This poses an interesting question. What's worse for Google: media claiming "Android is unsafe: Google refuses to remove malicious software" or raging users?
I don’t know. For me this is very obvious proof that you can have all the freedom of Android and all the supposed security of Apple’s app store all in once. It makes it harder for Apple to argue for their model without looking stupid.
Even as a developer, I hope to God that is never available to anyone but Google.
If I've downloaded a free app, and the developer decides he wants money instead, I don't want him having the power to forcibly uninstall the free app from my phone as "incentive" to buy the paid version.
I could probably imagine other malicious uses of that feature if you need more proof that it's a bad idea.
Of course, there's nothing stopping the developer from releasing an update that makes the free app less functional/desirable.
As far as I know, the only way to tell what an update will be like without installing it is to look for App Market comments from disgruntled users who have installed the update. And you cannot return to a previous version of the application once an update is installed.
Several of the useful free apps that I have installed later became annoying, ad-supported ones.
What if, for example, I include by mistake confidential information that I am forced by law not to disclose, or media I don't have the proper copyright for?
For example, I make a statistical financial simulator for Android and by mistake the build includes my test data which is from some big bank ? Being able to pull the plug on that build would be really nice -- because I'm pretty sure nobody at Google would care to help you with that.
Or, I might do an audio player and I'm including some music whose copyright expired in the rest of the world, but not in US.
Indeed it might do more harm than good that normal developers have the right to do this, but if you assume developers are responsible about it, it might be a good thing. For example, Google could supervise this or charge a flat fee, etc.
Or don't include sensitive data in your test set or build system. If you include something in a release that you should not have included, then you are responsible full stop, and a revocation system is not a solution. This sort of functionality should not be used to fix developer mistakes; you can't do this sort of thing with desktop applications either, and once again, for good reason.
Even if Google initiates a mass revocation, that doesn't mean the application is no longer in the wild. Users who want to exploit your mistake could just as easily do one ogf the following:
- Disconnect their phone from a data connection or wifi signal
- Dump their current ROM/data to a backup image using a 3rd party bootloader
- Extract the .apk from the phone using root access, using an app like Titanium Backup
- Install the .apk from a source other than the Market, so that the revocation system will ignore it
Google's mass-revocation system only "works" because it is designed to remove malicious applications from the phones of unsuspecting users. If you make sensitive data public, it becomes public data, period; there's no going back.
Why should we treat the situation differently just because you distributed the application electronically, versus shipping it in the traditional/literal sense on CD-Rom or floppies?
If you wrote an application that contained (say) code that wasn't yours, and shipped a few thousand copies before anyone caught on, well you'd be S.O.L. I'd imagine that the damages you'd be responsible for would depend in some way on the number of copies that made it out the door.
But I don't see any reason why a developer ought to be able to conduct a sort of clawback to cover their own ass if they let something out the door that they shouldn't have.
Let's see, Amazon pulled back 1984 because they figured out they didn't have the license for it. They returned the money and fixed the problem without fuss (kinda).
If you were in a situation like you said to unknowingly include unlicensed 3rd party code it sure would be nice to just return the money and do a remote delete. Compared to, say, waiting to be sued and having the damages determined upon the numbers of copies sold.
This reminds me of when Amazon removed 1984 and Animal Farm from their users' kindles. It seemed to just piss users off, and is kind of a scary feature.
> "If an application is removed in this way, users will receive a notification on their phone."
The notification is optional (the Market TOS clearly states that they can remove applications without warning)
> And honestly, you're trying to spin the removal of malicious apps as something bad? Really now?
The applications removed were not even malicious (and that's straight from the Android Dev blog), they misrepresented themselves in the description but that's pretty much it.
So clearly, the Android team allows itself to remove not just malicious applications but any and all application from users's handsets.
These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
They can remove things, that is the point. Today something bad is malicious software. Tomorrow it will perhaps be depiction of two men kissing or political satire as seen on the iphone, who knows ?
The Android Market has a list of content that is not allowed, including an ambiguous "any material not suitable for persons under 18". And since applications are not individually screened for content, we will see a number of them revoked via this mechanism.
However, note that, unlike the iPhone, Android allows you to install apps from other sources besides the App Market -- sources which are not limited by Google's content policy.
> These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET.
I can read good sir, but I wasn't talking about that. I do think the application they removed was pretty useless (the experiment it was designed for seemed to be over). What they said is that they removed it in order to test their system, which, according to them, will be used to remove malicious software.
So what's labeled at bad is malicious software. And if I am wrong and the experiment wasn't over, then it just makes my point as it is already (in some meanings of the term) abusive :)
The author voluntarily removed the applications from the Market prior to the remote removals.
I'm having some difficulty making the leap from this incident to being worried about Google removing "any and all applications from the users' handsets". Yes, of course they can. But do we have any basis for worrying that Google will wield this power arbitrarily and in a manner which developers should be concerned about?
Why does the author removing them for the Market justify removing them from handsets?
Just because the developer decides that they don't want to sell (or give away) the app anymore doesn't mean that they should have the power to make that decision retroactive.
I could perhaps see doing it as a sort of nuclear-option security thing; if someone had released an app that made phones overheat or their batteries explode or routed all your phonecalls through Russian Mafia servers. But I'm fairly suspicious that just having this capability will lead to it being used for cases of 'sellers regret'. Or that it might get used if a carrier put enough legal pressure on Google to get rid of something they didn't like. (Hypothetically: something that allowed tethering without paying an additional fee, on carriers that charge extra for it. Or something that allowed VoIP, on carriers that don't allow it. Etc.) The simple fact that the capability exists means that they can be ordered to use it, and I'm not sure I'm comfortable with that, given how easily abused the court system is.
Still, it's better than the iPhone, if only because at least with Android you have the option of installing applications without going through the Market, which are apparently untouchable. It might make me more suspicious about getting anything through the Market that seemed like it might be controversial, though.
