I have Safari on my machine for browser compat testing because apparently some folks use it on Windows and it doesn't always behave the same as it does on the Mac.... but once every couple of weeks I get an agressive little pop-up trying to get me to install iTunes, Quicktime etc as well ... and if I want to keep the Safari auto-updater I don't seem to have a way to kill these "helpful reminders"
At least with Windows/Microsoft Update there's a very simple option to leave it enabled but select and hide apps I don't want updated
When thinking about issues like this it is always best to remember that Google's "do no evil" mantra only holds for certain values of "evil". Those values being the ones that Google have defined. If your definition of evil differs from that of Google then you probably shouldn't own a device over which Google has so much control.
I don't care what the excuse is - nobody installs or removes anything on anything I have without my express permission.
I have no need to be nannied. If I install some objectionable material on my hardware, it is my responsibility. If I goof and install something harmful to my hardware or my privacy, well too bad for me and I've learned something new. I will certainly not accept anyone deciding for me what needs to be removed. Of course, the consequence is that nobody will remove for me a trojan app that I, as well as others, installed because of some advertised function that I found useful. The normal way to do things in that case is that I get a mail or some sort of notification telling me what the issue is with that app and how to deal with it. I will decide what to do with it.
On the other hand, there is simply no excuse for remote unauthorized install. That is just about as Big Brother and disrespectful of my rights as it gets.
But of course, I'm harping about a long-lost notion : the consumer has rights. Seems that that is sooo last century.
I have an Android phone - love it, best mobile device I've ever had by a long way, but it's association with Google leaves a bitter taste in the mouth that just seems to be getting worse and worse.
Aside from the meaningless "do no evil" mantra that Google spouts they do say something very meaningful about Android: that it is Open Source (eventually at least). Part of that meaning to me is that the development and functionality of the OS is accountable to the user/developer community.
Thus as I have a handset made by Motorola running an Open Source OS connecting to Orange's mobile network. What part of that package allows Google to determine what software I will or will not run on my device that I have paid for?
Jon Oberheide is right to point out the pontential security issues with this but at least as important is the question of Google overstepping the mark again in seeking to snoop/control on-line activity. I'm no fan of M$ and Apple but at least they don't try to use Open Source as a fig leaf for their monopolistic activities.
Agree entirely.
This is a major conflict of interest, think of the espionage possibilities.
It wouldn't be bad if google's remote update mechanism 1) was optional, and 2) explicitly prompted the user, however that is was hidden shows just how untrustworthy google is.
This is no different from what apple do, but then apple don't operating under the pretense of selling open devices, people (should) know that apple controls their device.
"But of course, I'm harping about a long-lost notion : the consumer has rights. Seems that that is sooo last century."
The PC era was so fantastic for consumers because of open platforms which spurred innovation and competition. I worry very much that the future of computing could be closed and proprietary, and only a few corporations holding the keys to all apps and data.
"How deep in the T&C the remove and install 'features' are buried?"
The Removal scenario is stated clearly near the beginning of the Android Market Terms of Use (http://www.google.com/mobile/android/market-tos.html, section 2.4)
Someone else can hunt down the terms for Android use in general, including application installation and update. But I rather doubt you'll find Google's lawyers have slipped up in this regard. In particular for the scenario that's been highlighted, which would rely on a hacker exploiting an unpatched vulnerability.
Every App you have installed on an Android phone from the Market is remotely installed - that is how it works. You select an app and the channel opens up with a command to your phone to install it. It then gives you the permissions the app requires and then you can choose to go ahead with the installation.
The Froyo build goes even further - you can just select an app on the Marketplace website and it will get installed on your phone using similar technology. This was one of the big wow factors at Google IO and helps you work with your PC or Phone but through (cough) "The Cloud", rather than have to connect your phone to your PC itself.
If you don't want your phone to do this, or have any links to Google, then don't put a gmail address in when you first install the phone.
This post has been deleted by its author
This post has been deleted by its author
You say wrong; given that possession offences are strict liability offences, suppose a phone were to have illegal content of whatever form downloaded to it or an app to acquire such content? What about an eavesdropping application that Google have agreed to provide to, for instance, a government in whose jurisdiction you live? Their definition of evil has proven sufficiently malleable to allow such adaptation to local concerns before now.
Covertly installing applications without the user's permission on their phones? Well I'm sure that won't interest the security services at all. I'm sure there absolutely definitely won't be a flood of sealed court orders winging their way to Google HQ, identifying certain phones of interest, will there...
In today's world, hackers and system attacks are inevitable. It would be irresponsible to not have a method to deal with them. Google's chosen method is this removal tool – and a corresponding tool that can patch the systems remotely or install other critical components. This method was effective, and demonstrates that Google can eliminate threats.
Keep in mind, this was a threat. It wasn't a case where someone wrote an app that competed with a Google app, and it was removed to limit competition (ala iPhone). This was a hacker who used social engineering tricks (standard hacker MO) to install a root kit on users phones. The app represented a danger to the consumers, and rightfully should have been removed.
Frankly, I am sick of these “white hat” hackers doing evil things just to prove how easy it is to do evil things. The excuse that it was for “good” or “demonstration” purposes does not excuse it in my mind. Imagine using that defense in a murder trial: “Your Honor, I only shot her in the face to show how easy it is to shoot a person in the face! You should thank me for revealing that vulnerability.”
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
