One of the security features of the Android system is Google’s ability to remotely wipe select software on any Android phone. This feature is in place to keep malicious, dangerous, and otherwise no-good apps off the phones of users. The feature is not something used often… or ever, really. However, recently, Google has pulled this trick out of their sleeve to remove some malicious software.
According to Rich Cannings, Lead of Android Security:
Every now and then, we remove applications from Android Market due to violations of our Android Market Terms of Service or Content Policy. In cases where users may have installed a malicious application that poses a threat, we’ve also developed technologies and processes to remotely remove an installed application from devices. If an application is removed in this way, users will receive a notification on their phone.
Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
After the researcher voluntarily removed these applications from Android Market, we decided to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.
The post, found at the Android Developers Blog, then goes on to state some reasons for the security feature existing in the first place:
The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.
This remote removal functionality — along with Android’s unique Application Sandbox and Permissions model, Over-The-Air update system, centralized Market, developer registrations, user-submitted ratings, and application flagging — provides a powerful security advantage to help protect Android users in our open environment.
I, personally, applaud Google for their swift action in the matter. Thanks for keeping your users safe… I’m glad to count myself among them.
[via Android Developers Blog]