14 DAY TRIAL // Google's Android users should feel a little more secure now, considering the fact that the company has just removed from the Android Market a series of applications that included malicious code, and which were already downloaded by many. Of course, this leaves us questioning the reliability of Google's verification tools, since these apps managed to enter the Market in the first place, but at least the company took the necessary measures fast enough to ensure that no other user was affected.
The story is simple: a number of applications in the Android Market, apparently some 21 on them, were ripped off, injected with malicious code, and then republished them to the Market.
The issue was signaled by lompolo over at Reddit (via Android Police), and Google acted on it almost immediately, though it seems that the company should have done so a few days ago, when the developer of the original applications contacted it on the matter.
“Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK's, they both contain what seems to be the “rageagainstthecage” root exploit - binary contains string “CVE-2010-EASY Android local root exploit (C) 2010 by 743C',” lompolo notes in a recent post.
“The apps are also installing another embedded app (hidden as assets/sqlite.db), 'DownloadProvidersManager.apk'. Not sure what it does yet on top of monitoring what apps the user installs,” a later edit to the said post explains.
Apparently, the malicious code in those applications was meant to steal various details about the handset and user, including IMEI and IMSI codes, product ID, model, country, userID, and more. At the same time, it had the ability to download even more code to the device.
Fortunately, the applications were removed from the Market in the meantime, which means that other users won't be affected but, as stated above, Google seems to have taken its time before acting on this. Have a look at what Coding Caveman stated:
I'm the developer of the original Guitar Solo Lite. I noticed the rogue app a bit more than a week ago (I was receiving crash reports sent from the pirated version of the app). I notified Google about this through all the channels I could think of: DCMA notice, malicious app reporting, Android Market Help...they have yet to respond.
Thankfully this was posted on Reddit, since after the post the rogue dev and all his apps have been removed from the market. There really should be a faster/easier way to get Google to act on it.
Hopefully, this is nothing more than an isolated incident, and Google will pay increased attention to the applications it allows in the Android Market, especially considering the fact that tens of thousands of people are choosing Android devices over rival handsets each day.