Jun 26 AT 9:58 AM Sean Riley 37 Comments

Google can giveth apps and Google can taketh apps away

We’ve known that Google had the ability to remotely remove apps obtained from the Market since before the G1 first hit users hands, but until this week it had gone completely unused.

What apps were so dangerous that they caused Google to forcibly yank them from users’ devices?

The early reports indicated that they were simply apps that did nothing and while that is technically true it isn’t really the whole story.

The apps in question were released into the Market by Jon Oberheide from a security startup, Scio Security. One of the apps appeared in the Market as a picture viewer with images from the soon to be released Twilight Eclipse, but the real purpose of the app was to expose what Oberheide deems to be a security flaw and that is the ability to have an app retrieve new executable code without the users permission once it is installed. Now in this instance Oberheide had no intention of doing anything malicious, but obviously this concept could potentially be exploited by less scrupulous folks.

Oberheide was contacted by Google after he spoke about his app at SummerCon last week and was asked to remove the app from the Market, which he did. While Google indicated that most users had already removed the app — apparently it didn’t deliver what the Twilighters were looking for — they went ahead and decided to make this a teaching moment of their own by hitting the kill switch, also known as “REMOVE_ASSET,” and thus pulled the app from anyone that hadn’t gotten around to deleting it themselves. The notifications in the post image are what a user sees when this happens on their device.

Google reported on their use of the feature and why it is a necessary tool in their developer’s blog.

The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.

This remote removal functionality – along with Android’s unique Application Sandbox and Permissions model, Over-The-Air update system, centralized Market, developer registrations, user-submitted ratings, and application flagging – provides a powerful security advantage to help protect Android users in our open environment.Rich CanningsAndroid Security Lead

Interestingly Oberheide in looking further into the event found that Google has a companion intent to “REMOVE_ASSET” named logically enough “INTALL_ASSET.” While the reason for the former is readily apparent it is a little less clear why Google would require the latter (perhaps some of our more developer minded readers might have some ideas). If you are interested in additional detail you can hit up the source link below for Oberheide’s own blog post on the the whole incident.

Personally I’m fine with Google having this capability in the name of security and they have probably earned our trust by implementing it only once in nearly two years, but I’m curious to see if most Android owners agree with me. Does it bother you that Google can either wipe an app from or add an app to your phone as they see fit or do you find it comforting that that they can close the flood gates on a potential security threat if necessary?

Via: MobileCrunch

Source: Jon Oberheide

Sean has been with Android and Me for over 8 years and covering mobile for the last 9. He occasionally muses about gadgets and tech outside of the Android universe at Techgasms.

    Most Tweeted This Week

  • http://Website Leroy

    Peronally I think its a great part of the Android os, anything that helps stop the spred of malicious code is always a win for me.

    • http://Website mkrmec

      I love this feature… google can delete my apps any day if they think there’s crap in it.

      • http://Website Derek

        Blind faith followers make me laugh. “well google can do anything they want…”

        • Dude

          Conspiracy theorists make me laugh.

  • Dave K

    I would call this a non-issue. Google hasn’t abused the feature, and there is clear user notification.

  • http://Website maxisma

    The last part beginning with “Personally” sounds kinda BIASed ..

    B2T: INSTALL_ASSET may be needed for updates for the Android Market application. I mean for the Market itself.

  • http://rokonandroid.com Richard Taylor

    As a game developer, I’m more than happy for this feature.

    In my opinion, it should be developed further – allowing Google to remotely uninstall pirated apps (yes, this would mean big changes in the market, but it would solve a lot of problems).

    Then the only way to get around it would be custom roms. Which the average user isn’t going to do, wheras average users are happily downloading paid APK’s for free.

    But if it helps them stop malicious code too, then it’s good as it is now.

  • geniusdog254

    I think the INSTALL_ASSET is for pushing things like Market updates. Have you ever noticed that Google can update the Market app automatically instead of pushing a full update?

    I’m sure that’s it.

  • http://Website Craig

    INSTALL_ASSET might be used for automatic update and pushing new apps when syncing your app library across devices.

  • http://Website creativeboulder

    Perfectly fine by me. As long as that privilege isn’t abused, but then again its their operating system. The only thought I have towards their ability to install an app would be to defend the system. If there as an awful Trojan, they could just inject some code instead of relying on the end user downloading a patch or doing an upgrade ota.

