The 1st app I'll write
Is to block access to the blacklist. Lets see Google kill that one !!!
Google has put itself in charge of policing Android devices. The search giant is retaining the right to delete applications from Android handsets on a whim. Unlike Apple, the company has made no attempt to hide its intentions, and includes the details in the Android Market terms and conditions, as spotted by Computer World: …
Oh by the way, it isn't yours really, it is owned by Google who can and will remove any applications you download from them and possiibly other third parties that it deems unfit.
I was considering Android purely because I thought I would have control over a handset that I purchased. Open source, no hidden nastiness has to be a good thing. It is now tainted.
I wait until someone smarter than I hacks google control out of the device, then I will reconsider. Until then the OS on this device is no better than that on any other proprietary handset.
I can understand the Google position on this, if anyone can distribute any applications they like the device is ripe for abuse. Still informing the user of any malicious application and it's behaviour and allowing the user to chose whether or not to remove that app would be imho the more fitting solution.
Google have just admitted that the device is monitored and has a back door just like the iPhone. More fool those who allow this kind of invasion.
Oh dear, that marks out Google as definitely a Government Spook Outfit stealing all your random thoughts looking for Knowledge? Or a Wannabe Government Spook Outfit?
Shame that their Client Base doesn't Really know in the Virtual Environment what to do, and what can be done Remotely with Proxies, with the Intel gathered and displayed though.
Ah .... the Ignorant Impetuosity of Youth and Arrogant Hubris of Age to Think that they Lead rather than Supply Leads to Youthful Leaders and the Much More XXXXPerienced Born Again Souls.
oh... the wonder phone has a weakness its just as locked down as the Iphone, just as expensive, looks shite, etc... Id rather have the Jesus phone! oh, wait.. no i wont! :)
and what about the little WM phones... write what you want for it, charge what you want, distribute it however you want! yes... big evil microsoft at it again! lol!!
I think about 60 years ago, a bloke with a small moustache was suggesting what was good for his followers... that worked out well for him, didnt it!
Way to bring Hitler into a conversation about mobile phones...
I can't say I like the idea of Google reserving this ability with Carte Blanche to apply for whatever reason they see fit, how ever they have openly announced it and are massively more open than Apple who won't let you install many things without them anyway.
Looking at this practically, chances are that Google is concerned people will try and sneak Malware through their marketplace. Many people might have a false belief that because it is found via the Google service that they have to be less careful about who they trust, and Google wants an easy way to protect its reputation in this event.
I seriously doubt Google intend to act like Apple who obviously use their control of the device to limit users to software that they choose, refusing to allow software that provides functionality they don't like to be added.
The phone you want is the OpenMoko FreeRunner... once the software is up to production standard. More info at http://www.openmoko.com where they are now painting a fairly rosy picture. You'll get a better idea of software quality at http://www.openmoko.org - not a phone for the non-techy yet...
Repeat after me: "Open source is good. Say no to apple, google and microsoft. I want my phone to run free, unfettered by unreasonable EULAs and subtle ties back to the mothership"
I'm thinking along the lines of Curse of the Were-Rabbit, the difference here being that while Wallace never actually revealed what rabbits would eat instead of vegetables, we can all eat open source goodness instead...
One of the nice things about Windows Mobile is the abundance of tools not only to remove simlocks but to install what you like and even rebuild the entire rom - to include/exclude whatever you want/don't want. I suppose this will come to the iphone and others but there is some catching up to be done.
not really - the kill switch is an indiscriminate write action to (remotely) disable a handset (or SIM). This seems to be more like a read action to see what's on the phone, analysis of what applications are installed on the phone, followed (potentially) by another command to initiate deletion of specific applications from your phone.
Also, extrapolating wildly, if google can execute remote commands on your phone then presumably so could anyone else...
Sorry to all the people saying it, but the Freerunner is a pile of cow droppings. Honestly. The design of this phone is one of the worst I've ever seen and in its current form has no chance of being any use to anyone.
Just search for Freerunner vs. iPhone for more information on Freerunner major design flaws. I'm not an Apple fanboi either, I'm all for open source but we have to do a lot better with OpenMoko than we're doing right now...
I certainly don't feel comfortable with Google telling my phone which apps it deems as 'ungood'. But then, if something dastardly happens, for example, a worm that spreads around eating up your call credit calling 09xx numbers in the background, I bet we'd all be grateful then if Google can just whack it from everyone's handset in one swoop.
Perhaps it needs to be clearer under what conditions such a kill could be justified.
Jolyon
Ye are bourne of Google, and ye shall return to Google. Earth to earth, ashes to ashes, Google to Google.
You will be assimilated. One way or another.
