Google has confirmed that it is removing malicious applications from both its Android Market and from affected devices.
As revealed by SC Magazine last week, Google removed 21 free applications from its Android market after they were discovered to be malicious. The applications were intent on getting root access to the user's device, gathering a wide range of available data and downloading more code to it without the user's knowledge.
Rich Cannings, Android security lead, said that it had removed the malicious applications from the Android Market, suspended the associated developer accounts and contacted law enforcement about the attack. Regarding remotely removing the malicious applications from affected devices, he pointed to a remote application removal feature as ‘one of many security controls the Android team can use to help protect users from malicious applications'.
He said: “We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from firstname.lastname@example.org over the next 72 hours.
“You will also receive a notification on your device that ‘Android Market Security Tool March 2011' has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”
Looking back at the incident, Cannings said that it acted ‘within minutes of becoming aware' of a number of malicious applications that were being published to the Android Market.
“The applications took advantage of known vulnerabilities which don't affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we've taken a number of steps to protect those who downloaded a malicious application,” he said.
“We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we're committed to building new safeguards to help prevent these kinds of attacks from happening in the future.”