Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft: We can remotely delete Windows 8 apps

Gregg Keizer | Dec. 9, 2011
Like Apple and Google, Windows Store will include a 'kill switch' to disable or eliminate rogue apps.

Microsoft will be able to throw a "kill switch" to disable or even remove an app from users' Windows 8 devices, the company revealed in documentation released earlier this week for its upcoming Windows Store.

Kill switches -- so called because a simple command can deactivate or delete an app -- are common in mobile app stores. Both Apple and Google can flip such a switch for apps distributed by the iOS App Store and Android Market, respectively.

In the Windows Store terms of use , Microsoft made it clear that it can pull the kill switch at its discretion.

"In cases where your security is at risk, or where we're required to do so for legal reasons, you may not be able to run apps or access content that you previously acquired or purchased a license for," said Microsoft in the Windows Store terms.

Microsoft may refund the purchase price when it removes an offending app from users' Windows 8-powered hardware, it said.

The company also noted that along with the app, it may also scrub data created by the app from a device.

"If the Windows Store, an app, or any content is changed or discontinued, your data could be deleted or you may not be able to retrieve data you have stored," Microsoft said.

Three years ago, Apple's then-CEO Steve Jobs acknowledged the existence of a kill switch in iOS, but the company has yet to use it. Apps that the company approved, but then decided to later pull from the App Store -- the most recent example was a $15 tethering app that sidestepped mobile carrier add-on fees for tethering an iPhone to a laptop to provide the latter with Internet access -- have continued to work and have not been remotely removed from users' phones or tablets.

Google, however, has used a kill switch several times to remotely delete apps from Android smartphones when it has been told those apps contain malicious code or intent. Google first used the switch in June 2010 to scrub a pair of apps added to the Android Market by Jon Oberheide, co-founder and CTO of Duo Security, a developer of two-factor authentication software.

Oberheide planted the apps as part of his research into vulnerabilities that let attackers push malware to Android phones.

In 2011, Google used the same switch to remove scores of malicious apps that had made their way into the non-curated Android Market, and from there onto users' devices.

Microsoft has not made clear whether -- and if so, how -- it will scan or review app submissions for potential malware or malicious intent.

The Windows app certification requirements forbids developers from including, linking to or using the push notification service to "provide an entry point for viruses, malware, or any other malicious software" that access a user's Windows 8 system.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.