Google Removed Malware Apps From Android

topgear

Super Moderator
Staff member
Google has booted more than 20 applications from the Android Marketplace amid concerns over Android malware.

Android Central reports that Google has used its kill-switch to pull 21 one applications found to contain a malicious exploit called rageagainstthecage. The exploit roots your phone (or tablet), which in turn allows the app to do all kinds of nasty things with your data.

Here’s a list of the apps that have been pulled:
Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠


The infected apps, all published by a developer called Myournet, were discovered by a Reddit user earlier this week. At least 50,000 people are said to have downloaded the apps. Google’s kill switch will have wiped the bad apples from users’ devices but Android Central reports that Google actually patched its source code to prevent this type of exploit, so users running Android 2.2.2 and up will not have been affected at all.

Reports: Google yanks infected Android apps | Android Atlas - CNET Reviews
Google pulls Market apps with root exploit -- one patched in AOSP, but you probably didn't get it | Android Central

21 Malware Apps Google Removed From Android
 

pauldmps

Banned
Unfortunately, only two Android handsets are currently running Android 2.2.2 or later - the Nexus One & Nexus S.
 

coderunknown

Retired Forum Mod
but Optimus One too is running 2.2.2 & is it like that 2.2.2 can't be rooted at all or just LG disabled rooting?
 

pauldmps

Banned
This is the latest development on this issue: Google Responds To Android Malware, Will Fix Infected Devices And ‘Remote Kill’ Malicious Apps)


On March 1, news broke that dozens of malicious applications had made their way to Android Market, each infected with a rootkit that could grant hackers deep access to Android devices that installed them. Google removed the malicious applications from Android Market within a few minutes of being notified, but has otherwise remained silent on the situation. Until now (at 10PM on a Saturday…)

Google has now confirmed that 58 malicious applications were uploaded to Android Market, and that they were downloaded onto around 260,000 devices before Google removed the apps Tuesday evening. That number sounds alarmingly high, but Google believes that only device-specific information, namely the phone’s IMEI number, was compromised — and that no personal data or account information was ever transferred. Given that these apps were getting root access, this could have been a lot worse. Now the cleanup begins.

Beginning tonight, Google is going to invoke a special ‘remote kill’ function that allows it to remove these malicious applications from any affected Android devices with no action required from the user. Google will also be issuing a fully automated Android Market security update to infected devices that should remove the rootkit (again, no user action will be required). All affected users will be receiving email notifications about the situation as well.

Unfortunately, while Google can remotely fix affected devices, it can’t automatically patch the security hole that made the exploit possible in the first place. That’s because the hole exists on the system level, so it requires a system upgrade to resolve — and it’s up to the carriers and hardware manufacturers to deploy the fix. Google is issuing a patch and informing its partners that it is urgent, but who knows how long it will take the carriers to push it to users.

As if to underscore this problem, Google says that the exploit was actually already fixed in recent versions of Android, and that it only affects version 2.2.1 and lower. Unfortunately the vast majority of Android devices are still running older versions of the OS because of the aforementioned sluggish carrier updates.

Beyond these software updates, Google says that it’s taking steps to try to prevent similar malicious apps from making it onto Android Market. But it’s being vague on the details:

We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

The whole situation is pretty alarming for Android users (and I’m sure the email alerts Google will be issuing are going to spur even more user angst). Google wins some points for removing the affected applications within minutes of being informed of their malicious intent. But the fact that it is unable to distribute system security updates is unnerving — Google can downplay Android’s fragmentation issue all it wants, but when user security is at stake, we shouldn’t have to rely on the carriers.

And it’s also obviously alarming that the applications were accepted onto Android Market in the first place. Google doesn’t screen applications manually (even Apple doesn’t actually have a reviewer look through every application’s code) but hopefully it can institute some automated tools to better screen malicious apps. Because if malware continues to creep into Market, users may become wary of downloading apps from developers they haven’t heard of, which would hurt the whole ecosystem.

Here’s the email that is being sent to affected Android users:

You are receiving this message to inform you of a critical issue affecting your Android Market account.

Hello,

We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.

According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).

However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.

To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.

For more details, please visit the Android Market Help Center.

Regards,
The Android Market Team
 
Top Bottom