Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Google Security Cellphones Handhelds Operating Systems Software Technology

Google Has Android Remote App Install Power, Too 278 278

Trailrunner7 writes "The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn't the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on users' phones as well. Jon Oberheide, the security researcher who developed the application that Google remotely removed from Android phones, noticed during his research that the Android OS includes a feature called INSTALL_ASSET that allows Google to remotely install applications on users' phones. 'I don't know what design decision they based that on. Maybe they just figured since they had the removal mechanism, it's easy to have the install mechanism too,' Oberheide said in an interview. 'I don't know if they've used it yet.'"
This discussion has been archived. No new comments can be posted.

Google Has Android Remote App Install Power, Too

Comments Filter:
  • kinda scary (Score:5, Insightful)

    by grapeape (137008) <mpope7@kc. r r .com> on Friday June 25, 2010 @10:54PM (#32699506) Homepage

    So how long until we see someone attempt to exploit this?

  • No (Score:4, Insightful)

    by Mr2001 (90979) on Friday June 25, 2010 @11:00PM (#32699540) Homepage Journal

    I'm sure someone could create a honeypot wifi network that forces all Android devices that connect to it to install a particular app.

    Not unless they manage to compromise SSL in order to make the phone think it's talking to Google when it really isn't. If someone manages to do that, we have much bigger things to worry about than a malicious phone app.

  • by Darkness404 (1287218) on Friday June 25, 2010 @11:11PM (#32699594)
    Yeah because wardriving is soooo terrible. Look, if you don't want people connecting to your wi-fi network hide the SSD and encrypt it securely. If not, then does it matter too much if you lose a few bytes of data? There are very, very, few people who are going to bother even trying to break an encrypted connection, especially when they can go to a cafe and get free internet pretty much everywhere.
  • Re:kinda scary (Score:5, Insightful)

    by FooAtWFU (699187) on Friday June 25, 2010 @11:16PM (#32699606) Homepage
    How long until someone exploits this? Well, I bet Google or some other vendor will try to sell it as part of an offering for businesses within the next 2 years. Remote software installs would be very useful in the enterprise.
  • Not so terrible (Score:5, Insightful)

    by Darkness404 (1287218) on Friday June 25, 2010 @11:19PM (#32699616)
    Really, this makes a bit more sense than having 234234234324234 OS updates every year. The majority of updates can be done by removing/updating apps, not to mention security patches. Really, some phones already have the latest Android they will ever get, barring rooting. But people will keep using that phone for 4+ years, that is a long time to have a security flaw out there that could steal information. Since the browser is going to be the main attack vector which is an app, it makes sense.

    While this could be used to push more carrier crapware, I think updates and upgrades of installed apps are more likely to work for more phones and easier for the average user to use.

    In all honesty, would you rather be using an outdated version of a browser with security flaws because your phone doesn't support Android 2.75 Double Chocolate Chunk Cookie or just have your browser update to a more secure version OTA?
  • Re:kinda scary (Score:5, Insightful)

    by MrNaz (730548) on Friday June 25, 2010 @11:30PM (#32699676) Homepage

    I think that remote anything should be opt-in by the user, or, in an enterprise setting, should be added on by the enterprise before distributing the units. I do not welcome the idea that *all* Android handsets will have remote add/remove package functionality out of the box, for all users.

    Imagine the fun law enforcement and government agencies will have with this. Remote install app that silently forwards mic input to an eavesdropper.

    Is there even a way to turn this feature off? I.e., lets say I buy a handset and I definitely do *not* want Google nuking my apps remotely or adding apps to my phone remotely without my knowledge.

    This is the reason that I think the FOSS community should back MeeGo. It's the only *true* open source system out there that's open enough that the Many Eyeballs principle can be applied to, and that is open enough that we'll eventually see custom distros of the OS emerging.

  • Re:Really? (Score:3, Insightful)

    by msauve (701917) on Friday June 25, 2010 @11:34PM (#32699702)
    Just because the updates which have come out already have asked you to update doesn't mean that is a prerequisite. You are implying ("An app, not so much.") that other phones can't update an app. Not true. "Every other phone" allows carriers to to do over the air updates. If they want to do an app, they can, by pushing a full image which includes that app. That Android is more modular, and allows_just_ an app to be pushed should be considered a benefit, as it allows a less risky way of updating things. Whether Android or not, the carrier has control.

