The past few weeks, we've heard lots about the catastrophic effect of Internet kill-switches like those implemented in Egypt and Libya (and the one under debate in the US senate). This weekend, however, Google deployed a different sort of kill-switch in its Android network: one designed not to shut off communications but to disable malware unknowingly installed on devices running the Android OS. On Saturday, Google's Mobile Team released a blog entry stating that 58 malicious apps were removed from the Android Market, offending developer accounts were suspended, and an Android Market security update is being pushed. In addition, Google says that it's working on closing up the vulnerability that the malware exploited. For now, though, those running Android 2.2.2 and up are immune, but, as pointed out by Ars Technica, the mobile industry's poor track record in Android updates means that older—and more vulnerable—versions of the OS will still be the norm on many devices shipped in the future.
More worryingly, though, is the issue of developer's rights this event brings up. A PCMag editorial asserts that a better decision on Google's part would have been to alert users who had installed the malicious app of the security breach and give them the option of removing it themselves. Of course, Google's chosen course of action was perfectly legal and justified (and polite—if your device was affected, Google left a note on it about what was changed and why), but many people still feel insecure about the possibility of other OS developers like Microsoft or Apple remote-wiping programs or applications from devices, maybe for reasons other than security. That raises the modern question regarding device purchase: do you really own what you bought?
{jcomments on}