Google is doing a lot of cleanup work after last week’s malware attack on apps based on its Android operating system, building new safeguards into Android Market and deploying a remote wipe of phones carrying infected apps.
In a blog post over the weekend, Google’s Rich Cannings, Android Security Lead, gave the blow-by-blow of what had happened, outlined its response and confirmed that it had dispatched a remote fix to erase apps that had been compromised.
Given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application:
1. We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
2. We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
3. We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.
4. We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.
Google also directed users and developers to its Android Market Help Center for more information.
The mobile security firm Lookout has been carefully documenting the attack of the malware, dubbed DroidDream. How much fallout Google will need to deal with remains to be seen, though many observers are pointing to the fact that the company does little vetting of the apps in the Android Market in order to allow developers to get their apps in users’ hands more quickly.
