Developer banned, malicious apps automatically removed from users' infected phones, exploits patched

Android Market

Google late Saturday night publicly revealed the action it has taken in the wake of a number of malicious applications that were lurking not so quietly in the Android Market. As you'll recall, some 21 apps from a single developer were found to be collecting and sending device IDs (IMEI codes) and Android versions, but the exploit left users open to worse attacks. Here's the short version of what Google's done since being alerted March 1:

  • The apps were removed from the Market, developer accounts banned and law enforcement notified.
  • Google is remotely removing the malicious applications from infected phones. (That's a feature Google has its disposal, and has used in the past.)
  • Google is pushing an update to undo the security exploits that allowed these malicious apps to work in the first place.
  • Google is "adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market."

A couple things to note here: If you are running Android 2.2.2 or higher, you don't have these security vulnerabilities. If you were affected, you'll be getting an e-mail from Google (android-market-support@google.com) explaining things, and you'll be getting an Android Market Security Tool 2011 app to patch the exploits.

So the barn door's been closed, folks. Google says it's taking additional steps to keep this sort of thing from happening again. That's not to say it won't happen -- by nature, attacks will continue. But good on Google for explaining exactly what happened, and what's being done in the aftermath. [Google Mobile Blog]