Remember the ridiculous outrage that ensued after Steve Jobs confirmed that there was a “kill switch” built into the iPhone which allows Apple to remotely delete malicious apps that somehow manage to sneak into the app store?
Well, Android has a similar feature and Google unfortunately had to employ it recently when they removed two misleading applications that were “built by a security research for research purposes.”
Google’s Android Blog explains:
These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
After the researcher voluntarily removed these applications from Android Market, we decided, per the Android Market Terms of Service, to exercise our remote application removal feature on the remaining installed copies to complete the cleanup.
Sounds innocuous enough, and we can’t knock Google for remotely removing apps, but if the apps in question weren’t malicious, then why bother?
Well, Google’s description of events is pretty vague, so here are some details to fill in the holes courtesy of hackinthebox.
Security research Jon Oberheide uploaded an app promising never before seen pictures from the next Twilight movie. But hidden in the app was code that “phones hometo check for any new code that Oberheide [wanted] to add to the program, including any hidden control program or “rootkit” that he wished to install.”
Both Apple and Google have kill switches built in to get rid of malicious software. However, in this case, it has been demonstrated that a ‘nice’ app could have some really nasty stuff hidden in it. Without any vetting of the apps, who is to know what is hidden in even the nicest apps.
The iTunes App store may provide much greater examination of programs, making it much harder to hid malicious code. The caveat is that since we really do not know for sure what vetting Apple does we can not be 100% certain either.
At least Apple has a greater vested interest in making sure it catches things before the kill switch is needed. And I would expect that after seeing this exploit on Android that people will be trying something similar on the iPhone.