Google remotely wipes app from Android phones; Has remote install capability, too

Invisible Shield for Apple iPhone 4!“The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on users’ phones as well,” Dennis Fisher reports for threatpost.

“Jon Oberheide, the security researcher who developed the application that Google remotely removed from Android phones, noticed during his research that the Android OS includes a feature called INSTALL_ASSET that allows Google to remotely install applications on users’ phones,” Fisher reports. “‘I don’t know what design decision they based that on. Maybe they just figured since they had the removal mechanism, it’s easy to have the install mechanism too,’ Oberheide said in an interview. ‘I don’t know if they’ve used it yet.'”

“Many, if not most, Android owners likely had no idea that the REMOVE_ASSET function existed, and Google’s use of it generated quite a bit of publicity and concerns about privacy and security for Android owners. However, Oberheide, the co-founder of startup Scio Security and a PhD candidate at the University of Michigan, said that wasn’t nearly as interesting as the other half of the equation,” Fisher reports. “‘Now, the Android platform not only allows for the removal of applications remotely via the REMOVE_ASSET intent, but also allows for the installation of new applications via the INSTALL_ASSET intent. If some people are upset that Google retains the ability to kill applications remotely (I personally prefer the potential security gains of the functionality), I fear what they’d think of the INSTALL_ASSET feature,’ he wrote in a blog post explaining his research and the removal and install features.”

Full article here.

MacDailyNews Take: Remotely installing apps without the users’ permission or knowledge? Replace Google with Apple and imagine the furor.

[Attribution: Slashdot. Thanks to MacDailyNews Reader “G.” for the heads up.]

37 Comments

  1. @MDN “Well…as you know…Apple has a kill switch too with regards to the iPhone. Lets see how many hypocrites will bash Google for this..”

    It’s my understanding Apple has a kill switch so the app won’t run, not a mechanism for uninstalling apps from a user’s phone. With iOS4 there is a mechanism for over-the-air updates to carrier settings—not being used by Apple or AT&T;to remotely install apps.

    With iOS4 enterprises have the capability of wirelessly pushing apps to the iPhone. This could also be what those functions are intended for in Android. We all assume its there for nefarious purposes.

  2. Google, the hackers platform of choice featuring remote installing of viruses and malware and remote uninstall to avoid detection…hack a droid today because in a world where apple won’t install viruses…droid does

  3. I 100% disagree with MDN’s take… I’ve watched fanboys for years and even drank the koolaid myself a couple of times… If Apple implemented this type of feature, it would be spun as the next great feature to allow the user to get seamless updates and upgrades without having to do anything! Steve Jobs would go on stage and sell “Asset Installation” as a magical way to stay on top of the most wonderful technology available on the planet.

  4. Quickly, we need congressional and FTC investigations of Google! Tell your congressman to write letters to Eric Schmidt demanding answers! ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  5. @Macanatic

    You’re full of it. Tired of people like you trying to sell the notion that Apple users are mindless zombies who will do anything Steve tells them. In your scenario every single Apple user I know would see through this.

    They would also evaluate whether it was something that was worth dumping the platform over and probably come to the conclusion that until Apple started abusing it, the benefits far outweigh any disadvantages.

    But if thinking Apple users are mindless drones makes you feel better about your platform choices, then go ahead and entertain yourself while the rest of us laugh at you.

  6. So the open source platform…. has remote install/remove… since it’s open source… well open slather on that one ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  7. My wife has a couple of grocery stores that has taken one of her favorite products off the shelf without telling her.

    I hope the same thing doesn’t happen to her like it did for our cat, Pokie. I recall it quite vividly. We had just moved in 2000 and when my wife tried to find Pokie’s favorite treat that she had been nibbling on for 12 years, she was told that it had been discontinued. Damn cat died, last year.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.