.jpg)
Photo By: Andrey Andreev
Google has had an incident with a few rogue Android apps over the past few days. They have remotely removed 2 free apps from several hundred possibly more Android phones.
The applications lied about intended purpose and thus violated Android operating policies, according to a company spokesman.
These 2 applications were “proof-of-concept” programs designed to test the feasibility of distributing a program that could later be used to take control of the device in an attack, according to Jon Oberheide, the developer who made and distributed them.
“An attacker who develops legitimate-looking apps and distributes them on the Android Market could gather a large install base and if there was a vulnerability within the Android operating system or Linux (upon which Android is based) the attacker can phone home to see if there is an exploit to download and push it out to all the phones he controls and take complete control of the phone via the kernel,” said Oberheide
Little known to most Android users is a feature built in right under their noses. Its called the “Remote Application Removal Feature” it allows the company to delete apps for security reasons that have been installed by the Android market.
One of the applications was entitled RootStrap. It executed code that simply printed a message on the screen that says “Hello World,” . The second app did the same thing except it was disguised as a preview to the new movie: Twilight Saga: Eclipse.
Android users beware of such misrepresented applications as they exist out in the wild. Know that the company can delete any application they want off your device when ever they want, for what ever reason they can justify.
Backup often.
Comments
Can see a title more mis-leaded, I've read google blog post about this, first the authors removed the applications first from android market and this was just a test, and they said they will use it in case of spam! not any application they want.
and final, really man! "Stealthily", they said user will INFORM of this before removal, I am sure you've read the post, but why you wrote this post? really readers should decide.
this is the blog post: hxxp://android-developers.blogspot.com/2010/06/exercising-our-remote-application.html
(replace hxxp with http) you decide.
this is the exact quote: " If an application is removed in this way, users will receive a notification on their phone."
It wasn't exactly stealthy since a notification is displayed telling the user what happened. Also it's not surprising Google can do this, what smartphone app store doesn't have a remote uninstall capability?
I'm not sure if it makes me feel goog or bad. On the one hand I appreciate that Google keeps an eye on the bad guys. This makes me feel that they don't deny the danger and are willing to do something.
On the other hand, I would prefer they filter out the evil apps on advance and leaving users' devices at users' control.
So, Google, keep it real: Don't be evil!
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!