Google removes malicious Android apps with kill switch
After last week’s discovery of some 50+ malicious applications on the official Android Marketplace, Google has removed them as soon as they became aware of their existence.
Unfortunately for its users, that was four days too late and seems that in the interim the applications were downloaded some 50,000 times. So Google proceeded to use its “kill switch” to delete the apps in question remotely.
Also, they are “pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.”
In an official confirmation of the incident, Rich Cannings, Android Security Lead says that the owners of the affected devices will be notified of the installation of the update and of the removal of the malicious app(s). “You are not required to take any action from there; the update will automatically undo the exploit,” he explained.
He also added that Google is working on a number of measures that should prevent the appearance of similar malicious applications on the official Android market, but didn’t go into details.
The malicious applications that wreaked havoc in this particular instance have taken advantage of a security flaw that has been removed from Android version 2.2.2 and all the following versions.
They have harvested and sent out certain information regarding the devices, and have opened a backdoor into the devices in order to be able to download further malicious code. Whether this backdoor has already been misused by the attackers is unknown.