Vulnerability in google applications

google
Google removes malware apps for Android. Google was hit with malware infected apps last week when it found out that a large number of malware-infected apps were being sold by publisher Myournet on Android Market.

The publisher and its products were quickly removed, but the damage had already been done: the 58 removed apps were downloaded roughly 260,000 times before they went away, TechCrunch reports.

Google was silent on this news until last night when the internal development team was givn time to engineer a fix, which they have. Android Security Lead Rich Canning laid out the details in an update on the Google Mobile Blog last night.

A security update will be (or likely already has been) pushed to all of those devices that downloaded one or more of the problem apps. Google is sending e-mails out to the security update recipients “over the next 72 hours” to inform them of the mandatory update, which requires no action on the user side. At the same time, Google is also enacting one of its security controls to remotely remove all of the malicious apps from affected devices. If you’ve got one of the problem apps and haven’t removed it yet, it’s going to automatically be done for you. Sometimes, having Big Brother always watching isn’t such a bad thing.

Canning also writes, “We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues,” though exactly what those measures are isn’t detailed.

The malware is believed to have only gathered device-specific information, though it contained code that could have allowed for the download of more potentially harmful data without a user’s knowledge. Devices with Android version 2.2.2 or higher were also not affected, as the malicious software takes advantage of exploits that were only present in earlier versions. That said, if you’re running a “safe” version and do somehow happen to still have one of the affected apps… it might be a good idea to remove it.