NanoToolkit Blog

The Way to Keep in Touch.

Android Remote App Install Scary or Exciting

Remote installation of Android apps without a click on your phone can be really powerful. I was able to this without having enabled any setting in advance. This is definitely convenient yet sort of worrisome.

We have seen the Remote Phone Management feature usingMicrosoft Exchange ActiveSync or Google Apps For Work. But Exchange Active Sync and Google Apps for Work require users to explicitly opt-in fore remote policy or App Management to occur on phones.

All I needed was to have setup my Android phone using a Google Account (Gmail Account) and then I can logon to Google Play from my PC or Any other Device and push an App onto my Android Phone.

I normally try to keep this blog purely technical but the ability to control a phone remotely definitely enables some Orwellian scenarios. Imagine that somebody with access to your gmail Account (your spouse or Government or rouge Employee) can simply install an App on your phone that records your voice or worse records videos without your consent.

One Shortcoming that I noticed was that Google Play’s Remote App Install is not able to Auto-Resolve App Dependencies. That is if the App you tried to push remotely has another App as a prerequisite Android fails

To install all dependencies before installing the Target App.

For instance google hangouts dialer requires a certain version of google Hangouts App to interoperate; but Android fails to install the dependency app on your Android Phone before installing the Google Hangouts Dialer. It also fails to notify you of this dependency relationship when you schedule this remote installation in Google Play Console.

There are clearly some Scenarios where Android Remote Phone Management feature can be abused. Imagine if somebody pushed a policy that turned on your Phone Microphone and recorded your voice on a continuous basis. They would do this while simultaneously installing an app that uploads the recorded voice files to some remote server. There are definitely numerous other situations where this feature can be prone to abuse for mal-intent.