The latest battle in the war against malicious apps is joined as Google has reported via it’s mobile blog that a number of new Android Apps repackaged with malware have been removed. In addition to wiping the apps from the Marketplace, Google is in the process of removing the malicious applications via remote from affected handsets. They’ve also banned the suspect publishers and are calling in the long arm of the law. According to Google, the malicious applications are taking advantage of a known vulnerability in Android versions 2.1 and below, so users with handsets running Android 2.2 (Froyo) and above aren’t affected.
What are the hackers after? Well, it seems that for affected devices, the only information they could possibly glean is IMEI/MSI codes used to identify specific devices and the specific version of Android each phone is running. However, Google says that given the nature of the attacks, other data could eventually be accessed, which is what prompted the scorched earth policy.
The remote application removal feature is one of the security controls that the Android team has put in place to eradicate the suspect exploits out in the wild. Google is currently pushing security updates to all phones affected. Users of Android 2.1 (Eclair) and below will be getting an email from email@example.com by mid week advising of the installation of “Android Market Security Tool March 2011.” The update will be automatic and no users action needs to be taken. Once the security tool is in place, it should remove any suspect applications within 24 hours.
For more details, head on over to the Android Market Help Center.[via Google Mobile Blog]