Google has taken a different tack with Android: they’ve largely surrendered the power to pre-approve apps, because Android users can always download apps from third-party sources. But they too have a kill switch, and according to the Android developers’ blog post, they decided to use it a few weeks ago. (It’s not totally clear from the blog post, but it sounds like they’ve also used it before on clearly malicious apps.) An app that claimed to offer Twilight photos turned out to be a demonstration, done by researchers, of how easy it would be to create an app that would turn phones into a botnet. The app didn’t actually create the botnet (and it didn’t show Twilight photos, either, so most disappointed downloaders deleted it), and the researchers presented their work at the conference. Nonetheless, after they heard about it, the Android team decided to remotely delete remaining copies of the app as part of a “cleanup” process. Affected users received notifications.

I can see why they wanted to do that. A report documenting Android vulnerabilities was recently released, and it’s caused some hand-wringing over Android’s security. There’s also no sense in leaving a loaded weapon laying around. And I’m glad they told both customers and everyone else that they’d deleted the apps. Still, I do worry about the removal of an app that isn’t actually harming any machines. More generally, I think that if Android is going to stick to the plan to not pre-screen apps and have an open system, they and we are going to have to think seriously — more seriously than Apple has had to — about the ethics of the kill switch. Questions like whether there should there ever be an opt-out, whether users should get refunds, and whether it should be used in cases other than damaging viruses are all still wide open.

And a few quick links:

Leaked MS Presentation Shows App Store Plans For Windows 8. Why all this thinking about app stores and kill switches matters: there are already plans to transfer the app store model from phones to PCs, where the arguments about the virtues and harms of contingent generativity have even more salience.

Google’s mismanagement of the Android Market. Jon Lech Johansen thinks the lack of pre-screening is hurting Google and Android.

Did Apple Flip the iOS Kill Switch on NDrive? Wait, has Apple already used the kill switch?

New zombie code in effect by December. Here’s a totally different option for improving security: let users keep open PCs, but if they become infected, have their ISPs quarantine them or reduce their internet speed to a crawl. That way, users will have to get their computers fixed and can’t keep infecting others. Internet Industry Association CEO Peter Coroneos said of the plan: “I’m sure there are people around that resent having to put new tyres on their car when they’re unroadworthy, or have their breaks done . . . But the reality is that we have argued that internet users have a responsibility not only to themselves, but also to other users on the internet.” The code will be made available to Australian ISPs soon.

One Brown Package: From Seattle to Norway. Why we love the internet in the first place: unexpected avenues for fun, creativity and kindness (here, in the form of people working to get a package from Seattle to Norway). They claim inspiration from JZ’s TED talk on the web on random acts of kindness.  The package is currently reported as missing.

—By Elisabeth Oppenheimer

Whoops: Five days later, Steve Jobs announced modified Apple developer rules banning use of “intermediary” tools such as Air—in other words, there will be no more cross-platform development. Adobe employees: not happy.

This is starting to sound pretty antitrust-y. It’s hard to think of any logical reason Apple cares where an app’s code originates—unless, of course, it just wants to hurt Adobe at every turn. Unfortunately, it’s been hard to find knowledgeable people analyzing actual antitrust law—anyone know of a good blog? (For what it’s worth, this old post from the Antitrust Law Blog indicates that the tech sector, including Apple, is under heavier scrutiny from the DOJ and FTC.)

Not surprisingly, there are rumors a lawsuit is brewing.

As usual, there’s another chapter in this saga: Flash translation. In a related but not identical story, Apple has long been hostile to Adobe’s Flash multimedia platform, citing stability and security concerns for refusing to offer Flash support for the iPhone and iPad. This puts websites that use Flash in a tough spot and limits iUsers’ access to content—75% of web video according to Adobe. Enter RipCode, which has developed a server-side translator solution. If an iPhone user attempts to access a Flash video, the “transcoder” detects the platform and translates the video into a compatible format. Since the transcoder is run off the website’s server, it doesn’t require Apple’s approval. Assuming it’s reliable, this is a nice example of a how the generative web allows enterprising developers to solve problems (or, depending on your point of view, do end-runs around the rules).

—By Jennifer Halbleib and Elisabeth Oppenheimer

The leadoff example in the story is a woman who posted a video of herself, shadowed, killing a small animal. The video was submitted to a human flesh search site, where an angry group devoted themselves to finding this woman and punishing her. It worked—remarkably quickly—and she’s been, essentially, run out of society. (Shades of the “Dusty the Cat” story, which happened in the US. What seems remarkable about China is how systematized the process is.) Societal exile for animal cruelty is one thing, but the stories that really linger in my mind are the irreversible punishments for behavior that I can imagine anyone committing—rudeness on a bad day, or mishandling of relationships. As the book details, someone who yelled at a stranger on a bus was subject to internet punishment; the NY Times article covers a man who cheated on his wife.

