Educause Security Discussion mailing list archives
Re: Google power over Android
From: Adam Carlson <ajcarlson () BERKELEY EDU>
Date: Mon, 28 Jun 2010 17:57:25 -0700
I completely agree that the way in which this was handled was obviously haphazard and ad-hoc, which are two things you really don't like to see in any type of managed computing environment. However, in this particular case (which is the only case I'm aware of in which Google has taken such actions) I do not think that it could be considered anti-security. According to the article, the apps that were removed were essentialy Proof-of-Concept rootkits which were still phoning home and attempting to download illicit code which could have eventually done something malicious: "Oberheide built an application dubbed RootStrap that periodically phoned home to retrieve native code that executed outside of Dalvik, the Android Java virtual machine. Then he distributed the tool through the Market in the guise of another application – Twilight Eclipse Preview – which purported to be a sneak peek of the upcoming Twilight teen vampire flick." The apps had already been removed from the app store voluntarily by the author and there wasn't anyone who should have actually been using the apps as they were phony to being with. The concern raised by this shouldn't stem from the fact that Google removed these apps without notice, but rather that your users may have installed them in the first place and never known the implications (meaning they could be running rootkits without your knowledge). If Google uses this power to remove applications that have known rootkit behavior, I don't think they'll get much grief from me. Like most people, I would prefer this power not exist, but I wouldn't consider this particular example an abuse. And FWIW, Apple has much more draconian control over their apps, so if control over your device is something you value, then the Android is still a much better choice than an iPhone. I would say the iPhone is a better choice for people who specifically want others to control their experience and environment (including which apps you're allowed to run on your phone). -Adam randy marchany wrote:
Something sinister about this statement: "Google has the power to not only remove applications from users' Android phones, but remotely install them as well." http://www.theregister.co.uk/2010/06/28/google_remote_android_application_install/ Guess we have to start re-evaluating our smart phone initiatives...... -Randy Marchany VA Tech IT Security Office & Lab.
-- Adam Carlson Chief Security Officer Information Technology Residential and Student Service Programs Tel: 510-643-0631 Email: ajcarlson () berkeley edu "Most of the things worth doing in the world had been declared impossible before they were done." ~Louis D. Brandeis
Current thread:
- Google power over Android randy marchany (Jun 28)
- Re: Google power over Android Stanclift, Michael (Jun 28)
- Re: Google power over Android Jones, Dan (Jun 28)
- Re: Google power over Android Charles Seitz (Jun 28)
- Re: Google power over Android Adam Carlson (Jun 28)
- Re: Google ps over Androidj ib Nick Gagliardi (Jun 29)
- Re: Google ps over Androidj ib randy marchany (Jun 29)
- Re: Google ps over Androidj ib Ozzie Paez (Jun 29)
- Re: Google ps over Androidj ib Doty, Timothy T. (Jun 29)
- Re: Google ps over Androidj ib Russell Fulton (Jun 29)
- Re: Google ps over Androidj ib Nick Gagliardi (Jun 29)
- Re: Google power over Android Dexter Caldwell (Jun 29)
- Re: Google power over Android Ozzie Paez (Jun 29)