Thursday, October 16, 2008

Remote kill switches (Android / iPhone)

It's completely reasonable and responsible to have a remote kill feature on a device consumers expect to be a hands-off, embedded style, design. The non-technical population is not trained to understand that something like a cell phone is a vector for virus infections or other malicious code. In fact, they are aware a computer is at risk and many of them still can't handle it.

Like malicious PC code the real threat is an application that runs happily in the background or masquerading as a legitimate application. The user often has no way of knowing there is a problem. In the case of a cell phone there are many scary scenarios. Apps that steal address books. Apps that turn on your camera. Apps that record your calls. Network DDoS attacks crippling the network.

When Apple or Google is presenting applications for download via a UI built into the device there is an expectation by the customer these apps are safe so there does have to be some last resort to pull the applications if needed. Both Apple & Google should reserve the use of any remote kill feature for only the most serious problems.

Apple for instance cannot use remote kill to pull apps they allowed on the AppStore and then later pulled unless there is a major security concern. Anything short of a major privacy violation or network attack would not justify the use of remote kill. In the case of Google it doesn't matter. Savy users would just recompile Android without the remote kill code. Google has no flexibility to abuse it.

All the people crying over privacy concerns & consumer rights need to understand they are playing in a shared space. If you have a swimming pool you can go pee in it anytime you want. If you go swimming at a public pool the rules are different.

No comments: