Google disclosed in a
blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market.
A security researcher built and offered the free applications “for research purposes,” wrote Rich Cannings, Android security lead, in the blog post. The application descriptions misrepresented their purpose in order to encourage downloads, he said.
The apps weren’t used maliciously and didn’t have permission to access private data, and because they were essentially useless, most users uninstalled them quickly, he said.
The author of the applications has removed them from the Android Market and Google has remotely removed the apps from phones that had downloaded them. Google notifies users when it removes an application from their phones.
It’s unclear why Google chose to publicly discuss the removal of this particular application on its blog. Last year, in a filing with the U.S. Federal Communications Commission, Google said that it had taken down about 1 percent of applications that had been uploaded to the Android Market because they failed to comply with Google’s terms. It does not describe such takedowns on its blog each time they happen.
A Google spokesman did not explain why the company is disclosing this particular takedown. “We were simply highlighting a security feature of the Android security model,” the spokesman said.
The blog post comes a day after a security vendor published a
report inferring that a large number of Android apps are malicious. The
SMobile report concluded that nearly half of the applications in the Android Market are suspicious, but based that conclusion solely on the fact that the applications request permission to access two or more kinds of personal data on the phones.
In response, Google said that users have control over which applications access their data because they must permit the application to access such data before downloading the application. Google also reiterated that it can and will disable malicious applications.
In the Thursday blog post, Google promoted its ability to remotely remove applications. “In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users,” Cannings wrote. “While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.”
Android users became
aware of Google’s remote wipe capability the day the first Android phone launched because Google described the ability in the Market terms of service. That disclosure may have been what prevented an uproar like the one that followed the discovery that
Apple too has a remote wipe capability for iPhones. Users were alarmed to learn about that since Apple did not disclose the feature and waited several days after a developer discovered it to acknowledge it.