DuckDuckGo Ups Ante: Gives $300K to 'Raise the Standard of Trust'
For the seventh year in a row, the search engine that promises not to stalk your online moves puts its money where its mouth is, this year by donating $300,000 to organizations that
System76 Saying Goodbye to Bland Design
Considering that System76 chose to unveil its new design plans to The Linux Gamer -- no invite went to FOSS Force, BTW -- we can't help but wonder if a System76 Steam Machine isn't in the works.

The Screening
The Great Debian Iceweasel/Icedove Saga Comes to an End
Now that Thunderbird is back in the Debian repositories, the decade long dispute that led to all Mozilla products in Debian being rebranded has ended.

The hatchet is finally completely
Back Yard Linux
It's not as lonely being a Linux user as it once was. These days you're liable to find people throughout your neighborhood using Linux.

My how times have changed.

It wasn't long ago that Linux
No, Evil Hackers Aren't After You
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.

Roblimo's Hideaway

OMG! I think I see a giant camera lens on
Should the U.S. Army Have Its Own Open Source License?
Should the U.S. armed forces begin releasing software under an OSI approved open source license rather than as public domain?

Roblimo's Hideaway

This question has generated many pixels'
GitHub CEO Chris Wanstrath on Open Source
Did you know that the software Stephen Hawking uses to speak is open source and that it's available on GitHub? Neither did we.

The Screening Room

At the Computer History museum, GitHub CEO Chris
June 27th, 2010

Android’s Nuclear Football

The day after I pat Google on the back for doing something right, they go screw it up. What’s got me and others scratching our heads is there doesn’t seem to be a reason for it.

I’m talking about the so-called “kill switch” built into Android that lets Googlefolk remove installed applications from Android phones. We’ve known about its existence since the beginning of Android, it’s mentioned in the terms and conditions at the Google app store and the mainstream press took note as early as October of 2008. But, to me at least, it’s been something akin to the U.S. intercontinental nuclear arsenal. I don’t like it’s existence, but I figure that sane people are in charge and it’ll never get used.

But Google’s now used it, and has even bragged about that fact on the Android Developers Blog in a post by Android Security Lead, Rich Cannings:

“The remote application removal feature is one of many security controls Android possesses to help protect users from malicious applications. In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed.”

The thing is, the same blog had already sought to assure us there was absolutely nothing dangerous about the apps removed. They weren’t malware, just deadware.

“These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.”

I suppose the average Android user, who may be only vaguely aware that Android is open source or what open source means, won’t mind too much, if at all, that apps can be remotely removed from their phones without their input. Many users might even be pleased to know Google is standing over them, ready to protect them from any unscrupulous app that might hurt their smartphone or bank account .

But Houston, we’ve got a problem. This is open source, and such heavy handed we’re-going-to-take-over-your-device-for-your-own-good behavior goes completely against the spirit of the GPL.

It’s fine and dandy that Apple puts a similar switch on the iPhone (which they haven’t used) or that Amazon can delete books from Kindle (which they’ve ironically done with 1984), because they’re both proprietary systems. You don’t own the operating system on an iPhone or Kindle, you just have the right to use it.

That’s not the case with Android. You own the the operating system outright. According to the license, you have the right to modify it any way you like. You can sell it. You can give it away. You can do anything you like with it. It’s yours.

I’m reasonably sure that Google has good motives. After all, people do their banking and lots of other things on their cell phones that could put them at risk if an unscrupulous developer were to design a back door into an app that didn’t get caught until after it was downloaded. But good motives don’t make this right.

However, there is something Google can do that will allow them to keep this function without violating the spirit of the open source model. That something is called “choice.” Allow the user the ability to configure how the kill switch functions on his or her devise. The user could choose either “let Android automatically remove malicious applications,” “prompt me to remove malicious applications,” or “disable kill switch, entirely, I’m feeling lucky.”

If they did that, they could even make the first option the default.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Comments are closed.