Google’s Android Market Place recently thought to have been loaded with 21 malicious applications, which is now thought to actually be closer to 58 applications, will soon be cleaned up. The Android Market operates on a trusted-developer model: Once you’re in, you can publish and update software at will.
Google’s latest reaction, Saturday night by Android security head Rich Cannings, is the remote removal from users’ phones of applications identified as malware. Google also plans to release a security update “”Android Market Security Tool March 2011″ to infected phones.
The kill switch is actually software that’s downloaded onto an Android smartphone and installed automatically, removing the apps in question with no user action required. In its Google Mobile Blog, the company announced:
“We are pushing an Android Market security update to all affected devices that undo’s the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from firstname.lastname@example.org over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”
Google downplayed the harm caused by these malware apps, assuring users that none of their personal data has been compromised:
“For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data.”
Android devices are still vulnerable because of existing security holes at the system level, which must be fixed by cellular carriers and hardware manufacturers. The problem is made worse by cellular providers sticking with older versions of Android, unfortunate because the security exploit only affects Android versions 2.2.1 and older.