In the wake of last week’s discovery of a tranche of malicious apps residing in the Android Market (at the time our article was published the total stood at 21, it later proved to be around 50 in total), Google Inc. has leapt into action to protect those users affected by the malware, which not only collected and transmitted identifying information, but also left devices open to further attack.
Although it was first thought devices that downloaded the nefarious apps (which were masquerading as existing apps, and looked pretty legitimate from a user’s point of view) would have all their sensitive information transmitted to whatever criminal mastermind was behind the attack, Google now believes that only device system information (IMEI number/Android version etc.) was collected.
In a blog post Google outlines the measures they’ve taken to secure affected devices, which includes booting both the apps and their developers from the Android ecosystem, and informing law enforcement.
Google plans to remotely delete the apps, and push a security update to those devices in order to close the backdoor the apps opened up. Users who are due to undergo the procedure will receive an e-mail from the “Big G” with more details, as well as a notification of app removal on their device.
The Android Market is also going to be fortified somewhat in order to prevent a repeat of this attack.
To their credit, Google claim that they acted swiftly against the dodgy apps.
“Within minutes of becoming aware, we identified and removed the malicious applications.” But therein lies the problem – Google had to be made aware of the problem. In this case they were made aware through industry blog Android Police, who had picked up on a Reddit post. Consumers love Android for it’s openness, but as it becomes more ubiquitous it is going to attract more of this kind of unwanted attention – Google needs to find a way to stay one step ahead or be caught in a constant game of security hole whack-a-mole.
