14 DAY TRIAL // Last week, various reports emerged on the existence of a series of applications in the Android Market that contained malicious code, and Google pulled the said software off the portal immediately, while also starting to remove the apps from the affected devices.
The company also unveiled some details on its plans concerning the security of Android users, including an aim to have the affected phones updated so that the malicious software is completely removed from them.
“On Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, we identified and removed the malicious applications,” the company announced in a recent blog post.
“For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device),” the said post continues.
According to Google, the malicious apps took advantage of vulnerabilities that existed in Android versions prior to 2.2.2, but which were fixed in the newer flavors of the OS.
However, Google also notes that the nature of the exploits enabled attackers to access other data on the device, and that it is working on preventing that from happening.
Among the steps it took in this direction, we can count the elimination of the malicious applications from Android Market, along with the suspension of the associated developer accounts.
At the same time the company says that it is remotely removing the malicious applications from affected mobile phones, and that it is deploying an Android Market security update to all devices that were affected by the attack.
This update, claims Google, “undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.”
The company also says that it is adding more measures aimed at preventing the inclusion of other “malicious applications using similar exploits from being distributed through Android Market."