“Jon Oberheide, the security researcher who developed the application that Google remotely removed from Android phones, noticed during his research that the Android OS includes a feature called INSTALL_ASSET that allows Google to remotely install applications on users’ phones,” Fisher reports. “‘I don’t know what design decision they based that on. Maybe they just figured since they had the removal mechanism, it’s easy to have the install mechanism too,’ Oberheide said in an interview. ‘I don’t know if they’ve used it yet.'”
“Many, if not most, Android owners likely had no idea that the REMOVE_ASSET function existed, and Google’s use of it generated quite a bit of publicity and concerns about privacy and security for Android owners. However, Oberheide, the co-founder of startup Scio Security and a PhD candidate at the University of Michigan, said that wasn’t nearly as interesting as the other half of the equation,” Fisher reports. “‘Now, the Android platform not only allows for the removal of applications remotely via the REMOVE_ASSET intent, but also allows for the installation of new applications via the INSTALL_ASSET intent. If some people are upset that Google retains the ability to kill applications remotely (I personally prefer the potential security gains of the functionality), I fear what they’d think of the INSTALL_ASSET feature,’ he wrote in a blog post explaining his research and the removal and install features.”
Full article here.
MacDailyNews Take: Remotely installing apps without the users’ permission or knowledge? Replace Google with Apple and imagine the furor.
[Attribution: Slashdot. Thanks to MacDailyNews Reader “G.” for the heads up.]
So does Apple it’s called “The Apple kill switch”
How about remotely install an app to steal user name and password of my bank account, access the account, make a transfer of account balance to a dummy account, and remotely uninstall it after the transfer. It’s horrifying, isn’t it?
Hey, Google
How bout you wipe where
this ass sets (!)
Imagine some hacker hijacking that functionality, and secretly installing malware on Android phones.
I use android because it’s more open, wait google did what???!? This is OUTLANDISH google officially CAN’T be trusted anymore folks, they were leaning that direction, this just proves it
the next genocide will be far more effective because of the comprehensive databases that now exist (ie. google or facebook) combined with location technologies ie. GPS and the handheld
devices used to implement them.
coming soon to a land fill near you.
Oh stop with all the alarms! Every enterprise IT would demand that you build in a way for the IT to push software updates or remotely remove a potentially malicious program on an organization wide basis. They are basic features that Aapple and Google need to have in order to replace Winmo and BLackberries. What I want as a consumer is a way to disable that if I so wish. That’s all. Like location tracking, freedom to opt in or out.
“Replace Google with Apple and imagine the furor.”
Replace either of those with Microsoft and just about everyone would go apeshit.. MDN included.
Google :: Do no f*****ng evil, my ass.!
Some of you are complaining about Apple possibly doing this maybe this and maybe that BUT…….. Google HAS done it did they tell anybody and did anybody even know they could do this before they did?
Please don’t “bait and Switch” this with Apple maybe doing so.
If Google can do this (and they have) then so will hackers real soon.
But now that you know….. who’s phone are you going to use.
@m159,
NIce! Love it!
If you jailbreak, you can disable Apple’s remote kill switch.