This isn’t just internet vigilante justice for psychopaths—it’s for regular people too. It’s a reminder of the fearful power of the madness of crowds on the internet, where people are disconnected from normal social cues and boundaries. And it goes beyond these punishment sites. A group of people are amused by the Star Wars kid, and he’s deeply traumatized; people want to leer at Erin Andrews, and she lives with the knowledge that that video is never leaving the web; a high-school pole vaulter becomes a lewd internet obsession for doing nothing more risque than pole vaulting. There’s just no way to control millions of individual users—or, as the pole vaulter put it, “It’s not like I could e-mail everybody on the Internet.”

But the flip side of the same coin is Ushahidi (“testimony” in Swahili), a location-based service that allows people to tell a central aggregator, essentially, where they are and what they’re doing. Any few false data points are overwhelmed by the aggregate picture, and we get a user-created map of where earthquake victims are located, where terrorists are hiding, where there are food or medicine shortages, or even (as the Washington Post discovered) which streets have been cleared of snow. The NY Times reporter gets poetical about Ushahidi’s power: “What would we know about what passed between Turks and Armenians, between Germans and Jews, if every one of them had had the chance, before the darkness, to declare for all time: ‘I was here, and this is what happened to me’?”

The thing is, brilliant ideas like Ushahidi only work because millions of unconnected users contribute, one at a time, to a mass goal. It’s internet terrorizing in reverse. When I read these two stories side by side, I keep getting stuck on the seemingly-intractable problem (the subject of chapter 9 of the book) of whether we can have the good without the bad, or whether they only come as a pair.

—By Elisabeth Oppenheimer

This is yet another example of appliances-as-services. The item that used to be yours when you brought it home from the store is now only contingently yours, subject to ongoing regulation. In some ways this is good—particularly if you believe in vigorous patent enforcement—but it seems hard on several million consumers here, and this is a remedy simply not realistically available before the Internet: the patent police don’t knock on your door to seize an infringing mousetrap inside.  Rather, the bad mouse trap company pays damages, as EchoStar is to do here — tens of millions of dollars.

TiVo has its remedy; not clear what the consumers’ is when their DVRs are fried through the vector of a “feature update,” other than suing a probably-broke company. And, as discussed before, it’s worrisome that exactly this kind of control can be exercised so casually, and in a spectrum of ways beyond total destruction—spying, bricking as a punishment for certain consumer behavior, and so on.

The latest development in the story, from last week, is that the Federal Circuit has again affirmed that EchoStar needs to destroy the DVRs. The court didn’t directly review the merits of the order, but rejected EchoStar’s narrower claim that the order should be construed to allow other remedies other than remotely disabling the DVRs.  EchoStar’s delay in implementing the bricking has resulted in a finding of contempt of court.

What’s really striking about all the different court orders was how totally unconcerned they were with the novelty and arguable unfairness of the remote-disablement solution. The district court’s order just asserted, without discussion, that the disablement order was appropriate. (“The hardship of disabling DVR capabilities to Defendants’ DVR customers is a consequence of Defendants’ infringement and does not weight against an injunction…The public has an interest in maintaining a strong patent system.”) The Federal Circuit didn’t say much more, asserting that “We find the manner in which the disablement could be accomplished irrelevant to the issue at hand.” Moreover, the Federal Circuit actually rejected EchoStar’s argument that it could just remotely change the parts of the technology that infringed, leaving the DVR players intact generally—the court simply said that wasn’t the point of the disablement provision. One might understand why the Federal Circuit didn’t want to (or couldn’t) jump in with a broad equitable rewrite of the disablement order at this point, but the blasé treatment of a seemingly more reasonable solution was startling. The public may have an interest in a strong patent system, but we haven’t really had a chance yet to weigh whether that means innocent customers have their products disabled: that technology is still new.

It’s worth noting, though, that EchoStar has thus far defied the disablement order, and has been hit with $90 million of contempt fines instead. Complex procedural rules make it difficult to predict how this will all turn out, but EchoStar could just hold out on this, paying contempt fines into bankruptcy. Or TiVo and EchoStar could negotiate a settlement. So we’ll have to watch to see whether any DVR units actually are fried. In the meantime, what I take away from this case is that we can expect more cases like this in the future, and for parties and courts to fully accept and exploit these characteristics of tethered appliances.

