Last Tuesday, news broke that over 50 applications in the Android Market were found to contain malware that could be exploited to gain root control over a phone and steal sensitive data. Google removed the applications from the market but offered no public comment about the issue, and so questions remained about what would happen to the 50,000 some-odd apps that had already been downloaded.
On Saturday evening, Google announced that it had initiated the “remote application removal feature,” that allowed it to wipe the malicious apps from infected Android devices without any additional action on the part of users.
Google also said that it would be pushing an Android Market security update out to those devices that would prevent attackers from accessing any more information via the exploit. Google said those users would get an email update as well as a notification on their phones that “Android Market Security Tool March 2011” had been installed.
According to Google, the malicious applications only impacted those phones running version 2.2.1 and lower. However, that’s still the majority of Android devices, and this episode is another testament to the continuing fragmentation of the Android market. Google says it’s “working with our partners to provide the fix for the underlying security issues,” so the fix is now in the hands of carriers to roll out.
But this latest security issue isn’t simply a matter of fragmentation; it’s a matter of malicious apps appearing in the Android Market in the first place. Google says that it is “adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market,” but it doesn’t specify what those steps will be.
While this may be the first time Google has had to invoke the remote “kill switch,” it isn’t the first time it’s had to yank malicious apps from the Android Market. Is Google doing enough to keep users safe? And what can be done to address the carriers’ role in security?
