Jump to content
[[Template core/front/custom/_customHeader is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]]

Android Users

lennykravitz2004

By lennykravitz2004,
in The Tailgate

 Share

Recommended Posts

lennykravitz2004 Huddler

lennykravitz2004

Posted
Posted (edited)

:wacko:

 

After it was made known that 50 or so rogue malicious apps had wormed their way into the Android App Market , Google immediately removed them. But this weekend it came to light that the company went a step further, and remotely deleted the dangerous apps from the phones of users who'd accidentally downloaded them.

Google's own Mobile Blog reported the remote surgery, and said that the company was also "pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices." Third-party security app Lookout also pushed an update to its users to curtail any further malware intrusion.

What kind of damage may have already been done? "For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific," the blog reported. This would include "unique codes which are used to identify mobile devices, and the version of Android running on your device. But given the nature of the exploits, the attacker(s) could access other data." Assuming they were successful on all handsets, fixes should have cut off attackers from any further access.

The number of affected phones could be as high as 50,000, according to Engadget.

Google's blog linked to a June 2010 discussion of the "remote application removal feature," aka "kill switch," where they first used it to get rid of some improperly deployed (but not malicious) developer software. Tim Bray of the Android Developers blog remarked, at the time, "While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users' safety when needed."

By now, it's clear that this tool isn't just a precautionary measure but a necessary feature, one that, unfortunately, may get quite a bit of exercise in the future.

 

Kind of makes me nervous on many fronts.

 

ETA: Google blog link

Google blog

An Update on Android Market Security

Saturday, March 5, 2011 | 10:08 PM

On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application:

 

We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.

We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.

We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.

We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

 

For more details, please visit the Android Market Help Center. We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future.

 

 

Posted by Rich Cannings, Android Security Lead

Edited by lennykravitz2004
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

  I accept