Here’s an interesting piece of news.
The same gentleman, Jon Oberheide, who originally discovered Android’s remote wipe feature (and who’s app was the first and only app to be remotely wiped) revealed that along with Google’s power to remotely wipe, they also have the power to remotely install applications.
Mr. Oberheide had put an app on the market under the ingenious name of “Twilight Eclipse Review.” (Surely with a boring and unpopular name like that, no one in their right mind would download it) The app was actually a program called RootStrap which he created to show how an attacker could force his way into the phone via rootkit. On his blog Mr. Oberheide talked about the remote wipe access that Google has and the strides they’re trying to make to up their security. Later, he talks about the remote installation feature and how this is the bigger security threat.
Now, I said “an interesting piece of news” earlier. I really don’t think it’s the earth-shattering piece of news that Mr. Oberheide makes it out to be. It’s mentioned that there’s no real need for this, but I disagree. Let’s say for instance that Google discovers a faulty piece of code in one of their own apps that come pre-installed on the phone. Now presently it’s not a big deal; there’s an Android update every other week it seems (note: exaggeration). But Google has already made known their intent to have fewer updates, preferably one a year. Remotely wiping and then remotely installing that app would be a very quick and efficient way of accomplishing that task.
Don’t get me wrong. There’s definitely a security risk here if Google doesn’t maintain the security to their servers. Of course at that point, how much more information do we have that’s just stored there, like contacts and calendars, et cetera?With this information provided however, Google will hopefully up the security ante.