—By EO + JZ

Mike Petrucci’s AppMakr Saga. Mike Petrucci decided to use AppMakr to put together an app aggregating his Twitter, blog, etc, feeds…only to have Apple reject it because it wasn’t of general interest. That’s a big difference between iPhone apps and, say, web apps (blogger has definitely never rejected someone for being of limited interest). It’ll be interesting to see what line Apple decides to take on this, and how AppMakr and similar companies push them.

Apple orders Android mention scrubbed from App Store. Speaking of Apple…they order a developer to take “Finalist in Google Android’s Developer’s Challenge!” out of the description of its app. Just silly.

In Europe, Challenges for Google. Much attention has been paid to Google’s business in China, but Europe (particularly Italy) poses difficulties, too—different copyright laws, different privacies laws, and different free speech traditions.

Google Buzz Privacy Issues Have Real Life Implications. However, Google has more pressing privacy concerns to worry about this week, with the rollout and reaction to Google Buzz. Google generally does just fine releasing a half-baked product and cleaning up the details later, but that’s a terrible idea when the rollout includes auto-sharing previously private information. It’s disturbing that this concern made it past however many rounds of internal testing Google did.

—Elisabeth Oppenheimer

First, he begins with a quick history of the subtle but massive shift between the Apple II and the iPhone:

In 1977, a 21-year-old Steve Jobs unveiled something the world had never seen before: a ready-to-program personal computer. After powering the machine up, proud Apple II owners were confronted with a cryptic blinking cursor, awaiting instructions.

The Apple II was a clean slate, a device built – boldly – with no specific tasks in mind. Yet, despite the cursor, you did not have to know how to write programs. Instead, with a few keystrokes you could run software acquired from anyone, anywhere. The Apple II was generative. After the launch, Apple had no clue what would happen next, which meant that what happened was not limited by Mr Jobs’ hunches. Within two years, Dan Bricklin and Bob Frankston had released VisiCalc , the first digital spreadsheet, which ran on the Apple II. Suddenly businesses around the world craved machines previously marketed only to hobbyists. Apple IIs flew off the shelves. The company had to conduct research to figure out why.

Thirty years later Apple gave us the iPhone. It was easy to use, elegant and cool – and had lots of applications right out of the box. But the company quietly dropped a fundamental feature, one signalled by the dropping of “Computer” from Apple Computer’s name: the iPhone could not be programmed by outsiders. “We define everything that is on the phone,” said Mr Jobs. “You don’t want your phone to be like a PC. The last thing you want is to have loaded three apps on your phone and then you go to make a call and it doesn’t work any more.”

The openness on which Apple had built its original empire had been completely reversed – but the spirit was still there among users. Hackers vied to “jailbreak” the iPhone, running new apps on it despite Apple’s desire to keep it closed. Apple threatened to disable any phone that had been jailbroken, but then appeared to relent: a year after the iPhone’s introduction, it launched the App Store. … But the App Store has a catch: app developers and their software must be approved by Apple. If Apple does not like the app, for any reason, it is gone.”

This blog has covered many of the apps that Apple has axed: the countdown to Bush’s departure, the app with information about health care, BabyShaker, religious spoofs, and programs to redirect calls, Google Voice, and I am Rich, among many others.

But the lingering question is, so what? Is the world really worse off because we can’t pay $999 for an app that does nothing (I Am Rich), especially given that Apple’s screening system does get rid of many apps with security problems? Is this like First Amendment absolutism — a preference for open systems that doesn’t take into account actual costs and benefits?

In response, JZ tries to imagine what we would have lost had the PC been as appliancized as the iPhone:

To be sure, many rejected apps will not be missed. (Only eight spendthrifts bought I Am Rich before it disappeared.) And users can be protected from harmful software from suspect sources. But consider: the world wide web started as, and remains, an app. Its first versions were written by Tim Berners-Lee, a British computer scientist who was unaffiliated with any software or hardware vendor. How worthy of approval would Wikipedia have seemed when it boasted only seven articles — dubiously hoping that the public would magically provide the rest? How threatened might today’s content publishers feel by peer-to-peer apps that let iPhone users trade data from one phone to another? We know the answer to that: enough that they have persuaded Apple to exclude all such apps from the App Store.

