Google Android: Kill switch done right

Nancy Gohring from Computerworld was first to stumble across the revealing lines in the terms of service agreement for Android market. Located in the “About” section of the Android software on T-Mobile’s G1 phone, she found the following section:

“Google may discover a product that violates the developer distribution agreement … in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion.”

Of course, users should be worried at any time when someone else “retains the right” to access their phone without explicit permissions by you, the device owner, and remove or alter components. However, compared to Apple’s accidentally discovered kill switch, the Android version has subtle, but significant differences. The information of its existence is not withheld and Google will refund the money spent on removed application, according to Gohring.

Google also states that applications may be removed if the developer distribution agreement is violated and the company withdraws a previously granted license agreement to the Android developer platform. That will be the case if a developer “breaches” the license agreement, if “Google is required to do so by law”, if Google or the developer loses the rights to SDK components such as API, if Google “decides to no longer providing the SDK or certain parts of the SDK to users in the country in which you are resident or from which you use the service”, or if Google cancels its Android efforts.

Contracts are typically made for bad times and there are certainly risks for developers, especially if Google is in a dispute with a potential component (API) provider. However, if an application in fact is removed from user phones, chances are that it is based on a breach of the Google Android license agreement. And that license agreement follows common terms of software development kits.

However, Google prohibits developers from loading “any part of the SDK onto a mobile handset or any other hardware device except a personal computer, [combining] any part of the SDK with other software, or distribute any software or device incorporating a part of the SDK.” And, rightfully so, Google is concerned about the privacy of data and may consider illegitimate or irresponsible treatment of application user data a breach of contract:

“You agree that if you use the SDK to develop applications for general public users, you will protect the privacy and legal rights of those users. If the users provide you with user names, passwords, or other login information or personal information, your must make the users aware that the information will be available to your application, and you must provide legally adequate privacy notice and protection for those users. If your application stores personal or sensitive information provided by users, it must do so securely. If the user provides your application with Google Account information, your application may only use that information to access the user’s Google Account when, and for the limited purposes for which, the user has given you permission to do so.”

Kill switches are integrated for such cases and may turn out to be a useful tool to protect the privacy of users and prevent or limit damage. There are good reasons for such a technology and it is common sense that the existence of such a mechanism is disclosed properly. Apple should use Google’s approach as a good example.

Source: TGdaily

October 16, 2008 - Posted by danielpk | Softwares