Malware bearing Android Market and devices in Google's sights

By on

Remote application removal to cleanse infected handsets.

Google has confirmed that it is removing malicious applications from its Android Market and affected devices.

Google removed 21 free applications from its Android market after they were discovered to be malicious. The applications were intent on getting root access to the user's device, gathering a wide range of available data and downloading more code to it without the user's knowledge.

Rich Cannings, Android security lead, said that it had removed the malicious applications from the Android Market, suspended the associated developer accounts and contacted law enforcement about the attack.

Related: Why is Google so bad at security?

Regarding remotely removing the malicious applications from affected devices, he pointed to a remote application removal feature as "one of many security controls the Android team can use to help protect users from malicious applications".

“We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker from accessing any more information from affected devices," Cannings said.

"If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours.

“You will also receive a notification on your device that ‘Android Market Security Tool March 2011' has been installed.

"You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”

Cannings said Google acted "within minutes of becoming aware" of a number of malicious applications that were being published to the Android Market.

“The applications took advantage of known vulnerabilities which don't affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we've taken a number of steps to protect those who downloaded a malicious application,” he said.

“We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we're committed to building new safeguards to help prevent these kinds of attacks from happening in the future.”

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?