At their I/O conference earlier this year, Google unveiled many features in the upcoming Android 2.2, named after the next dessert in the alphabet, Froyo. One of the cooler features demonstrated was the ability to download apps from your pc and have your device automatically start downloading it from the market, no physical connection required. To the development crowd, this confirmed that Google had ways to control app behavior remotely, a backdoor much like Microsoft and Apple have that enables them to gain access to their users" mobile devices. While the I/O conference keynote address only displayed the constructive aspects of such a function, they didnt mention that it gives Google a kill switch to remotely delete software as well.
According to the Android Developers Blog, Google used their kill switch for the first time today. A security researcher had created a proof-of-concept app that hid its "malicious" identity behind a convincing veneer that got users to download it. It wasnt actually malicious and it was just a test. The majority of people who downloaded it immediately uninstalled it after realizing it was basically an empty husk of an app. The researcher removed the app at Googles request, but they decided to put kill switch on its maiden voyage, using the feature to complete the cleanup on users who hadnt yet deleted the software.
According to the blog, the functionality is not meant for basic content management, as apps that violate the Android terms of service are just simply removed from the Android market. The remote deletion is geared towards emergency situations where they see that a malicious piece of software is being quickly propagated among mobile phones.
"In case of an emergency, a dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users. While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed."
Image source: Engadget