Google removing virus-infected Android apps from phones, tablets


This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

Google is remotely removing virus-infected Android apps from thousands of phones and tablets in its continuing cleanup of what has become known as the ‘Droid Dream’ scare.

Last Tuesday, Google removed 21 free apps that were hacked and loaded with malware, and then distributed on the company’s Android Marketplace.


Since then, reports state that Google has removed more than 50 malicious apps from its Android Marketplace -- though, while Google has acknowledged that it has removed a number of apps, it so far has declined to say just how many.

On Saturday, Google began entering people’s phones and tablets and killing the infected apps directly on those devices, said Rich Cannings, Google’s Android security lead, in a blog post.

‘For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device),’ Cannings said.

‘But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application.’

Not only did Google start removing malware-infested applications from both its Android Marketplace and Android devices that had downloaded the bad apps, the tech giant has also suspended the Android Marketplace accounts of developers who’ve uploaded the virus-containing apps, he said.

Google is also passing along information on the attack to law enforcement agencies, Cannings said.


The removal of the malware apps from devices is one of the many increased security measures Google has had to employ in this ordeal, he said.

‘We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,’ Cannings said.

Google has sent out e-mails from its address to the owners of affected Android phones or tablets beginning this Saturday through the end of the day Monday, detailing its actions, he said.

‘You may also receive notification(s) on your device that an application has been removed,’ Cannings said, addressing affected Android users. ‘You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.’

Many of the affected apps removed from Android devices and the Android Market are believed to have been downloaded virus-fee, from their original publishers, and then hacked with malware, before being re-uploaded to Google’s official app store by the new publisher.

Some have expressed privacy concerns over Google’s ability to remove apps from devices remotely, though it is an action that Google makes clear it has the right to perfom in its Android Market Terms of Service, stating: ‘2.4 From time to time, Google may discover a Product on the Market that violates the Android Market Developer Distribution Agreement or other legal agreements, laws, regulations or policies. You agree that in such an instance Google retains the right to remotely remove those applications from your Device at its sole discretion.’


The problems with the infected apps on the Android Marketplace, which have been nicknamed ‘Droid Dream’ by many Android fan blogs and forums, follows news last month that multiple apps distributed on third-party websites have been known to run-up user’s phone bills by taking over text messaging and Web browser functions.

Android is the world’s most popular mobile operating system and the OS and its apps are built on and largely distributed on an open-source platform, which makes it very accessible to developers and hackers alike.

Amazon also announced last week that it was launching an Android app store of its own to compete with Google’s official Android Market, and is calling it the Amazon Appstore.


Google removes 21 apps infected with malware from its Android Market, report says

Hacked Android apps rack up texting charges on users’ bills


-- Nathan Olivarez-Giles