Janne Kytömäki, a Finnish software developer, was cruising Google’s Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen King’s name had vanished from the covers of his books, replaced by an unknown author. Kytömäki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online.
Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. “It was sort of unreal, watching something like that unfold,” says Kytömäki, who makes dice simulator apps. Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple, and Amazon all have the ability to reach into devices to delete illicit content or edit code without users’ permission. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine.
Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. “For most users, the ability to remotely remove apps is a good thing,” says Charlie Miller, a researcher with the security company Accuvant.
The history of kill switches on smartphones and e-readers suggests they’re double-edged swords for the companies that wield them. In 2009, Amazon reached into users’ Kindles to delete e-book copies of George Orwell’s 1984 and Animal Farm that had been sold by a publisher without the necessary rights. The ensuing backlash caused Amazon Chief Executive Officer Jeff Bezos to call the move “stupid, thoughtless, and painfully out of line with our principles.”
The reluctance of tech companies to set explicit policies for when they will and will not use kill switches contributes to the fear they’ll be abused. Civil rights and free speech advocates worry that tech companies could be pressured by governments to delete software or data for political reasons. “You have someone who has absolute control over my hard drive in ways I may have never anticipated or consented to,” says Eric Goldman, director of the High Tech Law Institute at Santa Clara University’s law school in California. “If they use that power wisely, they actually make my life better. We don’t know if they use the power wisely. In fact, we may never know when they use their power at all.”
Hiroshi Lockheimer, Google’s vice president of Android engineering, says the search company reserves the use of the kill switch for “really egregious, really obvious cases” of harmful content. Microsoft’s Biggs says the company has used the functionality in its smartphones only for “technical issues and content issues.” Apple declined to comment. Amazon did not respond to several messages.
Like many in his profession, Kevin Mahaffey, co-founder of the San Francisco startup Lookout, which makes security software for smartphones, expresses mixed emotions about the emergence of kill switches. “The remote removal tools are very much a response to the mistakes of the PC era,” he says. “Whether or not it’s an overcorrection, I think history will tell us. It can be done right, but we as an industry need to tread carefully. It’s easy to imagine several dystopian futures that can arise from this.”
One supporter is Janne Kytömäki, the Finn who discovered the Android malware outbreak. He says Google did the right thing by deleting the malware without users’ permission. “What was the alternative?” he says. “Leave those apps installed on 200,000 people’s mobiles? This is something that had to be done.”