Does the new Android phone have an accelerator detector in it? Could the Google overloads build up a remote database on how many times you have a tug with the phone in your pocket? That's scary. They could have a Tug database on all the chaps with an Android phone, then use that data to send associated advertisement content to you - like 'last longer' cream, or cream for constipated cocks. Or even advertisements for dating websites, to help you get a real girlfriend.
Typically, virus writers go after the low-hanging fruit. The stuff that's easiest to exploit - for a reasonable return.
Giving (well, OK: selling) people a device where most of the code is available, or to be made available AND can be used to suck money directly out of your bank account is a bit of a game changer. It now becomes much more profitable for the baddies to spend a lot of time and ingenuity to find ways to subvert, exploit or create loopholes in this open platform. Their motivation (and numbers) being far greater that that of the developers, it's only a matter of time before Andriod exploits start circulating.
Up to now, linux has had a reputation for being secure. A lot of this is based on the fact that M$'s products are far more popular - thus providing a bigger, if not juicier target and traditionally containing security holes large enough to drive a SCSI bus through. As a consequence, the number of Linux exploits - ones that have actually been used to do nasty things on other people's linux platforms, have been scarce. I can see that the assumptions the security assessments are based on will soon be challenged.
Personally, I'll give the Andriod a miss - it's only a phone afterall - and stick with the tried and trusted rule: never use version 1
Chrome regularly phones home too.
I'm surprised people are surprised. The only way Google can make money is to look at people's usage patterns and show them adverts based on them. They're not going to go to all this effort to make a mobile phone platform and really give it away for free.
And there lies the future of online communication.
For all the Windows haters out there the next gen domestic computers will not just tie you to the OS but also to the permitted apps - future developments? Restricting the sites that can be accessed to those that are certified by Goople, or restricting the sites to those that pay Aggle to be certified?
Sell it on vastly improved security - a single vast online shopping mall with approved vendors, contextual, personalised advertising and compulsory feedback of browsing history so that your online environment can be continually adjusted for the most satisfactory browsing experience.
Oh and a single unified payment system so that they can lose all your credits in a single batch file.
Showing signs of losing another customer here as well. I want a phone that can stand alone without hanging off servers and software installed desktop PCs. Currently only symbian and windows mobile can do that, and the latter not as well. I was kinda hoping that Google were finally gonna do it right but it appears not. Looks like i'll be getting another nokia smartphone this year...
...to prevent it from violating the Three Laws:
1. Do not allow third party software to trample on the revenue stream.
2. Do not allow users to use third party software when they could rack up usage charges instead.
3. Own the phone, even after it is bought and paid for
Oh, and in response to previous posts about OpenMoko, yes, the software is poo right now, they are suffering from forks, there are at least three different forks currently being supported, the teams all need to consolidate behind one to get close to the Android/iPhone software standards or the phone will wither on the vine...
Mine's the one with the remote kill switch in the pocket...
Even if an application has been maliciously calling 09xx numbers in the background, it will stop ..... eventually. You can never lose more than the amount of credit you put on your phone.
I'm not sure that this sort of agreement would be legal on the Continent ..... and if it's legal in the UK, that's only because of John Major unilaterally opting us out of certain laws that didn't suit the Tories.
"A lot of this is based on the fact that M$'s products are far more popular - thus providing a bigger, if not juicier target and traditionally containing security holes large enough to drive a SCSI bus through."
No.
Otherwise Apache would have more than 2/3 of the exploits, being the most popular web server. Web servers being a great resource for information that can be used for nefarious purposes. And, unlike desktop machines, generally on 24/7.
The reality is quite different.
MS's desktop products are more hacked because they are more hackable.
End of story.
The Neo Freerunner doesn't work yet - they even admit as much on the TrueBox website. It is purely in development stage and aimed at nurds (or is that nerds).
Please use google (other data mining search engines are available) and do a bit of research before posting drivel.
Sorry, just had to say that. Or rather, JUST SAY NO to gPhone and iPhone and / or don't get a mobe at all.
Ok, so who's waiting for the first customer who buys this POS who purchases and installs a 3rd party program that G wipes off their unit and see how long until their lawyer is making a bundle of cash over it?
If and when I ever get a unti, it will make emergency calls that I need and won't have all this foolishness. MEH
Mobile companies, both the handset providers and the bandwidth providers, are very sensitive about their property. We buy our handsets from the phone company, subsidised for the life of the account. The retail price of the average smartphone is £3-400, proved by the cost of the Freerunner, and I'm sure that there are very few people reading this who slapped that down for their Crackberry or Pomegranate or whatever shiny toy dragged them into a Vodafone shop last time they passed. In return the providers support these phones, so if yours dies, you can call them and get some assistance in getting it fixed, even if it's just RTB, back up your SIM and get a new one. So the phone companies aren't keen on random software on their machines, and want some kind of control on what data goes in and out of it. Why isn't there a free usable version of MSN Messenger for non-Windows phones? Why is Opera pretty much the only decent alternative (and indeed often main) web browser for smartphones? One is because the phone companies believe IM bites into their call revenue in an unbalanced way, the other is because the web experience is potentially bandwidth-intensive and can't be guaranteed on a handset, despite what Apple thinks.
