The Android Developers Blog has an very interesting article up this morning concerning their ability to implement remote application removal. Along with over-the-air updates and an application “sandbox and permissions model”, Google has plenty of tools to safeguard Android users. Malicious applications or security threats should not be treated lightly and the Android team understands this. Recently, they had to exercise their right to remotely pull apps from users’ handsets.
Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
After the researcher voluntarily removed these applications from Android Market, we decided to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.
The blog does not call out specifically who it was that designed the applications nor do they mention the questionable titles. It’s probably not coincidence that this comes during the same week Smobile has been in the news with their Chicken Little privacy and security fears. It’s their business to get people to buy/download their apps. Issuing a white paper on the subject trying to scare users is a fast way to get headlines and exposure.
Here’s something that new and potential Android owners need to understand: When downloading an application from the Android Market, you are shown specifically what it is that you need to permit the app to use or access. Not a fan of sharing your location with apps or people? You know going in whether or not the application will do that.