    • http://Website Derek

      No, its not THEIR operating system. Its the phone user’s. If you buy the phone you own the software on it as well. If M$ wanted to pull some crap like this everybody would be up in arms calling them the evil empire. But money-grubbing Google does it and you bunch of fanboys just go along and spin it as if Google is the greatest thing since sliced bread. Grow some balls.

      • http://nicholasoverstreet.com Nicholas Overstreet

        You don’t own the software. You never own it. It is LICENSED to you to use.

  • http://Website John Giotta

    Does anyone remember the features Google highlighted at I/O? One of them was remote install. They demoed the feature from desktop Chrome to a Froyo installed device. Why is everyone shocked now that it’s a feature?

  • http://Website Digitalthug

    I love the feature for its obvious security implementation. but I’m guessing it doesn’t work for custom roms since we don’t receive OTA updates?

  • http://Website volapyk

    I think this an important feature for user protection in case of malicious software and perhaps the most effective way to prevent such software from spreading like wildfire. Still my feelings towards this are mixed. There is some degree of “big brother…” to this but it doesn’t really worry me. The part of me, that is against this is more concerned about privacy principles than Google actually looking over my shoulders.

  • Mighty_O

    now get rid of all the spam apps

  • http://Website derek

    I would rather the Android market approval process prevent these apps from getting in the market in the first place. I think the market, and users, would benefit from higher standards. As it stands, there are many apps of questionable legality and comments for many apps are filled with spam. I can imagine it makes some developers wary that their apps could wind up next to some of those.

  • http://Website T

    cool with me so long as it not abused, and if once in the past 2 years is any indication the future looks promising. Google is pretty anti-apple so i don’t really see them getting as big brother as Apple does with it’s products. I do wish some of the apps never made it to the market in the first place but that comes with the price of having the freedom of choice. If have to scroll past a bunch of “junk” apps to make sure i have a choice in apps i can live with it.

  • http://pro-thoughts.blogspot.com/ vkelman

    Personally I think it’s absolutely essential for Google to have such remote removal capability. I’m fine with Google using it wisely.

    “but the real purpose of the app was to expose what Oberheide deems to be a security flaw and that is the ability to have an app retrieve new executable code without the users permission once it is installed”
    Wow! Thus sounds like a real security breech in Android, nothing like a BS recently reported by SMobile Systems. Hopefully, Google will patch it quickly.

    • http://pro-thoughts.blogspot.com/ vkelman

      Here’s information about unfair activity by SMobile Systems, which hurts not only to their competitors, but to the whole Android too http://goo.gl/i2CI

  • http://Website Greg B

    this really is a good thing to know, Google should have control just so long as its being used for security risks and exploits.

  • http://Website Wickid

    I totally agree that this feature is not to be complained about but neccasry to protect the averege user as myself.

  • http://Website Jon Smith

    I’m glad they have it. If this were a company like Apple or Microsoft, I’d expect it to be abused. I trust Google at the moment.

    • http://Website Apple4eva

      Jon Smith says:
      June 26, 2010 at 1:46 pm

      I’m glad they have it. If this were a company like Apple or Microsoft, I’d expect it to be abused. I trust Google at the moment.

      What have they done to earn this trust you fandroid? you forgetting the whole wifi debacle?

  • http://Website Tito!

    This was a horrible blog. The info was great, until “Install_Asset”
    Why make Google sound evil?
    Duh, it is obvious the function “Install_Asset” is used to update Android on the Google front.
    Ew, can’t believe your assumptions, choice of words, and motive to sound so mysterious.
    It’s no brain teaser?

  • http://Website Patrick

    I think it’s fine, but it is a very thin line they are walking, any removals must be thought through and they can not remove “uncomfortable” apps as they see fit or they will lose all freedom claims they have in comparison to Apple.

    With power comes responsibillity, don’t be evil ;)

  • http://Website JS

    I’d like the ability to disable it although I imagine that 3rd party firmwares without the Marketplace would be immune from such meddling?

    I’m less worried about the 1984-esq app deletion than I am at the ability to install apps which various other sites have reported are also possible.

    I’m kinda hoping CM6 has a way to disable this all together and I’ll switch my phones over. As long is there a way for the tech savvy to opt out; I’m fine with it.

    • http://www.technogasms.com Sean Riley

      This is definitely only for Market apps, anything you sideload would be immune.