The G1 business model has been dictated by the success of the iPhone. Remember that Google weren't going to create a phone at first, but have probably been forced to by the reluctance of the phone companies to open their architecture. It came as no surprise to me that it was HTC who have picked it up because they are seemingly trying to find an alternative to Windows Mobile, but they will have required concessions, the FCC will have required concessions, there will have been concessions required for CE certification and no doubt T-Mobile will have had their say too. So a 'killswitch' is the response to a bunch of concessions for every party involved. It could be something as simple as the revocation of the API key, which Google use everywhere, and really, if you downloaded an app that calls Madagascar every 10 minutes, who would you be blaming?
Since its in the Market Place EULA its clearly one of the Market Place's terms and not Android's. I think its fair enough Google wants to be able to kill apps their service has installed on the device. Clearly its to be used in case someone sneaks something unfriendly in to the market place and avert the PR storm that would surely ensue if they did nothing about it.
This is no different form Apple's position with the iPhones App Store, with the big exception that you can only use the Apps Store to get Apps on your iPhone (unless you are an enterprise willing to pay). Where as with Android you can add apps any way you like, there's no restrictions. So if Google were to throw the Kill Switch on something you like, you can always get it without using the Market Place.
Once Google releases the source to Android I am sure people will tear it apart looking for this sort of stuff. Of course if its part of the Market Place code they might not be able to see it, as it appears Google isn't going to be releasing source to its services apps.
Do you think you could then tell the FSF to stop punting the Freerunner as a viable alternative to the iPhone on their site?
Freerunner's hardware (emphasis on hardware) needs radically changing, not just the software... I just don't think OpenMoko has much chance until it throws the design out and goes back to the drawing board. At the moment you can't even use the stylus on the boundaries of the touchscreen due to the poor bezel design.
Then again, that'll put OpenMoko even further behind (not even basic 3G connectivity confirmed for the GTA04 phone)...
"I can understand the Google position on this, if anyone can distribute any applications they like the device is ripe for abuse"
Hm? That was funny! The device can be considered a computer. Would you like to use a computer that doesn't let you install some programs or that de-install them without your consent? Who owns the device? Has Nokia or any other vendor made anything similar? Apple and Android are going too far, they do not own the devices they sell and they must not control them/configure them to call home
"I was considering Android purely because I thought I would have control over a handset that I purchased. Open source, no hidden nastiness has to be a good thing. It is now tainted."
Like with Neo Freerunner?
This post has been deleted by its author
It is high time that a law be passed that declares any programmable item to be the sole property and purview of its physical owner.
I am sick and tired of companies pushing products that consider their operation to be the sole goal of whatever it is the product is supposed to run on.
Be it a PC or a phone, it is mine, understood ? If I want it to load a given app, they that app should be loaded, period. If I want to run a trojan, then that trojan should run, period.
And if I'm not smart enough to keep virii off my pieces, then I should pay for it in cash until I wake up to the fact and get it cleaned.
It should be forbidden to sell a product that limits user interaction in any way beyond the scope of the application. If a phone OS allows for downloading third-party apps, then there should be no centralized kill switch to turn some of those apps off.
Sure there will be scum and assorted virii, that's life on the intartubes. Profit from it and create a firewall app, don't muscle in with a kill switch that I cannot control.
Control is mine, you hear me ? MINE !
This post has been deleted by its author
Hear, hear!
I would also like to see, in the same Bill that guarantees owners of programmable hardware full ownership rights, a requirement that the user of a piece of software must be given access to the Source Code of that software.
Not necessarily the right to distribute copies of it (which, if they were desperate, they could already do anyway without the Source Code) but certainly the right to inspect it to determine suitability for an application and the right to make modifications for their own use, or to employ a competent programmer of their choice to do such things on their behalf.
After all, if I buy a pair of jeans -- even expensive designer jeans -- nothing prevents me from altering them to fit my un-supermodel-like short, stumpy legs. And if I don't know what I am doing with a needle and cotton, then there are people out there who will do the job for me, for the appropriate fee.
The ability to earn a living adapting lousy one-size-fits-nobody COTS software to suit the needs of customers might be just the thing Britain's IT sector needs. And it might put an end to the practice of writing lousy code on the basis that the author is not expecting anyone ever to see it.
