Google Issues Android Security Patch, After Attacks

Google has removed over 50 malicious apps from its Android Market and issued a security patch, after eventually admitting multiple malware attacks that compromised a number of Android-powered handsets last week.

According to the company, its Android team has also suspended the associated developer accounts and “remotely” deleted the infected apps from affected devices.

“This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” wrote Android security engineer Rich Cannings on the company’s official mobile blog.

Google believes the attackers were able to acquire only “device-specific” information – IMEI/IMSI, unique codes used to identify mobile devices, and the operating system version detail – but admitted other data could have been accessed.

Android Market Security Tool March 2011

The infected apps contain rootkit malware called DroidDream, which can take command of a mobile handset, send personal details to a remote server, download and execute new code.

To prevent further exploit, Google has been installing a security update dubbed ‘Android Market Security Tool March 2011’ to all affected devices.

Users who downloaded a malicious app will receive an email from android-market-support@google.com, followed by a notification that the app has been “automatically” removed.

The infected apps were said to have seen 50,000 to 200,000 downloads in four days. However, the company has announced the DroidDream malware could not affect Android versions 2.2.2 or higher.

Android malware on the rise

Meanwhile, the malware incident has raised even more concerns over security issues facing the Android platform, including the one-time £15 entry fee that Google charges Android app developers.

“The entry barrier could definitely be made a bit higher, as it would make the creation of fake developer accounts more expensive,” said Vanja Svajcer, principal virus researcher at Sophos, explaining that the higher fee would prevent the attack pattern from “becoming a daily event”.

Svajcer also pointed out that the rate at which new Android malware is appearing is on the rise.

“The openness of the platform as well as the availability of alternative application markets makes Android-based devices more difficult to secure,” he added.

Following the malware attacks, the tech giant said it is adding a number of measures to sweep malicious applications from its Android Market, while providing fixes for the underlying security issues.