    Except, since Android is open, one can expect that "ROM" developers will make available images (at least on phones where privilege escalation has been achieved) which don't allow this, assuming there's demand for it. Try blocking updates on "every other phone."
  • Re:Not so terrible (Score:2, Insightful)

    by Darkness404 (1287218) on Friday June 25, 2010 @11:41PM (#32699730)
    Ok, so Google can install new apps to give new features? Not really sure what I should be worried about... Yes I know they -could- install in new applications which are completely evil provided by Sprint/T-Mobile/Verizon/AT&T but I'm not sure if Google would end up doing that because carriers really hold back Android more than anything else.

    There is competition now in the phone market, Google doesn't want to screw up anything because I could go to iOS, BlackBerry OS, WinMobile, Symbian, or heck, I could just root my phone and remove the crap.

    Google attracts the people who don't want to play games and jump through hoops like you have to with Windows Mobile or the iPhone. Google knows this and wouldn't want to kill their main vocal market.
  • by JustinRLynn (831164) on Friday June 25, 2010 @11:42PM (#32699734)
    Does anyone remember the android demo at Google IO where they showed the remote install feature from the android market on a desktop browser in froyo? Seriously, just because there is remote install functionality in the OS doesn't mean that it's there for malicious or secret use -- it's most likely part of a user facing feature.
  • Re:Really? (Score:3, Insightful)

    by FlyingBishop (1293238) on Friday June 25, 2010 @11:47PM (#32699748)

    The line between OS version and app is entirely arbitrary, and Google is working to move more of the OS functionality into apps.

    From a security standpoint, if Google has access to this, they have access to the OS anyway, installing/removing apps is not a big deal. They already have root on your device (and you don't.)

  • Re:kinda scary (Score:4, Insightful)

    by Anonymous Coward on Friday June 25, 2010 @11:47PM (#32699752)

    Imagine the fun law enforcement and government agencies will have with this. Remote install app that silently forwards mic input to an eavesdropper.

    Then they can remote install some kiddy porn images so they have excuse to raid his house and confiscate all his computer equipment.

  • Re:Really? (Score:5, Insightful)

    by TheEyes (1686556) on Friday June 25, 2010 @11:59PM (#32699822)

    ...he seemed to think of the phone's owner more as a security threat than as the person who should be setting security policy.

    To be fair, he does have a point, if in fact that was his view. I mean, how many zombified PCs are out there now, DDoSing servers and spamming the planet, just because their owners can't manage (at a bare minimum) to enable Automatic Updates? Millions? Tens of millions?

    I know hating Google is in vogue these days, but let's be honest here: so far, they're no Microsoft. They're not a convicted monopoly; they've gone out of their way to invest real resources in opening their services, actually spending money to make it easier for people to migrate away from Gmail and Google Docs; they sponsor and promote open source; and they compete by constantly making their products better, rather than trying to strong-arm people into buying their junk. So yeah, until they show otherwise, I'm going to be cautiously optimistic and give them the benefit of the doubt.

    The question is, is there a way for paranoid individuals to turn this capability off if they want to. Let the Joe Sixpacks of the world live in blissful ignorance, and let Google keep them from bringing the cell networks down with their inability to properly patch and protect their phones; just give me the ability to opt out if I know the risks, and choose to take them.

  • Re:Not so terrible (Score:4, Insightful)

    by gandhi_2 (1108023) on Saturday June 26, 2010 @12:04AM (#32699854) Homepage

    As the android user base gets more mainstream, the "vocal" nerds will be drowned out by people who just want cute shit.

    This crowd will accept what-ever crapware the carriers want them to have, they always have....and Google won't find it so hard to just give in.

    Inevitably, the OTA install function will be abused.

  • Re:No (Score:5, Insightful)

    by Anonymous Coward on Saturday June 26, 2010 @12:07AM (#32699876)

    Actually, this moves android from "my next phone" to a "definite maybe".

    I do NOT like back doors. This makes the SSL Cert that would be used to prove one is google a very valuable target indeed. It really makes me wonder if it is a question of "if" or "when". On top of that, why should I trust google with this? If something needs to be installed, on MY PHONE, I want to be, at least, asked.


  • Re:Not so terrible (Score:5, Insightful)

    by Americano (920576) on Saturday June 26, 2010 @12:42AM (#32700012)

    Yep, because google's not an advertising company, and would never want to, say, install an app that brings you the "great new feature" of automatically pinging their servers with a GPS coordinate and downloading location-relevant ads right to your phone!

    Point is - you aren't offered a choice. Point is - you aren't being asked, "is it okay if we do this?" I don't care what the feature is, I'd take severe issue with someone deciding, "here you need this." And let's be honest - updates aren't always flawless... if Google bricks my phone accidentally, will I be able to recover any important data I might have had on there?

