Ten days ago Google discovered that apparently innocuous Android apps were in fact infested with “DroidDream” malware that included an Android rootkit, with the apparent intent of creating a smartphone botnet. It infected more than a quarter of a million devices before Google intervened. The thriller writer in me immediately began to wonder what would happen if black hats built a wildly popular game that doubled as a botnet beachhead. Imagine if Angry Birds was secretly the world’s biggest botnet: even without root access to its install base, those hypothetical black hats could grab private data from tens millions of people, and/or probably DDoS every wireless network in the developed world, especially if it ran as a background service with location access.
That will never happen, of course: it’s what security guru Bruce Schneier calls a “movie-plot threat.” But it does illustrate that you couldn’t stop a Trojan app like that in advance. Android Market security is based on permission requests when an app is installed: such requests are routinely ignored, since nowadays almost every app asks for full Internet and SD card access. Ah, you might say, if only Android apps were vetted in advance, like Apple’s! In which case you should really stop kidding yourself. Most apps seem to be reviewed in an hour or less (after days in the queue.) Apple appears to check the libraries they link against, and maybe they can decompile to the original source code, too – though I doubt it – but iOS apps are written in Objective-C, which includes support for C itself, a language for which labyrinthine obfuscation has become an art form. Any developer worth his/her salt could write an iOS app that includes code whose use only becomes apparent when the app receives a secret signal.
Once upon a time, not so long ago, people talked about how “walled gardens” (like AOL and CompuServe, back in the day) would inevitably lose out to the free, wild, open Internet – and most software was preinstalled, shrink-wrapped, or downloaded from a trusted site. But nowadays users download potentially untrustworthy software from trusted sites. (See also: the Mac App Store.) That’s why providers need the remote kill switch that Google used on DroidDream; that Apple has had for years, and is ready to use on “unauthorized” iOS users as well as apps; and that Intel is now building in at the hardware level, so that phones (and computers) running Intel chips can be killed with a simple encrypted SMS.
Ten years ago people were horrified at the notion of Intel adding a unique ID to all of its processors. Today every phone has a unique ID, and yours is probably uploaded to apps’ servers multiple times a day. Not so long ago, people were outraged that Amazon could and did arbitrarily delete books from users’ Kindles; last week they clamored for Google to exercise essentially the same power. Giving all that power and control to Amazon, Apple, Google and Intel in exchange for security may ultimately be a reasonable and necessary tradeoff — but that kind of centralization of control still makes me more than a little uneasy.
As the developing world adopts smartphones as their first and only computers, Android and iOS will increasingly dominate all Internet traffic. (What about RIM and Windows Phone? I expect they both have kill switches too, but really, who cares; wake me up when one of them has won next year’s war for third place.) Android is a walled garden just like iOS, subtler but no less forbidding. And you can’t even escape the app garden via your browser, because your browser is, in and of itself, an app. While we weren’t looking, the walled garden won.
Photo credit: James Whitesmith, Flickr