      I agree, while I don’t think the install function is something to panic about by any means I would like to hear something from Google regarding why it is there and how it is protected from abuse by an outside party.

  • http://Website FrightenedByPenguins

    I don’t think most people reading this blog will have an issue with either REMOVE or INSTALL privileges for Google being part of the Android mobile OS.

    Any Android user who is actively reading about and taking an interest in the development of their phones operating system will surely trust Google to only do the best by its users, Google may well have to do some law-enforced removals at some point in the future; I hope this isn’t met by the normal hysteria that seems to occur when a company is forced to do something on behalf of security of copyright isues, but it probably will be.

    I’m sure somewhere online right now iPhone users (or iFan blogs) are citing this as a reason why Google is an evil corporation and that all the good-will extended to it in the past should be revoked, possibly while burning all Google directors at the stake for FORCING apps (or uninstalls) on it’s users. But it’s a blatantly critical feature in any forward thinking OS. I don’t know of many people who disagree with Microsoft’s critical security patches (only the nagging manner with which they are pushed out). As long as Google continue to go about things the way they have thus far I don’t see any genuine objection coming from anyone who isn’t scaremongering for hits on their blog.

  • http://hitechcoffee.blogspot.com/ Adrian Petrescu

    google must have control only on the apps from the market, it’s not good to have full access to all apps.

    the android phone is not a google terminal, also who decide that google can remove my personal apps that are not from market?

    also … how now what google collect from you phone?

    the phone is individual propriety, so the phone must be on the user side.

    if the google can modify/install and uninstall the apps to the phone it also have same data to identify the phone like google account, google id, also the phone number, and from that we have a user profile…. (this sound like Echelon program) with gsm and gps we have user position

  • http://Website Chancy

    Old news. -_- If you don’t want Google to take apps from your phone, simply take out the sim card but that would make your phone useless or tied down to WiFi. I guess you’ll just have to do with SYNCING TO GOOGLE SERVERS!

  • http://Website Jose G.

    I think there’s a big difference between removing malicious apps and Apple yanking legit apps that violates their P.T. Barnum style regulations. Clearly there are some bogus apps that get through and it’s nice to have security. However, we’ve seen Apple pull apps merely because they change their minds about something. I definitely trust Google a lot more than I trust Apple with this feature set.

  • http://www.andrudes.com Andrude

    I agree with Jose G., that Google’s tempered use of this power has earned my respect. I, also, am glad Google has this, b/c what is everyone going to want IF something truly malicious started happening …. they would want Google on it IMMEDIATELY. Now we know Google has the capacity to do this, and that they possess the self-restraint to use it only in the interest of the customer.

    And, as Tony Stark says in IronMan I, it’s good to have a weapon you only have to use once. And, Google used it !

  • http://Website ThisIsMyName

    As long as Google doesn’t abuse this, I have no problem with it. Given Google’s history, I have no reason to believe that they will abuse this ability. They are one of the few companies I really respect.

  • ER

    “INSTALL_ASSET” could possibly be used where a patch is needed for security issues to overcome a rooted application’s possibility of denying “REMOVE_ASSET”

  • http://Website RE

    “Google can gives/giveth apps” is not very correct grammar!

  • http://Website FeRD

    I realize this is an ancient post, but that’s part of what I felt was noteworthy about it.

    I’m more than a little surprised by the response. In reading through all of the comments, plenty of opinions were voiced on both sides of the REMOVE_ASSET issue — many people like having it there, others are less trusting of Google and would prefer they not have “remote control” in that way.

    But what I DIDN’T see anyone suggest is that the phone user have the final say (or have that option, even if it’s off by default) in what action is taken.

    My comfort with REMOVE_ASSET would be greater if that notification wasn’t just announcing what’s already been done, beyond their control and without any recourse. (Heck, why bother even telling the user? There’s absolutely nothing they can do in response to that notification. — I say that jokingly/sarcastically.) I’d rather see a notification come up *alerting* the user that there have been issues identified with an app, and requesting permission to uninstall it. The user gets the final say, and if they choose not to remove the app then it’s their funeral.

    I’m even comfortable with this being configurable, and non-default, behavior, because I realize the average user doesn’t want to be bothered with those kinds of questions and would prefer the behavior be fully-automatic. But give me the option to retain control of my own phone, if I choose.