News has been circulating this month of steps being taken by Google to remove malicious applications from the Android Market webstore. Reports have suggested that “dozens” of malicious rootkit-bearing apps were circulating until Google removed them “within minutes” of becoming aware of the problem.
The company has now taken steps to arm its so-called remote kill switch to “forcibly uninstall” any of the infected apps from the 260,000 handsets that were apparently compromised by the attack.
Google is further fortifying the Android Market with an update to reverse the exploit itself, as well as taking action to send emails to users who will have been affected.
The search giant was initially quiet on the whole subject, presumably spending its initial focus on examining the compromise itself. Google’s Android security lead Rich Cannings later clarified the situation saying that that no personal data or individual user account information was transferred.
“The Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application,” said Cannings.
For more on this, and a link to the Android Market Help Center, visit the Google Mobile Blog itself.