Google has remotely removed two free apps from several hundred Android phones because the apps misrepresented their purpose and thus violated Android developer policies, according to a company spokesperson.
This marks the first time Google has used the Remote Application Removal Feature that allows the company to delete apps for security reasons that have been installed through Android Market.
The apps were proof-of-concept programs designed to test the feasibility of distributing a program that could later be used to take control of the device in an attack, according to Jon Oberheide, the developer who wrote and distributed them.
The one app — called RootStrap — executed code that merely printed a message on the phone that says "Hello World", while the second app did the exact same thing but was disguised as a preview of the Twilight Saga: Eclipse movie, he said in an interview with ZDNet Australia's sister site CNET on Friday. There were about 50 downloads of the RootStrap app and 250 to 350 of the Twilight app, though some people later uninstalled them, he said.
Oberheide has developed a program that could be used to bootstrap a rootkit, effectively allowing someone to remotely take control of a phone by having an app already installed on it to fetch code that could exploit a vulnerability on the device, he said.
This screenshot shows the message Android Market sent to phones when it remotely removed Oberheide's apps. (Credit: Jon Oberheide)
"An attacker who develops legitimate-looking apps and distributes them on the Android Market could gather a large install base and if there was a vulnerability within the Android operating system or Linux (upon which Android is based) the attacker can phone home to see if there is an exploit to download and push it out to all the phones he controls and take complete control of the phone via the kernel," said Oberheide, who works at a security start-up called Scio Security.
Oberheide removed the apps voluntarily from the Android Market after being asked to by Google, he said.
The apps "were not designed to be used maliciously, and did not have permission to access private data — or system resources" beyond accessing the internet, Rich Cannings, Android Security Lead, wrote in a blog post.
Under the Android Market Content Policy for Developers, "developers should not upload or otherwise make available applications ... [that offer] misleading information about an application's purpose".
Via CNET
Linkedin 
RSS Feeds 
Newsletters 
Alerts
I am glad that Microsoft doesn't carry on with this diabolical behaviour. Without commenting on the purpose of the software I'll just mention that I won't support or endorse any operating environment where OS vendors give themselves the right to interfere with user's computers in this way. It's just a matter of working out who is worse: Google or Apple.
Your joking right? Microsoft is just as bad.
http://en.windows7sins.org/privacy/
http://en.wikipedia.org/wiki/Windows_Genuine_Advantage#Criticisms
At least Google [and partly Apple] have an open platform. Google only had good intentions anyway.