Microsoft has the ability to remotely delete Windows 8 apps – archived source

Microsoft: We can remotely delete Windows 8 apps

Like Apple and Google, Windows Store will include a ‘kill switch’ to disable or eliminate rogue apps

By Gregg Keizer – Senior Reporter, Computerworld | DEC 8, 2011 1:57 PM PST

Microsoft will be able to throw a “kill switch” to disable or even remove an app from users’ Windows 8 devices, the company revealed in documentation released earlier this week for its upcoming Windows Store.

Kill switches — so called because a simple command can deactivate or delete an app — are common in mobile app stores. Both Apple and Google can flip such a switch for apps distributed by the iOS App Store and Android Market, respectively.

In the Windows Store terms of use, Microsoft made it clear that it can pull the kill switch at its discretion.

“In cases where your security is at risk, or where we’re required to do so for legal reasons, you may not be able to run apps or access content that you previously acquired or purchased a license for,” said Microsoft in the Windows Store terms.

“In cases where we remove a paid app from your Windows 8 Beta device not at your direction, we may refund to you the amount you paid for the license,” Microsoft added.

The company also noted that along with the app, it may also scrub data created by the app from a device.

“If the Windows Store, an app, or any content is changed or discontinued, your data could be deleted or you may not be able to retrieve data you have stored,” Microsoft said.

Three years ago, Apple’s then-CEO Steve Jobs acknowledged the existence of a kill switch in iOS, but the company has yet to use it. Apps that the company approved, but then decided to later pull from the App Store — the most recent example was a $15 tethering app that sidestepped mobile carrier add-on fees for tethering an iPhone to a laptop to provide the latter with Internet access — have continued to work and have not been remotely removed from users’ phones or tablets.

Google, however, has used a kill switch several times to remotely delete apps from Android smartphones when it has been told those apps contain malicious code or intent. Google first used the switch in June 2010 to scrub a pair of apps added to the Android Market by Jon Oberheide, co-founder and CTO of Duo Security, a developer of two-factor authentication software.

Oberheide planted the apps as part of his research into vulnerabilities that let attackers push malware to Android phones.

In 2011, Google used the same switch to remove scores of malicious apps that had made their way into the non-curated Android Market, and from there onto users’ devices.

Microsoft has not made clear whether — and if so, how — it will scan or review app submissions for potential malware or malicious intent.

The Windows app certification requirements forbids developers from including, linking to or using the push notification service to “provide an entry point for viruses, malware, or any other malicious software” that access a user’s Windows 8 system.

But the company has not said how it will police that requirement. Nor did it immediately reply to questions today.

One analyst expects Microsoft to more closely follow the footsteps of Apple than Google here.

“Judging by how Microsoft has run the Windows Phone store, I would expect a much more rigorous [app approval] procedure [than Google],” said Al Hilwa of IDC this week. “Here, in the app approval process, Microsoft is walking the fine line to provide more openness, speed and predictability than Apple, and more control and supervision than Google.”

Microsoft has not set a specific grand opening for the Windows Store, but has said it will launch the e-mart simultaneously with the release of Windows 8’s first beta, which will debut some time in late February 2012.