“Jon Oberheide, the security researcher who developed the application that Google remotely removed from Android phones, noticed during his research that the Android OS includes a feature called INSTALL_ASSET that allows Google to remotely install applications on users’ phones,” Fisher reports. “‘I don’t know what design decision they based that on. Maybe they just figured since they had the removal mechanism, it’s easy to have the install mechanism too,’ Oberheide said in an interview. ‘I don’t know if they’ve used it yet.'”
“Many, if not most, Android owners likely had no idea that the REMOVE_ASSET function existed, and Google’s use of it generated quite a bit of publicity and concerns about privacy and security for Android owners. However, Oberheide, the co-founder of startup Scio Security and a PhD candidate at the University of Michigan, said that wasn’t nearly as interesting as the other half of the equation,” Fisher reports. “‘Now, the Android platform not only allows for the removal of applications remotely via the REMOVE_ASSET intent, but also allows for the installation of new applications via the INSTALL_ASSET intent. If some people are upset that Google retains the ability to kill applications remotely (I personally prefer the potential security gains of the functionality), I fear what they’d think of the INSTALL_ASSET feature,’ he wrote in a blog post explaining his research and the removal and install features.”
Full article here.
MacDailyNews Take: Remotely installing apps without the users’ permission or knowledge? Replace Google with Apple and imagine the furor.
[Attribution: Slashdot. Thanks to MacDailyNews Reader “G.” for the heads up.]
Well…as you know…Apple has a kill switch too with regards to the iPhone. Lets see how many hypocrites will bash Google for this..
But… But… But… Google does no evil. How can this be? I thought only Apple had the closed, controlling platform. I’m confused.
@MDN “Well…as you know…Apple has a kill switch too with regards to the iPhone. Lets see how many hypocrites will bash Google for this..”
It’s my understanding Apple has a kill switch so the app won’t run, not a mechanism for uninstalling apps from a user’s phone. With iOS4 there is a mechanism for over-the-air updates to carrier settings—not being used by Apple or AT&T;to remotely install apps.
With iOS4 enterprises have the capability of wirelessly pushing apps to the iPhone. This could also be what those functions are intended for in Android. We all assume its there for nefarious purposes.
Google, the hackers platform of choice featuring remote installing of viruses and malware and remote uninstall to avoid detection…hack a droid today because in a world where apple won’t install viruses…droid does
Boy oh boy… I wonder how long it will take the hacking community to find a way to exploit this “INSTALL_ASSET” bu… I mean feature.
and what makes anyone think that this isn’t doable on the iPhone as well?
Do know evil.
I 100% disagree with MDN’s take… I’ve watched fanboys for years and even drank the koolaid myself a couple of times… If Apple implemented this type of feature, it would be spun as the next great feature to allow the user to get seamless updates and upgrades without having to do anything! Steve Jobs would go on stage and sell “Asset Installation” as a magical way to stay on top of the most wonderful technology available on the planet.
Quickly, we need congressional and FTC investigations of Google! Tell your congressman to write letters to Eric Schmidt demanding answers!
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
@Macanatic
You’re full of it. Tired of people like you trying to sell the notion that Apple users are mindless zombies who will do anything Steve tells them. In your scenario every single Apple user I know would see through this.
They would also evaluate whether it was something that was worth dumping the platform over and probably come to the conclusion that until Apple started abusing it, the benefits far outweigh any disadvantages.
But if thinking Apple users are mindless drones makes you feel better about your platform choices, then go ahead and entertain yourself while the rest of us laugh at you.
So the open source platform…. has remote install/remove… since it’s open source… well open slather on that one
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
My wife has a couple of grocery stores that has taken one of her favorite products off the shelf without telling her.
I hope the same thing doesn’t happen to her like it did for our cat, Pokie. I recall it quite vividly. We had just moved in 2000 and when my wife tried to find Pokie’s favorite treat that she had been nibbling on for 12 years, she was told that it had been discontinued. Damn cat died, last year.
See, if Apple does it, it’s EVIL and they want to CONTROL your experience.
If Google does it, it’s a FEATURE for the open-source community!!
@@MDN
but, but, but Apple has this too! But, but, but Apple has never used it because they`re not a surveillance system masquerading as an ad company.
hypocrite
@ @MDN
But Apple does not have a REMOTE INSTALL SYSTEM.
And, like MDN said, everyone made fuzz about Apple having a kill switch, but when it comes to Google’s remote uninstall… silence…
EVERY company only cares about milking money out of us. They will do or say anything to get you to follow and buy from them. So why defend any of them because you prefer to get screwed from behind and not from the front.
@ Macanatic
You are the poster boy for clueless….
Apple doesn’t have a way to remove apps from your phone, and never has. There are plenty of apps that have been removed from the app store, and remained on users phones. Remember the tethering app a couple years ago? Lots of people installed that before Apple removed it.
Gimme a break you all, if Apple can make contact with iOS on an iPhone and “wipe out” the gizmo prototype…you don’t think they can install apps at will as well?
Ohh brother please, just for once stay consistent ya’ll.
@MDN: Ain’t it the truth!
Time for your flu shot… while we’re asking you census questions.
@@MDN
Isn’t it different that Apple could wipe the stolen phone, just like you could wipe YOURS if you wanted. That is different than wiping SOMEONE ELSES phone isn’t it? How do you connect the two cases. Google did not wipe the phone, they altered the software on it. Seems quite different to me.
Think about it @MDN, currently the wipe feature is cloud based and allows a rightful owner to brick a lost or stolen IPhone from their home computer. It is one of the security features that Crackberry addicts at the IT level swear by to allow IPhones into the corporate world. This is a far cry from remote installation of a piece of spyware or some dubious application. We are talking OX10 here not Android or Windows 7. Even when you get a free app you have to authorize the down load with your account and password. The .01% of the people that jailbreak their IPhones do it by choice to consume apps they might not otherwise enjoy from the ITunes store. Even Opsys updates have to be authorized by the user to install. There is nothing that Apple does that remotely resembles what Google is doing . I highly recommend you do not store your liquor bottles under the sink, you might have accidentally grabbed and chugged the liquid drano that you suspect may be the kool aid that the rest of us has been drinking. A unit broadcasting it’s location via an app back to an advertiser is not the same as installing an application without the users permission. The entire Android system can now not be trusted. Freedom isn’t free.
@ @MDN–
Every iPhone has remote wipe capabilities. It’s a feature of Mobile Me, and is pretty standard in today’s smart phones.
Remote removal and installation of apps is something completely different.
@bobchr
Damn, that is what I wanted to say. You nailed it.