Original article: Malware paranoia sets in
Google's 'kill switch' makes me nervous
Just like PCs before them, it appears not all mobile devices are created equal. An operating system is a continual ‘work in progress’ and when you only have one form factor to worry about, as in the case of the iPhone, releasing stress-free firmware updates is doable.
However, when your OS is adopted by numerous manufacturers producing multiple device types with different screen sizes, processors, inputs, cameras, interfaces, etc, the task of keeping everyone updated becomes slightly more difficult. In the case of Android, there are at least four or five versions in the field and not all handsets can be updated over the air.
If the phone makers like to tinker with some of the OS features then, as in the case of the recent Samsung WP7 updates, the device can quickly become an ornamental brick. When things do go wrong, it’s the network operator that usually gets the first call, not because they supplied the device, rather because they actually have someone answering their customer service lines.
The smarter phones get the more they emulate our PCs and the more likely we are to become frustrated with and fearful of any software updates, especially those marked as security updates. These updates usually follow some sort of breach of security or malware attack, not precede them.
In the case of Android the most recent update was designed to undo any damage caused by a wave of malware-infected applications discovered last week. Fierce Mobile Content reports “more than 50 Android apps - credited to developers Kingmall2010, we20090202 and Myournet - reportedly contained the DroidDream malware, which seeks to gain root access to the user’s device, collecting a range of available data and downloading more malicious code to the smartphone without the consumer’s knowledge or consent.”
That’s right, 50 bad apps sold directly from the Android Market.
“Google plans to implement a series of new security measures to prevent other Android Market applications from wreaking the same kind of havoc. The digital services giant is also collaborating with partners to solve the storefront’s underlying security questions,” the news site added.
Alas, that’s only half the story. It seems that Google had another little weapon, kept pretty much to itself, in case of such emergency. Dubbed the ‘App Kill Switch,’ Google confirmed it recently activated Android Market’s remote application removal tool to wipe all installed copies of the offending malware on customer devices.
Wow, that’s impressive, but let’s get this into some perspective. If I had an Android device and I happened to have installed the said malware applications, Google, without me knowing it, would have accessed my device and zapped something on it without my knowing it.
Hmm, if somebody was able to do that on my PC I would probably have been calling a lawyer!
I would prefer that the apps did not make into the Android Market in the first place. However, it’s nice to know ‘Big G’ is looking out for malware, even after it has been distributed. It’s quite another finding they have the ability to nuke something on my phone.
I feel another case of ‘mobile paranoia’ coming on.