Android Market Malware Has Users Begging Google To Remotely Disable Bad Apps


These past few days haven’t been Google’s best. The company ran into a bit of a problem with its Gmail service late last week, with some users reporting that all of their e-mails had been deleted. Google says the problem only affected a fraction of its user-base, but seeing headlines along the lines of “USERS REPORT GMAIL DELETIONS” probably didn’t go over too well in Mountain View. Then there was the Android Malware incident, which is technically still ongoing. A series of malicious apps had appeared in the Android Market, apps capable of stealing user data and “dialing out” without the express permission of the phone’s owner. What to do?

The Financial Times says users have been complaining that, while Google has removed the offending apps from the Android Market, the company “had not acted to disable any malicious software that had been downloaded.”

Am I reading this right? Do users actually want Google to have to ability to remotely disable apps?

I’m not saying having the ability to remotely disable apps is a good or bad thing (it’s just a thing), but I do seem to remember plenty of times in the recent past when users have absolutely flipped out when a company exercised its ability to remotely interfere with their hardware or software.

Remember when Amazon ran into copyright issues with a particular Kindle edition of George Orwell’s 1984? Amazon, without its users’ permission, remotely deleted the offending book from Kindles across the land, sparking a certain amount of outrage online. “How dare Amazon do this!” and so on.

Amazon apologized, saying it would never again remotely delete Kindle content in such a fashion.

Apple, too, received criticism for its ability to remotely disable iPhone apps. That Apple later applied for patents to remotely disable iPhones shows what Apple thought of the controversy.

Which brings us back to Google. Several thousand people had downloaded the malicious Android apps, which were published on the Android Market under innocuous-sounding names such as “Chess” and “Super Guitar Solo.” Who’s to say how many of these people are even aware that the apps they downloaded are malicious? Given Android’s explosion in popularity over the past year or so, you can’t really expect all, or even most, of these people to follow tech news so closely that they know one of the half-dozen apps they downloaded the other day was actually malware. Not everyone spends all day on the TechCrunch sites (although they should).

What do we want Google to do? It’s probably not a bad idea for the company to go ahead and disable those malicious apps. You have to weigh the “invasiveness” of remotely disabling apps with the very real danger this rash of malware represents. Does Google really want its Android Market to gain the reputation of being a cesspool of malware? Certainly not. But then part of the allure of the Android Market is that it’s open; you don’t have to play by Google’s rules, per se, to get on there like you do with Apple’s App Store. Is that openness lessened if Google, acting in the best interests of its users, decides to remotely disable these malware apps?

It’s not as if Google hasn’t already reserved the right to remotely disable apps, but the question here is whether or not it should remotely disable apps, and to what degree does that infringe upon the Android Market’s idea of being a free and open store?