Open Source Adapted Bicycle Pedal Comes to the Rescue
Accessibility has always been important to designers of open source software. Now that open source has come to design, that's more true than ever, as demonstrated with this open source bicycle
Linux Action Show to End Eleven-Year Run at LFNW
Six more episodes before the popular Linux podcast, Linux Action Show, ends its nearly 11-year run in a live broadcast from LinuxFest Northwest.


Jupiter Broadcasting's long-running
Dealing With Real-Life, Everyday Security Threats
No one has ever been shot by a hacker who was breaking into their computer through the Internet. Not so for thieves coming in through the back door.

Roblimo's Hideaway

I wrote a piece
Four Things a New Linux User Should Know
When you move from "that other operating system" to Linux, you're going to find that in most ways you'll be in familiar territory. However, that's not always the case. We sometimes do things a little differently
The Future of Desktop Ubuntu
With all the changes happening at Canonical, you might wonder what this means for the future of desktop Ubuntu, besides the return to the GNOME desktop.

There hasn't been this much news about a single Linux distro
Libreboot Reorganizes: Seeks to Make Amends
It appears the people developing Libreboot have done some of the hard work necessary to fix potentially toxic personal dynamics after last year's controversy, when the project removed itself from the
It's Windows Time in Linux Land Again
Using Windows. What a horrible thing to ask a Linux user to do.
June 27th, 2010

Android’s Nuclear Football

The day after I pat Google on the back for doing something right, they go screw it up. What’s got me and others scratching our heads is there doesn’t seem to be a reason for it.

I’m talking about the so-called “kill switch” built into Android that lets Googlefolk remove installed applications from Android phones. We’ve known about its existence since the beginning of Android, it’s mentioned in the terms and conditions at the Google app store and the mainstream press took note as early as October of 2008. But, to me at least, it’s been something akin to the U.S. intercontinental nuclear arsenal. I don’t like it’s existence, but I figure that sane people are in charge and it’ll never get used.

But Google’s now used it, and has even bragged about that fact on the Android Developers Blog in a post by Android Security Lead, Rich Cannings:

“The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.”

The thing is, the same blog had already sought to assure us there was absolutely nothing dangerous about the apps removed. They weren’t malware, just deadware.

“These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.”

I suppose the average Android user, who may be only vaguely aware that Android is open source or what open source means, won’t mind too much, if at all, that apps can be remotely removed from their phones without their input. Many users might even be pleased to know Google is standing over them, ready to protect them from any unscrupulous app that might hurt their smartphone or bank account .

But Houston, we’ve got a problem. This is open source, and such heavy handed we’re-going-to-take-over-your-device-for-your-own-good behavior goes completely against the spirit of the GPL.

It’s fine and dandy that Apple puts a similar switch on the iPhone (which they haven’t used) or that Amazon can delete books from Kindle (which they’ve ironically done with 1984), because they’re both proprietary systems. You don’t own the operating system on an iPhone or Kindle, you just have the right to use it.

That’s not the case with Android. You own the the operating system outright. According to the license, you have the right to modify it any way you like. You can sell it. You can give it away. You can do anything you like with it. It’s yours.

I’m reasonably sure that Google has good motives. After all, people do their banking and lots of other things on their cell phones that could put them at risk if an unscrupulous developer were to design a back door into an app that didn’t get caught until after it was downloaded. But good motives don’t make this right.

However, there is something Google can do that will allow them to keep this function without violating the spirit of the open source model. That something is called “choice.” Allow the user the ability to configure how the kill switch functions on his or her devise. The user could choose either “let Android automatically remove malicious applications,” “prompt me to remove malicious applications,” or “disable kill switch, entirely, I’m feeling lucky.”

If they did that, they could even make the first option the default.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Latest posts by Christine Hall (see all)

Comments are closed.