When you bought your new smartphone, did the dealer tell you it had a remote “kill switch” that could summarily wipe out apps you’d downloaded to it? Probably not. But it almost certainly has one, and if you bought a smartphone with the Google Android operating system, it might have actually been used.
Computer makers wouldn’t dare do such a thing, even if it were justifiable on security grounds. Imagine if your new computer came with software that enabled Microsoft to remotely eliminate whatever third-party applications it thought constituted a security hazard to your system. One touch, and out it goes. Oh, Microsoft would let you know in an e-mail what it did, when the deed was already done. Computer owners would howl like Paris Hilton denied a chance at a camera lens.
Phones are different. Phone software providers don’t think of your phone as a product, so much as a way for you to hook into a network. Most people trade phones much more often than they swap out computer gear, so it’s not an invalid assumption to think that you’re probably not all that attached emotionally to your smartphone.
In a way, Google, Microsoft and Apple seem to feel a responsibility for your phone that Microsoft doesn’t have for your computer. A rogue app that could damage the phone is a security hazard that could theoretically imperil more than just your individual phone. It could leap outward into the network itself, causing havoc for millions.
So Google, Microsoft and Apple have built in back-door kill switches for downloaded malware. Your phone may well have one. Don’t bother looking; it’s invisible to you, aside from language in that usage agreement you presumably signed when you bought the phone. I list only Google, Apple and Microsoft simply because, to anyone’s certain knowledge, neither Research in Motion’s BlackBerry nor Nokia’s Symbian operating systems have kill switches, but neither of them emphasizes app downloads the way Apple and Google do.
Kill switches aren’t new. The app kill switch I’m writing about is only slightly different from the one corporations routinely require in phones they issue to employees. Those kill switches are even more thorough—they disable the phones.
They’re also different from the iPhone’s “Find my iPhone” feature that lets the owner wipe the phone’s memory remotely. Law enforcement officers often seize iPhones and then have to hustle them into a signal-free environment to prevent suspects from remotely wiping their memories.
Still, operating system companies don’t proudly point to the kill switch as a feature. Phone owners would be slightly less than thrilled to know that an app could be deleted rather arbitrarily by a company that didn’t even sell them the phone. But it’s there. They acknowledge it.
To be fair, it’s not a bad idea. Apple checks out the apps they offer, so it’s unlikely that malware could sneak onto an iPhone. Google, however, takes a different tack by opening its store to just about anybody who has an app to share, so rogue apps are more worrisome. The kill switch is designed to let Google delete downloaded malware from all the infected Android phones in one massive disinfection. It has resorted to the kill switch at least twice so far, although in widely spaced situations.
In June of last year, Google finally used the kill switch for the first time since it was introduced in 2008. It was no big deal, apparently, despite Google’s drastic action. Researchers had allegedly misrepresented their apps to the Android Market to entice users to download them. When Google found out about it, the researchers pulled the apps from the Android Market and Google made sure the job was properly completed by flipping its kill switch to wipe the unwanted apps from all the Android phones where they were installed.
A year later, Google flipped the switch again, this time to really clean house: 58 malware apps, by Google’s count. Google shrugged off the worst-case scenario, saying most of the apps were old and had been removed from the Android Market long since. Google was just collecting the garbage, in other words.
This doesn’t mean that every user is happy to have his purchase come with a kill switch. In 2009, Amazon used its built-in kill switch for the Kindle to arbitrarily wipe a couple of George Orwell’s books that it claimed shouldn’t have been sold to start with. Lawsuits were filed, Amazon backed down, and kill switches got an undeserved reputation for tyranny. As long as Google can show that it’s authentically blasting only malware, few will complain, but if it (or Microsoft or Apple) becomes high-handed and starts wiping out legitimate, popular apps for political or corporate purposes, acceptance could plummet and the kill switch could become about as popular as the malware it’s supposed to suppress.•
Altom is an independent local technology consultant. His column appears every other week. He can be reached at firstname.lastname@example.org.