Opinion: Google’s DroidDream Patch Pushes The Envelope

Google announced plans yesterday to fortify the Android Market in response to the appearance of the DroidDream Trojan, but do the company’s plans cross the line from innovative to intrusive? In a blog post, Kaspersky Labs researcher Timothy Armstrong warns that the search giant’s plans to repair Droid phones without user consent may not pass the sniff test. 

Android patchGoogle announced plans yesterday to fortify the Android Market in response to the appearance of the DroidDream Trojan, but do the company’s plans cross the line from innovative to intrusive? In a blog post, Kaspersky Labs researcher Timothy Armstrong warns that the search giant’s plans to repair Droid phones without user consent may not pass the sniff test. 

Google’s efforts to  repair infected phones leverage a remote removal feature built into the Android operating system, which some have dubbed an application “kill switch.” But Armstrong notes that the app is pushed to affected devices without their user’s consent (think remote code execution), gains root privileges on those devices and, removes other applications, and deletes itself.

Those actions make the removal app little different from the malware it is removing.

Google’s removal app, also, must be distributed over 3G networks, because the company does not have a client infrastructure, such as Windows ActiveSync or iTunes, for managing device updates. With patches distributed by over the air communication, patches and other updates are subject to the dictates and network coverage of mobile service providers, Armstrong notes.

So, while Google makes lofty promises about better securing the Android application market, their actions, past, present, and proposed seem to indicate that these are little more than promises, and perhaps even a lack of accountability.

Read more on Securelist.com.

Suggested articles

Discussion

  • BRYAN B on

    How does this differ from what Apple has done. I seem to recall they have had to do some damage control, on at least one occasion concerning an eleven year old kids extra curricular activities.

  • Anonymous on

    Bryan B, your right.  And what about Amazon and the Kindle, when there was a dispute with an author or publisher, don't remember which, and books started disappearing from Kindles?

  • Rob on

    @Anonymous: Ironically enough, 1984 was the disappearing book.

     

    3G Only? What about all the wifi only tablets? Are people getting charged for this download?

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.