Code plagiarism would actually be very unlikely to be a problem, since the author of the original software would be allowed to inspect any suspected plagiarised Source Code.
Per Secunia:
* IIS6 (5 years old) has been affected by 5 advisories relating to 4 vulnerabilities: all are patched
* IIS7 (1 year old) has been affected by 1 advisory relating to 1 vulnerability, since patched
* Apache 2.2 (3 years old) has been affected by 9 advisories relating to 15 vulnerabilities, of which 2 are unpatched
* Apache 2.0 (6 years old) has been affected by 39 advisories relating to 23 vulnerabilities, of which 4 are unpatched
/me thinks that it may be that some other software development organisations would do well to take notes of the lessons learned by Microsoft in the IIS4 and 5 era.
But how serious are the effects of these "unpatched vulnerabilities", and what is the likelihood of anybody being able to use them ?
There's a world of difference between being able to modify from an unspecified remote location the contents of any page being served up, and just being able to make a person have to reload a page if you have physical access to the server and someone has left a console logged in as root.
But then again , by calling it an application kill switch kill switch controlled remotely , it sounds like an easier way for the police state mentality defective paranoid secret police to pwn any particular unit at any particular time to self spy on the selected user , so one can conclude open source smart phone where all the source code is available is a far far better option .
For who indeed wants their own phone to spy on oneself ?
More than likely, applications distributed through Android Market will be assigned an identifier that travels with the app to the phone. If an app is found to be seriously detrimental to the phone's functionality, or to obviously infringe on someone else's rights, it would be a simple matter of reaching out to those phones that have installed the app and, by using the identifier, remove the app from the phones without discovering anything else about what might be installed on the phone. There is simply no need to dump the phone's contents to Google for any reason. Speculation along these lines is absurd, although it is understandable, given the current climate of fear and cynicism.
Moreover, Android's code is completely open, for those of you who are comparing it to closed source projects. Download it for yourself and see.
A little more from the original story that takes some of the nastiness out of this article which is based completely on speculation and waiting to hear back from the Open Alliance (was this really so pressing that you couldn't have waited for a response?). Note that, unlike Apple, Google will try to get your money back for any app it needs to remove. Also note that ALL Android apps are currently free, and you don't need to get them from Android Market:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117279&source=rss_news
<<<>>>
In addition, Google says that if it does remotely remove an application, it will try to get users their money back, a question that iPhone users have wondered about in the case of an iPhone application recall. Google said that it will make "reasonable efforts to recover the purchase price of the product ... from the original developer on your behalf." If Google fails to get the full amount back, it will divide what it gets among affected users.
Google may have more need to use a kill switch than Apple. That's because Apple vets applications before putting them into its Apps Store. Anything goes in Google's Android Market, opening the chances of malicious or otherwise unwanted applications appearing in the market.
The Android Market business and program policies also include an item that says users can return any application for a full refund within 24 hours of the time of purchase. In the absence of a trial version of applications, this offer will let users return an application that might not deliver exactly what they expected.
Android Market users can also reinstall as many times as they wish an application that they buy, another useful feature in case a phone fails.
<<<>>>
And from http://www.crn.com/software/211201748 :
<<<>>>
Adam Yoffe, founder of BreadCrumbz, an Israeli-based developer on Android, also had not heard of the kill switch, but he believes Google will apply it only as a last resort.
"I assume [it will be] in extreme situations where device stability or major license infringement is concerned," he said.
He also believes that the kill switch only applies to applications installed through Android Market.
<<<>>>
Grab a brewski and forget about this FUD ... it's FRIDAY!!!
You left out context.
a) validity of vulnerability: ActiveX is still there under IIS. MS even say, when there's a problem, turn off ActiveX. I would call that unpatched. Now, of the 4 unpatched Apache issues, are any of them serious?
b) IIS is closed source. The ONLY people able to check the code for coding vulnerabilities is Microsoft. Apache is MIT licensed (IIRC) and so can be checked for such things as null pointer access potentialities. Try that with reverse engineering of IIS code.
c) When MS patches you can't really tell what they fixed (they HAVE been caught before by someone looking into what the updates of Windows contained and seeing fixes on files that have nothing to do with their explicit fixes contained). Hard to hide what you're fixing with Apache. So how many of those "vulnerabilities" are not reported because MS silently fixes them?
I'm posting from a rather ancient but v good P990i. I know nokia just bought symbian, but it strikes me that at the moment it's actually the only platform you can easily write and dist your own apps for. minus pt, it's clunky as hell to write for. and I'm not a fan of S60! hope UIQ survives the "big merge!"
I too was interested in the iMoan (not now) and the BooglePhone (not now). I'm now thinking I'll stick with this P990 until some new symbian 10(?) stuff comes out.