  • Re:Really? (Score:1, Insightful)

    by Anonymous Coward on Saturday June 26, 2010 @12:49AM (#32700036)

    The whole tone of his talk was scary. There was no sign that he could imagine that somebody might not want to trust Google with total control of their phone, or that such distrust could possibly be legitimate if it did exist.

    Yeah, if I don't want to trust a company to have control over the device that I hold in my hand. I definitely must to get the device from the said company that publicly acknowledge that they have control over the device.

  • Re:kinda scary (Score:3, Insightful)

    by gregor-e (136142) on Saturday June 26, 2010 @01:19AM (#32700126) Homepage
    An exploit for remote app installs should come about as soon as an exploit for the automatic OS update feature. Chances are good they both use similar protections.
  • This is great news (Score:2, Insightful)

    by OrangeTide (124937) on Saturday June 26, 2010 @01:47AM (#32700264) Homepage Journal

    Because Android is still less evil and invasive than iOS.

    I'm not trying to troll, but really. if you compare the the two platforms one is mostly open and one is glued shut.

  • Re:No (Score:3, Insightful)

    by Mr2001 (90979) on Saturday June 26, 2010 @02:26AM (#32700392) Homepage Journal

    Actually, this moves android from "my next phone" to a "definite maybe".

    I do NOT like back doors.

    You always have the option to root your phone and install a third-party build of Android that doesn't have this feature. (Unlike a certain other company, Google doesn't claim that you'd be breaking the law by doing so.)

    This makes the SSL Cert that would be used to prove one is google a very valuable target indeed.

    As if it isn't already? If you can impersonate Google, you can access everyone's Gmail, AdSense, AdWords, Docs, etc.

  • by iluvcapra (782887) on Saturday June 26, 2010 @02:55AM (#32700498)

    I'm not trying to troll, but really. if you compare the the two platforms one is mostly open and one is glued shut.

    I'm not trying to troll, but really; if you compare the two platforms one is mostly bought and paid for by the handset purchaser, the other is free to the consumer and OEM but is distributed with the intent of selling mobile eyeballs to advertisers. What could possibly go wrong?

  • by SpazmodeusG (1334705) on Saturday June 26, 2010 @03:21AM (#32700572)

    Pretty much only the kernel is open source and not the other parts.
    The Google apps, the main interface API, and anything relating to the market are well locked down.

    The Android is not a phone you should get if you want an open source phone. Try the OpenMokos.

  • by mlts (1038732) * on Saturday June 26, 2010 @04:10AM (#32700760)

    It is what a blackhat would be able to do if they were able to find Google's private key.

  • Re:Really? (Score:2, Insightful)

    by TheEyes (1686556) on Saturday June 26, 2010 @05:28AM (#32701048)

    How is that not consistent? For the vast majority of users, a phone is an appliance, just like a PC is an appliance, or a refrigerator, or a car. They don't know what is involved in maintaining that phone, or the security risks associated with using the phone, nor are they particularly inclined to care; they have more important things to do with their lives, like hold down a job, take care of kids, keep up with politics to be a better informed voter, etc. For these sorts of people, whom I suspect makes up at least 90% of the population (maybe more), it makes perfect sense to have a (for now) trusted source seamlessly take care of the security of the phone transparently, without them having to do a thing.

    Note that this is exactly why Vista's UAC is the exact wrong way to handle security for the "normal" user: they don't know what's in their best interest, nor do they have the time and/or inclination to find out. Now, obviously they should take the time, but, seeing as they are already choosing not to, the only viable solution is to do it for them. It's the same reason programmers are told never to roll their own cryptography solution: for most of the population it's hard for them to get it right, and instead should rely on established solutions.

    On the other hand, there is that other ten percent who does care and has time to learn the issues involved in privacy protection and information security. For these people, it makes perfect sense to allow them the option to "go it alone," to reject the one size fits all security that a default install would imply, and perform their updates manually.

  • Re:kinda scary (Score:4, Insightful)

    by Lemming Mark (849014) on Saturday June 26, 2010 @06:28AM (#32701258) Homepage

    MeeGo also has the advantage of not reinventing the entire userspace, thus remaining closer to what we generally consider a GNU/Linux system. Android is quite slick in practice but it does upset me that it's so non-standard in every possible way :-(

  • Re:kinda scary (Score:2, Insightful)

    by Deefburger (1345835) <> on Sunday June 27, 2010 @10:48AM (#32708878)
    That is not very far fetched. We've seen stuff "planted" on people as an excuse for arrest before, and in every country, throughout history. I want to be able to turn this "feature" OFF!

Radioactive cats have 18 half-lives.