The web, Wikipedia, p2p — that’s a lot to lose. And at the same time we lose those benefits of generativity, as JZ points out, we give companies (and through them, governments) unprecedented censorship power. But the iPod, Pad, and Phone aren’t going anywhere. JZ concludes:

Hope lies in more balanced combinations of open and closed systems, such as that embodied by the traditional Apple Mac – or phones based on the Android operating system from the Open Handset Alliance, a consortium of hardware, software and telecoms companies. Android Market is the approved counterpart to Apple’s App Store but, in this case, users are also free to go off-roading, installing any code they like. Android is a canary in the digital coal mine: will its more open model survive should people load suspect apps and find they cannot make calls any more?

Mr Jobs ushered in the personal computer era and now he is trying to usher it out. We should focus on preserving our freedoms, even as the devices we acquire become more attractive and easier to use.

—By Elisabeth Oppenheimer

Amazon Cracks Open the Kindle. Amazon is opening the Kindle to outside developers who can market their products in what sounds exactly like an App Store, down to the 70-30 revenue split and and light policing of apps. (One difference is that developers have to pay for wireless delivery.) It’s seeming like this is *the* model for the next few years. Speaking of which…

Computers Should Be More Like Toasters. The sale of the Apple Tablet could mark an important moment for generativity. Computers have been shrinking and phones have been growing—but the critical difference has been that anyone could still code for a computer, until now. The Tablet looks more like a computer than a phone, but will Apple will prescreen apps they way it does for the iPhone? Farhad Manjoo thinks that would be a good thing, but there are clear generativity costs.

The Splinternet means the end of the Web’s golden age. Josh Bernoff points out that, as we switch to appliancized computers and smart devices instead of PCs, the web becomes a “splinternet.” Websites show up and operate differently on each device. He thinks about how to handle this from a business and marketing perspective, advising: “Here’s what not to do: panic and try to unify things again. The shattering cannot be undone.”

Technology Changes “Outstrip” Netbooks. Meanwhile, the BBC considers the convergence among netbooks, smartphones, and tablet notebooks, and who the short- and long-term winners are likely to be.

Apple censors Dalai Lama iPhone Apps in China. An interesting look at how censorship works on iPhones in China. (The story was written pre-Google announcement, so some portions are out of date.) Apple, complying with local law, appears to be removing apps related to the Dalai Lama in the Chinese App Store, and a search for Falun Gong apps freezes the search page. On the other hand, it’s possible to access YouTube through an iPhone app, which isn’t always possible on a PC.

And in the crystal ball dep’t — from JZ’s book:

Imagine entering a café in Paris with one’s personal digital assistant or mobile phone, and being able to query: “Is there anyone on my buddy list within 100 yards? Are any of the ten closest friends of my ten closest friends within 100 yards?” Although this may sound fanciful, it could quickly become mainstream. With reputation systems already advising us on what to buy, why not have them also help us make the first cut on whom to meet, to date, to befriend? These are not difficult services to offer, and there are precursors today.

As usual, there’s an app for that… the “datecheck” app allows you to enter a name, phone number, or email address, and get information on your date. The categories are “sleaze detector” (check of criminal convictions & sex offenses), “$$$” (home ownership, etc), “interests” (gleaned from social networks), “living situation” (who they live with), and “compatibility”—although unfortunately, the “compatibility” check is still just a check of astrological signs. Now all they need is friends’ feedback rankings.

—By Elisabeth Oppenheimer

As we keep thinking about ubicomp and the potential upsides and downsides, it’ll be important to keep in mind that it’s a tool—a largely undeveloped one as yet—with much room to develop in both directions. In that spirit, I wanted to comment on this piece from Technology Review that casts a skeptical eye on Prof. Zittrain’s recent column in Newsweek on cloud labor (also known as ubiquitous human computing). The Newsweek editors gave the piece the ominous headline “Work the New Digital Sweatshops,” and Tech Review bloggers question whether that’s really a fair description of the Mechanical Turk platform. I’m not sure there’s a real disagreement here—the Newsweek headline overstated the content of the piece. Much of the point, as I read it, was just that cloudwork practices are so new, dynamic, and varied that it’s hard to know what the good and bad effects will turn out to be. As they point out, this could be a boon for workers here in the US who want flexibility and autonomy, as well as creating new kinds of opportunities for workers abroad. A few specific points are worth thinking about, though.

