Android - How would you uninstall a rogue Home (Launcher) application?

Start your device in SAFE MODE and then uninstall the app that's causing problems. Rebooting will exit from Safe Mode. Here's how to access SAFE MODE in a few popular devices.

HTC devices with physical buttons:

• Turn off your Android phone.
• Press the Menu button on your phone.
• While holding down the Menu button, turn on your device and keep pressing the Menu button until you see the lock screen.
• “Safe Mode should now be printed in the lower-left corner of your display. When in safe mode, Android does not load any third-party apps, and you can uninstall the application that gave you trouble from Settings > Applications > Manage applications.

Nexus One:

• Turn off your Nexus. Remove the battery if it cannot be done the normal way.
• Press the power button to start your phone, and right when the logo appears, press and hold the trackball. You should also be able to hold down the touch sensitive Menu button at this point, if you prefer that.
• Keep pressing until you see the lock screen, and you should now be in safe mode.

Motorola Droid

• Turn off your Droid and slide open the hardware keyboard.
• Press both the power button and the Menu button on the keyboard simultaneously.
• Keep holding down the Menu key until you see the “Droid Eye”, and you feel your phone vibrate.
• Your Droid should start and say “Safe Mode” in the lower-left corner of the screen.

Samsung Galaxy S

1. Power the phone off.

2. Turn the phone back on while pressing and holding the Menu button.

3. Keep holding the Menu button until the Home screen loads. The lower-left corner should say Safe Mode.

To create such malicious Launcher it will need to:

1. Disable Settings > Applications > Manage Applications
2. Disable Settings > Applications > Development > USB Debugging
3. Disable Market (to prevent you from downloading Home Switcher apps)
4. Prevent all other Launcher-type application from opening (otherwise you can just start the other Launcher and go to Settings from there)
5. Disable Terminal Emulator-type application (to prevent uninstallation by pm or rm-ing the .apk)
6. ...others?

This seems like a gaping security hole in Android, no?

No. When security experts talks about a system having a good security, they don't talk about a stupid user doing stupid thing to his system. A stupid user giving untrusted program unwarranted privileges are social problems, not security problem.

Linux (and Android) is secure not because it is impossible mess the system up (you can, very easily, just type sudo rm -rf /). Linux is secure because a malicious program cannot mess up the system without the user's authorization and a user cannot mess the system up unless they have the appropriate privilege to mess up the system (a user with a root privilege can mess up the system in thousands of ways).

Unlike in some other OS, Linux (and Android) does not attempt to protect the user from doing something stupid (since such protection would also prevent power users from doing anything smart). It will blindly follow your order when you told it to destroy itself (as long as the user has the privilege to command the system to destroy itself).

The following sudo's first-time-sudoers lecture sums up the Unix/Linux way to security:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

In any case, if such malicious Launcher comes into the Market, we can be sure that Google will remove it from Market immediately with no delay (and probably issue a remote uninstall command). And if you install such Launcher from outside Market, then you are not a "typical user", you are responsible for your own if you're installing programs from outside Market.

For the "typical end user", the easiest ways probably are:

If the "rogue" was installed from Google Play:

1. On a computer, open the Play Store Website with your favorite web browser
2. Log in with your Google Account credentials
3. Hit the "My Android Apps" tab at the upper-right of the page
4. Look for your "rogue" app
5. Hit the trashcan symbol next to it

This will uninstall the selected app. Of course, this only works for apps installed via Google Play.

If you side-loaded the "rogue" (installed it from another source)

If you side-loaded the "rogue", you'll need a couple of more steps. Follow 1+2 from above list, then...

1. Search for any other homescreen/launcher app
2. Hit the "Install" button on its page
3. If you've got multiple devices attached to this Google account, select the one with the rogue app
4. Hit "OK"
5. Within the next few minutes, the new launcher should be installed on your device. Until then, you might want to periodically switch it on to ensure it stays "awake" (and connected to the network), which might speed up the process a little
6. Once the installation has finished, hit the Home button.
7. As Android noticed the new launcher app, a pop up will ask you to chose which launcher to start. Select any launcher you want, just not the rogue one.
8. As you now have a fully functional launcher running, you can take the usual steps to remove the "rogue" app.