
Android Developers Blog: Exercising Our Remote Application Removal Feature - jamesbritt
http://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+blogspot%2FhsDu+%28Android+Developers+Blog%29
======
augustl
This poses an interesting question. What's worse for Google: media claiming
"Android is unsafe: Google refuses to remove malicious software" or raging
users?

~~~
ugh
I don’t know. For me this is very obvious proof that you can have all the
freedom of Android and all the supposed security of Apple’s app store all in
once. It makes it harder for Apple to argue for their model without looking
stupid.

------
fierarul
Is this also available to developers ? For example, I would like to know I
could remove remotely one of my applications if I wanted to.

~~~
nuclear_eclipse
Even as a developer, I hope to God that is _never_ available to anyone but
Google.

If I've downloaded a free app, and the developer decides he wants money
instead, I don't want him having the power to forcibly uninstall the free app
from my phone as "incentive" to buy the paid version.

I could probably imagine other malicious uses of that feature if you need more
proof that it's a bad idea.

~~~
fierarul
What if, for example, I include by mistake confidential information that I am
forced by law not to disclose, or media I don't have the proper copyright for?

For example, I make a statistical financial simulator for Android and by
mistake the build includes my test data which is from some big bank ? Being
able to pull the plug on that build would be really nice -- because I'm pretty
sure nobody at Google would care to help you with that.

Or, I might do an audio player and I'm including some music whose copyright
expired in the rest of the world, but not in US.

Indeed it might do more harm than good that normal developers have the right
to do this, but if you assume developers are responsible about it, it might be
a good thing. For example, Google could supervise this or charge a flat fee,
etc.

~~~
nuclear_eclipse
Or don't include sensitive data in your test set or build system. If you
include something in a release that you should not have included, then you are
responsible full stop, and a revocation system is not a solution. This sort of
functionality should not be used to fix developer mistakes; you can't do this
sort of thing with desktop applications either, and once again, for good
reason.

Even if Google initiates a mass revocation, that doesn't mean the application
is no longer in the wild. Users who want to exploit your mistake could just as
easily do one ogf the following:

\- Disconnect their phone from a data connection or wifi signal

\- Dump their current ROM/data to a backup image using a 3rd party bootloader

\- Extract the .apk from the phone using root access, using an app like
Titanium Backup

\- Install the .apk from a source other than the Market, so that the
revocation system will ignore it

Google's mass-revocation system only "works" because it is designed to remove
malicious applications from the phones of unsuspecting users. If you make
sensitive data public, it becomes public data, period; there's no going back.

~~~
fierarul
Well, it was just an example and

>If you make sensitive data public, it becomes public data, period; there's no
going back.

this is true, but it sure would be nice to do damage control no ?

------
nuxi7
Here is more info from the security researcher who wrote the app that got
removed:

[http://jon.oberheide.org/blog/2010/06/25/remote-kill-and-
ins...](http://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-
google-android/)

------
emilam
This reminds me of when Amazon removed 1984 and Animal Farm from their users'
kindles. It seemed to just piss users off, and is kind of a scary feature.

------
protomyth
My big question about the ability to remove apps from phones, is if a
malicious party will be able to impersonate Google and send the "kill" signal?

------
bzajax
So, after it's too late, we'll remove the app to make it seem like nothing bad
really happened.

~~~
jokermatt999
"If an application is removed in this way, users will receive a notification
on their phone."

And honestly, you're trying to spin the removal of malicious apps as something
_bad_? Really now?

~~~
norswap
They can remove things, that is the point. Today something bad is malicious
software. Tomorrow it will perhaps be depiction of two men kissing or
political satire as seen on the iphone, who knows ?

~~~
masklinn
> Today something bad is malicious software.

Or it might be, it happens that it isn't:

> These applications intentionally misrepresented their purpose in order to
> encourage user downloads, but they were not designed to be used maliciously,
> and did not have permission to access private data — or system resources
> beyond permission.INTERNET.

~~~
norswap
I can read good sir, but I wasn't talking about that. I do think the
application they removed was pretty useless (the experiment it was designed
for seemed to be over). What they said is that they removed it in order to
test their system, which, according to them, will be used to remove malicious
software.

So what's labeled at bad is malicious software. And if I am wrong and the
experiment wasn't over, then it just makes my point as it is already (in some
meanings of the term) abusive :)

