Recently Google discovered a few apps developed by a security researcher intentionally misrepresented their purposes the Android Market. They didn’t do anything malicious like collect personal data (apparently they didn’t do much of anything and many users deleted them soon after downloading), but after talking the developer into voluntarily removing them from the market, Google flipped the “kill switch” and remotely deleted the apps.
“The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications,” explained Rich Canning, Google’s Android security lead, in a blog post. “In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.”
Of course, this comes on the heels of a report by SMobile Systems, which sells smartphone security software, that found — gasp! — 20% of apps within the Android Market collect personal data that might — just might — be used for unsavory purposes.
SMobile examined 48,694 Android apps, 68% of those currently available, and discovered that 383 could read or use authentication credentials from other apps or services, 29 fit the profile for spyware, and eight enabled “bricking,” rendering the app unusable.
Scary stuff, huh? And it’s all because Android is so damn open! When hearing that info, PC users must have had flashbacks of infinite pop-up windows and hours spent debugging machines.
Turns out SMobile Systems also has a lot of strong links to AT&T — sole carrier of the iPhone, Android’s rival — including execs that are former AT&T higher ups and a “strategic” partnership. Was the strategy to give Android users the willies and send them rushing to AT&T stores to wait in line for an iPhone 4?
While AT&T has Android-enabled devices, it’s got nothing high-end like the Droid or HTC Incredible, presumably because they would compete with the iPhone and anger the great Apple.
Google was nonplussed to say the least, especially as headlines such as “Android Apps Expose Private Data!” screamed across the Internet. A spokesperson pointed out the obvious in CNET’s: apps must get user permission before entering sensitive territory.
“Developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious,” the spokesperson continued.
CNET actually apologized and rewrote the story to make it clear that the apps don’t automatically go rummaging through your personal data, looking for ways to screw you.
It’s hard not to see Google’s remote detonation as an overzealous reaction to this non-scandal. The problem is the killing was unnecessary, a show of force. The apps in question were just taking up space and it should have been up to smartphone owners to can them. But no, Google stepped in and said, “We’ll take care of that for you!”
Granted Google has been quite open — shocking, right? — about the whole procedure, proudly exhibiting its various privacy, security and developer policies. Obviously remote detonation is not an arbitrary process like Apple’s removing apps from the App Store that it disapproves of on some hazy moral grounds. I’ve read that Apple confirmed it has similar remote deleting powers.
Users would be calling Google a guardian angel if a widely downloaded app turned out to be malware. But as Uncle Ben told Peter Parker, “With great power comes great responsibility” — and this feel likes an abuse of that power, mowing down a mouse with a howitzer. Wouldn’t an alert have been a more reasonable response? Android users should rightfully feel a little violated.
It makes us question whether we want the company having such control over our most personal of devices. With the smartphone revolution has come that sinking sensation that we’re ceding more and more control to our technological overseers.
Simply put, do you think this is an overreach? Did Google go too far? Or should Android users be thrilled that Google will trash crap apps (crapps?) for them?
Of course if certain media sources hadn’t gone wild about a report lacking credibility in an effort to rope in traffic, Google wouldn’t have hastily flipped the kill switch. One could argue Google was forced to show its hand.