- Apple, Google and Microsoft all have kill switches built into their phone software
- Google has used the capability only in two situations, a source said
- Amazon.com had to settle a lawsuit over its use of the kill switch for Kindle e-books
(CNN) — When you buy a video game from Best Buy, you don’t give the retailer the right to barge into your house whenever it wants. So why do we give that permission to software companies?
Most popular smartphone operating systems and other electronic gadgets include what security researchers refer to as a kill switch.
This capability enables the company that makes the operating software to send a command over the Web or wireless networks that alters or removes certain applications from devices.
Apple, Google and Microsoft include this function in their platforms, along with a few lines in their usage agreements describing the policy. Google and Apple executives say this feature is important in order to protect against malicious software.
“Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull,” Apple CEO Steve Jobs told The Wall Street Journal in 2008. It’s there as a fail-safe for when the App Store gatekeepers erroneously approve an app that has problems, he said.
Apple doesn’t appear to have used this feature in the four years since introducing the iPhone. An Apple spokeswoman declined to comment on the issue.
Andy Rubin, Google’s head of Android development, said something similar in an interview with reporters Tuesday. He described the kill switch as a “safety lever” or “malware apparatus” used for “removing stuff from devices once it gets out of the Android Market, once it escapes.”
Google is believed to have used the security procedure twice — once last summer when an independent security researcher unleashed a potentially troublesome program, and again in March after malware spread to Android phones. In the latter case, Google threw the switch within about 50 minutes of learning about the trouble, Rubin said.
Those two incidents were the only times Google has used the function, according to a person familiar with the matter. A Google spokesman declined to comment.
Agreeing to allow Google to remotely delete software from your device is required in order to use its market for downloading apps. It’s unclear whether phone manufacturers, which sometimes tinker with the software, can add a kill switch of their own. Samsung Telecommunications, a top Android handset maker, didn’t respond to a request for comment.
Research in Motion’s BlackBerry and Nokia’s Symbian don’t make kill switches available to their handsets.
RIM has referred to its lack of remote access for BlackBerry as a defense for why it could not provide the United Arab Emirates access to phone users’ data. “RIM does not possess a ‘master key,’ nor does any ‘back door’ exist in the system that would allow RIM or any third party to gain unauthorized access,” the company said in a statement last year.
Like many other app store operators, Nokia has a measure in place for its Ovi Store that scans software for security risks. But the system doesn’t have a kill switch, a spokeswoman said.
However, Nokia, which produces the highest volume of cell phones worldwide, plans to shift its primary smartphone software to Microsoft’s Windows Phone 7, which does have such a capability.
Virtually every smartphone system, including RIM’s and Nokia’s, allows corporations to remotely alter or disable their employees’ phones and data. The difference is that RIM and Nokia don’t actively police their customers’ usage.
McAfee, which makes security software, sees corporate security in the mobile industry as an important growth area.
“The number one thing that we see the enterprises and corporations needing is: how do we manage mobile devices in our network?” McAfee CEO David DeWalt said last month in an interview with Forbes. “Whether or not there’s some security features from Google or features from Apple on the device, you have to manage these devices.”
Kill switches don’t just apply to phones. Nintendo recently offered owners of its 3DS, the new hand-held game system, a free music video. It came with a caveat: The video “is provided for a limited time and may be deleted from your system with subsequent updates,” the offer read.
Unlike a toaster or a paperback, apps and many other digital files cannot be resold. According to the iTunes legal agreement, customers don’t even own certain music and videos that they buy, but instead acquire a license to use them on certain devices.
For consumers, accepting the idea of a kill switch may come down to a matter of trust.
“We have always had to completely trust our platform/operating system vendor,” Chris Palmer, the technology director for the Electronic Frontier Foundation, a digital rights group, wrote in an e-mail. “It will always be that way.”
Amazon.com broke that trust in a high-profile use of the kill switch in 2009, when the company remotely erased copies of George Orwell’s “1984” and “Animal Farm” from its customers’ Kindles. The books had been mistakenly sold on its e-book store, the company said.
Amazon settled a lawsuit over the issue and agreed to limit how it uses remote deletion for books. Amazon CEO Jeff Bezos apologized for using the kill switch, calling the decision “stupid, thoughtless and painfully out of line with our principles.”
Amazon didn’t return requests for comment for this report.
“Print media, when you buy it and you have it in your house, it’s yours,” said Mark Frauenfelder, a Boing Boing blogger who covered the Amazon case. He believes that episode “points to a dangerous future, where you see some of the downsides of cloud storage, digital technology and closed systems — where you have less control over the things that you paid for.”