

Google can kill or install apps on citizen Androids - yread
http://www.theregister.co.uk/2010/06/28/google_remote_android_application_install/

======
albemuth
Here's Google's explanation [http://android-
developers.blogspot.com/2010/06/exercising-ou...](http://android-
developers.blogspot.com/2010/06/exercising-our-remote-application.html)

No conspiracy or anything to be alarmed with if you ask me

------
ErrantX
_Both mechanisms operate over a persistent TCP/SSL/XMPP connection that Google
maintains between its servers and Android handsets via a service called
GTalkService._

What? That's rather naughty if it is true (the article doesn't give any more
details than this).

Does this mean that for non-technical users you cannot turn off a Google
connection?

~~~
yanw
Why turn off a safety feature? if you're not-technical enough to install a
malicious app that slipped into the market, this mechanism is practically made
for you.

~~~
ErrantX
I am a massive Google fan. But I know a number of people who are not and
prefer not to "trust" them with data.

Most have android phones because they feel similarly about Apple. This would
horrify them.

Admittedly that's an overreaction. But I can't help feeling that a persistent
connection with little option/choice is not the sort of thing a free platform
should have.

~~~
yanw
I think it's actually a necessity specially for an open platform, imagine if a
malicious app got loose and they couldn't do anything about it. It's a 'damned
if you do, damned if you don't' situation.

~~~
miles
I'm tired of these excuses for software makers to have more and more control
over the devices we own.

Palm OS phones like the Treo never had any remote kill switch or other such
nonsense. Anyone could develop for it and post their apps wherever they
pleased. There was no gatekeeper to be be paid or placated, nor were there any
super-scary viruses that brought down the network.

If this kind of Orwellian control is "a necessity specially for an open
platform", why not allow Linux vendors the same power over your servers and
workstations? After all, "imagine if a malicious app got loose and they
couldn't do anything about it".

Seriously: it is up to the users to exercise good judgement and safe computing
practices. If an infected phone is causing problems, let the carrier
disconnect it (just like ISPs disconnect problem accounts). Turning power over
to someone else is just another example of the nanny mentality. Not to mention
that the back doors themselves may be exploited by malware.

------
dododo
presumably os updates (from google) must have the privileges necessary to do
exactly this or maybe this is the interface used for OS updates?

------
gomer
I know with my Black Berry on Verizon my screen is littered with new Apps that
I never installed (Bing, NFL,Skype, and more). It is pretty annoying.

~~~
yanw
It's no the same thing, those apps come pre-bundled when you purchased your
blackberry, the Google mechanism is a safeguard for when a malicious app slips
through, and it only applies to apps downloaded from the market.

~~~
gomer
These apps were not pre-bundled with my blackberry.. Bing didn't even exist..
Blackberry users just woke up one morning and apps were added.

------
technomancy
I wonder if this vulnerability has been removed in CyanogenMod. If not, I
wonder if it will take hours or days before it is. =)

------
gojomo
So perhaps the next time Chinese hackers penetrate Google, they can brick
every Android device on the way out.

~~~
rbanffy
To be fair, they could build the backdoor into the phone when it's
manufactured. No need to use Google as their middleman.

All you need is a routine in the radio firmware that recognizes a specific
signal and either turns off the radio or flood the towers with traffic. Better
yet - request instructions from a server and deploy resources according to the
plans they get - communications meltdown, massive DDoS on critical services,
you name it.

And since it's in the radio controller, it's pretty much hidden from view. You
can root your Android phone or jailbreak your iPhone all you want, the radio
controller is pretty much a separate computer.

~~~
gojomo
Plausible deniability is an important difference. Factory-implanted backdoors
ruin a commercial relationship -- and could be discovered before deployment.

On the other hand, subverting Google's own official 'kill-switch' at a later
date _could_ be the work of a lone vandal or disgruntled employee, and
reflects more negatively on Google than manufacturers.

(BTW, I have nothing against Chinese hackers specifically; they're just a
usefully vivid example from recent events. The same observation goes for any
person or entity that gets momentary control of the official platform-wide
revocation mechanism. Its mere existence, for either the iOS or Android
ecosystems, makes it a super-juicy target for evildoers.)

~~~
rbanffy
> Factory-implanted backdoors ruin a commercial relationship -- and could be
> discovered before deployment

Only _if_ they are discovered.

You can hide the firmware in ways not even the "official" firmware can access
and only a mask inspection would show you have a small amount of ROM where
none was supposed to be (or twice as much as you state in the chip specs). If
I were paranoid, I would be seriously investigating whether such a plan could
be actually conducted - how many processes would have to be compromised and
how many people would have to be involved to introduce a feature like this in,
say, a popular cellphone radio controller. Can we vouch for the integrity of
the hardware/software stack in the towers themselves for not having any
backdoor/sleeper code or logic?

Again, I don't imagine this as being the work of gangs, but of governments.
It's like having your communications blocked as soon as tanks cross the
borders and planes start dropping bombs. It's a very nasty scenario.

------
TheSOB88
Apple could do that too, if they felt like it.

Edit: Except with iPods.

~~~
dinedal
They haven't had to because they stop this stuff before it happens.

The cost of keeping the Apple App Store clean of malicious software is placed
on the developers who are forced to wait for approval. The cost of keeping the
Android App Market clean is placed on the users who will have to deal with the
malicious apps that haven't been pulled yet.

Freedom isn't free it seems.

Does anyone know if Google can pull apps that haven't been installed by means
of the Market?

~~~
ergo98
>They haven't had to because they stop this stuff before it happens.

How does Apple stop malicious software? No one has ever claimed that.

Apple's review process doesn't validate that the software does what it claims
it does, beyond the superficial.

~~~
pistoriusp
If you could somehow find a loophole within the scope of Apple's public APIs -
Then sure... You could do something malicious.

~~~
ergo98
The description of "malicious" seems a little nebulous.

I have never heard of an Android application that breaks out of the sandbox.
When people talk about "malicious" applications, these are apps that don't
actually do what they promise to do, and because of an overly generous user
(who okayed excessive permissions) they exploit trust.

This is similar to a web site saying "Hey, add me to your trust zone" (in
Internet Explorer) "and I'll be extra awesome", and then exploiting that
access.

Another poster mentioned that location has a special confirmation security
grant, which is interesting to learn, however for other accesses there is no
guarantee that the app is doing everything in your best interest.