They quote John Horton, at Harvard, who put out a HIT (“human intelligence task”) on Amazon Mechanical Turk asking about working conditions, and found that a small majority think AMT requestors treat workers better than most real-world employers. That surprised me—maybe I spend too much time reading Turker messageboards, where the theme is often discontent. I wonder, though, whether many responders use AMT for fun or small income supplements, rather than to earn a living wage, which changes the complexion of the situation. Even if Horton is wholly correct, though, it doesn’t mean requestors can’t improve. For a project I’m doing for JZ’s winter cyberlaw class, we’ve put up some AMT HITs asking about worker satisfaction. We’ve found that people do not like doing search engine optimization or creating spam, and a majority (though not an overwhelming one) likes knowing what the project is for. Disclosure of the company’s identity or the project purpose could become a much stronger norm on AMT, which would help fend off the problems of work alienation and unwittingly doing bad things with the platform, but wouldn’t detract from any of the benefits TR bloggers praise.

The other major point they make is that this type of work can be good for workers in developing countries. That’s definitely true in some cases (see, for instance, previous blogging about CrowdFlower’s GiveWork program). I certainly don’t have enough background in international development to make an unambiguous statement either way. But surely it’s worrisome that children can be made to do the work as well as adults—there’s just no way of knowing who’s at the other end of the system. Overall, for better or for worse, we live in a society where we’ve decided that paternalistic labor laws play some valuable role. Some of them can be imported into an AMT context—but maybe not internationally—and the technology means that some can’t, even if, like child labor, there’s widespread condemnation. I would agree, and I think JZ would too, that we don’t want regulators charging in with too heavy a hand. But we should be alert to what’s happening on these platforms.

—By Elisabeth Oppenheimer

Offhand, I can’t think of an app with comparable problems that has gotten into iPhone’s app store. What will be really interesting about this incident, and the similar ones that are sure to follow, is how users and vendors react. I can imagine this creating hysterical urging for Google to pre-screen all Android apps the way Apple does, but I think that would be premature. Yes, an open Market(s) is going to have more questionable apps, but there are many solutions other than lockdown—a strong user ranking for apps (which already exists), a way to alert people who have already downloaded the app, sandboxing (which admittedly wouldn’t have mattered here), or a quick way to freeze the app while complaints are investigating. They’re only partial solutions, but lockdown is only partial, too.

Now that the Android OS is really starting to take off, this story is going to be repeated, and we’ll get to see how strongly committed Google is to the principles it built the OS on — and whether there are models out there for vetting third party code that do better than those of the generative PC, but aren’t as restrictive as that of the iPhone.

—By Elisabeth Oppenheimer

Update: eWeek reports that Google has removed a number of suspicious apps from its marketplace.  Of course, the more generative structure of the Android market means that “banned” apps can be obtained elsewhere — unlike the iPhone app monopoly enjoyed by Apple, where the iPhone App store is the only point of distribution.  –JZ

Android Market Badly Needs A Web Presence to Compete with the App Store. Jason Kincaid argues that, while there are fewer Android apps than iPhone apps, a better web system for browsing and choosing apps could really help Android. I think he’s right that Google could think creatively about how to push the Market past (or at least toward) the App Store, but he admits that the big caveat is that 90% of apps are bought over-the-air, not via the web.

Apple Approves “Tits & Boobies” and “Pussy Lovers” Apps. Apple’s app reviewers try to figure out what to do with a “tits & boobies” app that shows pictures of the birds of that name. “One thing is clear to me: Nobody is ever going to be happy with this process, which I’m afraid will remain imperfect forever.”

Inside India’s CAPTCHA-solving economy. One huge aspect of ubiquitous human computing is sending menial computing tasks abroad; the social and economic implications of that, obviously, are potentially enormous. This piece is a good description of the market for CAPTCHA-solving work in India, where the going rate for 1000 captchas is $2.

Google Rests Its Defense of Executives in Italian Privacy Case. Some of you may have been following this case—Google executives in Italy are being prosecuted for allowing a video of students bullying an autistic teenager to remain on Youtube. The video stayed online for two months, but was removed almost immediately when Google employees were alerted to its presence. Google rested its case a few days ago; a verdict is expected in January or February. None of the executives faces jail time, because they don’t have criminal records. But if they’re convicted, it will be interesting to see what Google decides to do with its future Italian operations.

Cellphone Encryption Code Is Divulged. A German engineer claims to have broken the code used to encrypt GSM phone calls, or 80% of the world’s mobile calls. There are steps between breaking the code and actually intercepting and deciphering calls, but this is the big step. He says he’s only “trying to push operators to adopt better security measures for mobile phone calls”—measures which exist, but haven’t been implemented.

—By Elisabeth Oppenheimer