Original image courtesy of KnowYourCell
If you were following mobile news over the weekend you probably saw some reports about Google remote killing some malicious apps that found their way to the market. While most were simply noting this because you may have been one of those affected users , others took some pretty hard jabs at Google for using an exploit of their own to remote into your phone and kill the apps. While this is not far off base, I think some people are taking it to an unnecessary level of conspiracy theory like ideas that Google is really out to spy on you and your apps. Taking into account that I am a Google fanboy, I’ll try to keep things consistent as far as what’s good and what’s evil. The whole reason I decided to write something up on this is from the comments posted on other forums, blogs, and sites. Some of them are so downright ridiculous, that I kept looking for more sites just so I could read everyone’s hatred messages.
Here are a few that I saw on the Google Blog (I chose these cause they are family friendly, there were plenty on sites that were not):
I am more worried about Google being able to remotely alter my phone without my intervention.
The reason Google didn’t act on this earlier may be it wants to test the water and see if it can apply Microsoft-like tactics too?
You guys are too slow – everybody was yelling “malicious applications”, for how long, about a week, while there was dead silence from Google.
Google posted some information on this Saturday morning on their Google Mobile Blog. After reading through the post I got the sense that Google is simply looking out for the users and of course for the well-being of their Android Marketplace. Here are some of the facts I gathered from the blog post.
- If your running Android 2.2.2 or above, this does not concern you
- Google took the malicious apps off the market within hours of getting notified
- If Google changes your apps in any way, you should get an email from android-market-support@google.com
- Google will fix the exploit (if it exists) on your phone with zero interaction
- preventative software will be installed to help stop this from happening again, you again will get a notification of the installation
- you will NOT get this security update unless you were affected by these apps
So pretty cut and dry right. Is Google really out to get you? Would you not want them to have the capability of removing this malicious software for you? I say absolutely. I can’t fire back at a company that actually has my best interest in mind. Is it a little weird that they can remote into my phone? Sure, but I imagine it’s the same type of software that allows me to click “install” on the Web Android Marketplace and it magically starts installing on my phone. Remember, this is the company you trust with your email, payment checkout, voice services, contacts, calendar, and documents, surely if they really wanted to “spy” on you, they have much better methods than “remoting” into your phone to remove virus ridden applications. Let’s not forget that Apple also has this feature enabled on current versions of iOS. They could hit the same kill switch if security was compromised.
So in the end I praise Google for taking care of this problem. With an open platform Android is more prone to these types of attacks and will always be under scrutiny for their methods. I could care less if Google wants to removed bad apps from my phone. I would like to know when that takes place, but it looks like Google has that covered with emails and notifications to your phone. We love to preach to everyone how we can sideload apps, install whatever we want, and basically manipulate Android the way we want. So don’t cry when some bad code piggybacks its way on to some legit marketplace apps and Google responds by removing them. Complaints would have been double if the code was able to steal your information from your phone before it was caught. I also know Apple people will have a field day with this. I can imagine the conversations something like “see, I knew all that Open Source crap was a bad idea.” Call it what you will but basically it’s a cause and response to an issue that came up. Apple, Microsoft, and anyone else I would hope does the same if they were attacked in this manner. Tell us what you think in the comments, is Google wrong for doing it this way?
*Credit goes to Reddit user Lompolo and Android Police for finding these exploits in the first place
Learn more about this Security Issue