Google has removed over 50 malicious apps from its Android Market and issued a security patch, after eventually admitting multiple malware attacks that compromised a number of Android-powered handsets last week.
According to the company, its Android team has also suspended the associated developer accounts and “remotely” deleted the infected apps from affected devices.
“This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” wrote Android security engineer Rich Cannings on the company’s official mobile blog.
Google believes the attackers were able to acquire only “device-specific” information – IMEI/IMSI, unique codes used to identify mobile devices, and the operating system version detail – but admitted other data could have been accessed.
The infected apps contain rootkit malware called DroidDream, which can take command of a mobile handset, send personal details to a remote server, download and execute new code.
To prevent further exploit, Google has been installing a security update dubbed ‘Android Market Security Tool March 2011’ to all affected devices.
Users who downloaded a malicious app will receive an email from android-market-support@google.com, followed by a notification that the app has been “automatically” removed.
The infected apps were said to have seen 50,000 to 200,000 downloads in four days. However, the company has announced the DroidDream malware could not affect Android versions 2.2.2 or higher.
Meanwhile, the malware incident has raised even more concerns over security issues facing the Android platform, including the one-time £15 entry fee that Google charges Android app developers.
“The entry barrier could definitely be made a bit higher, as it would make the creation of fake developer accounts more expensive,” said Vanja Svajcer, principal virus researcher at Sophos, explaining that the higher fee would prevent the attack pattern from “becoming a daily event”.
Svajcer also pointed out that the rate at which new Android malware is appearing is on the rise.
“The openness of the platform as well as the availability of alternative application markets makes Android-based devices more difficult to secure,” he added.
Following the malware attacks, the tech giant said it is adding a number of measures to sweep malicious applications from its Android Market, while providing fixes for the underlying security issues.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…