Google has admitted rogue applications filled with malware made their way onto users’ phones through the Android Market, and has utilised its “kill switch” that remotely deletes apps from a user’s phone.
The issue highlights the growing number of malware threats being specifically designed to target Android-based smartphones, which can infiltrate a user’s phone and steal personal data.
While news broke of the rogue applications last week, and they were taken down within minutes, Google has said in a new blog post it has taken a number of steps to limit the impact of these apps.
“We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” it says.
The remote-kill feature has been in place ever since 2008, but was only used for the first time in June 2010 on two apps. The latest malware attacks only affect versions below Android 2.2.2.
Google has also warned Android users that affected devices will receive a security update within the next few days. If a user has been hit by the malware, they’ll receive an email in the next 72 hours and receive a phone notification that a security tool has been installed.
“You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”
Reports suggest the number of infected apps on the marketplace was 58, and over 200,000 devices downloaded them. Google Australia was contacted for confirmation on those figures this morning, but a reply was not available before publication.
But the issue highlights what security experts have been saying for some time – Android malware is becoming a real threat. McAfee warned SMEs last month that businesses need to ensure their smartphones are protected against these types of attacks designed to steal personal data.
The rise of Android malware also highlights the dangers of Google’s own policies. It does not put apps through a rigorous screening process like Apple does, so hackers have more chance of succeeding.
MoGeneration chief executive Keith Ahern says the issue highlights the need for more security for Android apps.
“With Android phones, it isn’t quite the case that you will be protected by someone. There is no one really to look out for you,” he says.
“So if you have a home PC, then it becomes a no-brainer for you to run anti-virus software. I think either separate companies or Google has to step up to the plate, and I have a feeling they’re going to bring in more screening for apps.”
Google has said it will introduce “a number of new measures” to prevent more malicious applications from appearing, and promises it is working “with our partners to provide the fix for the underlying security issues”.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.