14 DAY TRIAL // Google has taken several steps to help victims of a trojan recently distributed from the Android Market, but whether these will have a long-term security impact remains unclear.
Last Tuesday, Google pulled over 50 malicious apps rigged with a trojan from the Android Market after being downloaded for more than 50,000 times.
The apps were actually legit ones repackaged with malicious code and published under different names.
Google claims to have responded in minutes when it was notified by removing all apps from the Market, however, according to one developer, the company failed to notice his reports for a week.
Google also began uninstalling the rogue apps from affected phones remotely, leveraging a security feature buit into Android.
However, because they also used a public exploit known as "rageagainstthecage" to obtain root access on the devices before installing the actual trojan, the company will also push an Android Market security update.
This will appear to users under the name "Android Market Security Tool March 2011" and once installed, it will undo the exploit.
"We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues," the company said, without going into details about the changes.
At this point it's pretty clear that Android malware is taking off, exactly as security experts predicted, and the lax Android Market submission process is certainly not helping things.
There are also doubts as to how efficient the remote uninstall feature is as far as mitigation goes. For example, this trojan gave attackers the ability to execute other unauthorized code on the devices.
They didn't actually use the feature in this attack, but if they would have it's not clear if Google could also remotely wipe that code, or even know what it was.