Gadgetoxic – Toxify your tech life

Smartphones , Tablets , Computers , laptop and news on every other gadget

Google continues to be admirably quick to react to DroidDream, the nasty Android Trojan we helped uncover on Tuesday. After removing the offending apps from the Market in just a few minutes of finding out about them, a new post on the Google Mobile Blog reveals that they’re now ready to take further steps.
First, as expected, they plan to remotely wipe the apps from affected users using the “remote application removal feature.” Next, they’re rolling out an update to infected devices that “undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.” These affected users will receive an email from Google notifying them that they are infected, and the update – “Android Market Security Tool March 2011″ – will automatically be installed. Finally, they’re taking steps with the Market to prevent something like this happening again, as well as working with their “partners” (manufacturers and/or carriers, I’d assume) to patch the Security issue.
We’ve pinged the Google Mobile team to ask for clarification on the last two points, although it’s doubtful we’ll hear anything back. If we do, we’ll be sure to update the post.

Check out the complete details mentioned on the Google blog below :

On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application:

1. We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
2. We are remotely removing the malicious applications from affected devices. Thisremote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
3. We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
4. We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

For more details, please visit the Android Market Help Center. We always encourage you to check the list of permissions when installing an application from Android Market. Security is a priority for the Android team, and we’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future.

Tags: android market, google

This entry was posted on Sunday, March 6th, 2011 at 9:05 pm and is filed under Android, mobile phones, News, smartphone, updates. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.