Microsoft: We Can Remotely Delete Windows 8 Apps
Microsoft will be able to throw a "kill switch" to disable or even remove an app from users' Windows 8 devices, the company revealed in documentation released earlier this week for its upcoming Windows Store.
Kill switches -- so called because a simple command can deactivate or delete an app -- are common in mobile app stores. Both Apple and Google can flip such a switch for apps distributed by the iOS App Store and Android Market, respectively.
"In cases where your security is at risk, or where we're required to do so for legal reasons, you may not be able to run apps or access content that you previously acquired or purchased a license for," said Microsoft in the Windows Store terms.
Microsoft may refund the purchase price when it removes an offending app from users' Windows 8-powered hardware, it said.
The company also noted that along with the app, it may also scrub data created by the app from a device.
"If the Windows Store, an app, or any content is changed or discontinued, your data could be deleted or you may not be able to retrieve data you have stored," Microsoft said.
Three years ago, Apple's then-CEO Steve Jobs acknowledged the existence of a kill switch in iOS, but the company has yet to use it. Apps that the company approved, but then decided to later pull from the App Store -- the most recent example was a $15 tethering app that sidestepped mobile carrier add-on fees for tethering an iPhone to a laptop to provide the latter with Internet access -- have continued to work and have not been remotely removed from users' phones or tablets.
Google, however, has used a kill switch several times to remotely delete apps from Android smartphones when it has been told those apps contain malicious code or intent. Google first used the switch in June 2010 to scrub a pair of apps added to the Android Market by Jon Oberheide, co-founder and CTO of Duo Security, a developer of two-factor authentication software.
Oberheide planted the apps as part of his research into vulnerabilities that let attackers push malware to Android phones.
In 2011, Google used the same switch to remove scores of malicious apps that had made their way into the non-curated Android Market, and from there onto users' devices.
Microsoft has not made clear whether -- and if so, how -- it will scan or review app submissions for potential malware or malicious intent.
The Windows app certification requirements forbids developers from including, linking to or using the push notification service to "provide an entry point for viruses, malware, or any other malicious software" that access a user's Windows 8 system.
But the company has not said how it will police that requirement. Nor did it immediately reply to questions today.
One analyst expects Microsoft to more closely follow the footsteps of Apple than Google here.
"Judging by how Microsoft has run the Windows Phone store, I would expect a much more rigorous [app approval] procedure [than Google]," said Al Hilwa of IDC this week. "Here, in the app approval process, Microsoft is walking the fine line to provide more openness, speed and predictability than Apple, and more control and supervision than Google."
Microsoft has not set a specific grand opening for the Windows Store, but has said it will launch the e-mart simultaneously with the release of Windows 8's first beta , which will debut some time in late February 2012.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about desktop apps in Computerworld's Desktop Apps Topic Center.