A few days ago Google was made aware that there were over 20 apps in the Android Market that were up to no good. These malicious apps gained system-level access to your handset when downloaded and would intercept and covertly transmit private data to 3rd party servers. Some of these apps have been downloaded more than 50,000 times. To try and fix the problem, Google has started using a remote kill switch feature in Android to wirelessly nuke those installed apps on user’s handsets. That’s not the entire story, though, as Google is actually installing new code in the process. The new code undoes the exploit and prevents your data from being shared, and it’s kind of creepy to plainly see how much control Google has over your Android phone from afar. Affected users have started receiving emails that the process has been completed. 
An Update on Android Market Security
Saturday, March 5, 2011 | 10:08 PM
On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application:
- We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
- We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
- We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
- We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.
No comments:
Post a Comment