From: Harold Fuchs on 4 Jul 2010 12:23
The following article appeared in today's Sunday Times (UK)
======== begin article (verbatim) =========
Mystery of the vanishing apps
You may think software downloads are yours to keep. Wrong. Tech firms can
whisk them from under your nose
Published: 4 July 2010
Many Kindle owners found that their George Orwell novels had disappeared
(The Sunday Times)
For millions of fans of the Twilight films and books, the Twilight Eclipse
Preview app must have been a tempting proposition, promising advance footage
of this summer's big blockbuster. However, soon after hundreds of smartphone
owners had downloaded it from the Android app shop, a strange thing
happened. Overnight, the app vanished, as if wiped from phones by an
invisible hand - which, in effect, is what happened.
Without a word of warning, Google, the supplier of the Android operating
system, deleted the app from phones around the globe, having decided it was
not in its customers' best interests. Challenged on its decision, Google
defended its actions - and revealed it had the ability to install software,
too. And it wasn't the first corporate giant to demonstrate that software on
phones, ebook readers and games consoles can be edited from afar without the
Amazon pulled its "remote wipe" lever several times last year, zapping
ebooks installed on hundreds of Kindle readers, which it thought had fallen
foul of copyright rules. And Microsoft froze out tens of thousands of Xbox
360 gamers from online play in February because it believed they had
modified their consoles to play pirated games.
Steve Jobs, Apple's chief executive, recently became the first head of a
tech giant to admit publicly to having these powers, and he confirmed that
Apple has the ability to remove apps remotely from millions of iPhones and
"Hopefully, we never have to pull that lever," he told The Wall Street
Journal, "but we would be irresponsible not to have a lever like that to
Google pulled its lever because the Twilight Eclipse Preview app was not
what it appeared to be. Jon Oberheide, a security researcher, had designed
it to expose weaknesses in Android security. He wrote a piece of software
that could hijack an Android phone, then wrapped it in an innocuous-looking
package. After paying the usual app-developer's $25 (�16) registration fee,
he uploaded his program to Market, the Google-run software store.
The Twilight app was intended to disguise itself - and could download
software to give it full control over whatever the phone could do "The
Twilight app was intended to disguise itself," says Oberheide. "Once it was
installed, it could covertly connect to a remote server and download
software to give it full control over whatever the phone could do: snoop on
the user, make premium-rate calls, read passwords - even render it
More than 200 people downloaded his "sleeper" app from the Market store on
its first day alone. When he later made it public during a conference that
he had succeeded in putting the "bad" app in Market to test Google's
security, it quickly provoked a response. Google first asked him to remove
it from Market, then exercised the remote-wipe powers that Oberheide was
hoping it would demonstrate. It hit the delete button to remove the app from
every Android phone in the world.
Rich Cannings, a senior member of the Android security team, explains why it
did it: "In case of an emergency, a dangerous application can be removed
from active circulation rapidly to prevent further exposure to users."
Microsoft's Windows 7 phones, due this autumn, will have similar safety
measures built in. "If there was an app that turned into something
inappropriate, Microsoft would terminate it on the device," the company
Security is one thing, but when Amazon pulled its override lever last year,
the only danger of unusable devices came from irate owners binning their
Kindles. Copies of George Orwell novels were deleted overnight after Amazon
discovered a publisher had been selling them illegally; ironically, one of
them was Nineteen Eighty-Four, in which Big Brother peers into the private
lives of citizens.
Although buyers received refunds, any digital notes and annotations they had
made were lost. Amazon's founder, Jeff Bezos, later called the response
"stupid, thoughtless and painfully out of line with our principles".
Amazon's actions may have been out of line with its principles but they were
very much in line with the industry-standard terms of service, which allow
sellers to change or withdraw content at any time. When you buy digital
content, you are really buying only permission to use it - permission that
comes with miles of virtual red tape attached. Not only does it bar you from
copying or re-selling digital items, but it also restricts the number of
devices with which content will work and bans certain language and
You must be very bored, very careful or a lawyer to read these full terms of
service, and yet, according to the relevant companies, whenever you click
"Agree" while activating a new gadget, you are confirming your understanding
of the terms and entering into a legally binding contract. The Kindle comes
with 2,200 words of fine print, and Android's 4,200 words allow Google's
thought police to monitor Android apps. The terms of service for Apple's
online iTunes store state that ringtones supplied by it must not be listened
to for pleasure (they can be used only as call alerts) and any films
downloaded from iTunes can be transferred to a television only via an
Apple-approved cable; that's just part of a staggering 26,800 words of
Break any one of these clauses and you risk forfeiting your purchase.
Invoking its 8,100-word blurb, Microsoft shut off its Xbox Live service to
anyone who had tinkered with their Xbox 360 to play illegally copied games.
That sounds fair enough, except that thousands of Xbox owners complained of
being cut off despite having done no such thing. Corey Dukelow, an Oklahoma
lawyer, is planning a class-action lawsuit against Microsoft. "In numerous
instances people claimed vehemently that they did not modify their Xbox but
were banned," he says. "Microsoft pretty much dropped the axe and moved on."
If these big corporations are threatening our digital freedoms, surely
government will come to the rescue. Don't count on it. Under the Protecting
Cyberspace as a National Asset Act, which is making its way through the US
Senate, President Obama is about to get the ultimate override switch. It
will give him the power to shut down the entire internet to protect America's
critical infrastructure during a cyber-emergency. That's one lever that
nobody wants pulled.
Here's what happens when the world's biggest high-tech companies use their
Amazon: Wiped copies of George Orwell novels from Kindle ebook readers last
year, but has since apologised.
Apple: Has yet to throw the override switch - built into the operating
system of every iPhone, iPad and iPod Touch - that can delete any app.
Google: Deleted hundreds of copies of Twilight Eclipse Preview last month.
The company could do the same for any app on any Android phone.
Microsoft: In the past has suspended players from its Xbox Live online
service for giving themselves "non-family-friendly" gamer tags, including
one poor chap with the surname Gaywood. More recently cut players off
entirely for allegedly tampering with their Xboxes.
========= end article =========