The “Droid Dream” series of malicious attacks to the Android Market last Tuesday saw internet powerhouse Google yet again extend their far-reaching safety net by initiating their “remote application removal feature” on Saturday evening to counter the threat. The attacks, in which malicious code is appended to legitimate applications, could be exploited to gain root control over an Android-enabled phone and steal sensitive data.
Initially, within minutes of learning of the issue, Google removed the applications without any further indication as to their strategy around the 50,000 or more apps that had already been downloaded. That is, until Saturday, when Google fired up their remote app nuking facility, the second time in the history of Android – the first being June 2010’s removal of two free applications with embedded malware and was built by a security researcher.
The remote application removal process allows Google to wipe off the malicious apps from Android phones without any further action from users. Google also added that this time around, no critical information was accessed but an expected Android Market security update will be implemented for vulnerable devices to prevent any exploiting through the attack and further accessing of sensitive information.
Rich Cannings, the Android Security Lead, briefly explains how the malware managed to exploit Android powered devices in his post: a Google Mobile Blog post: “For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device) But given the nature of the exploits, the attacker(s) could access other data, which is why we’ve taken a number of steps to protect those who downloaded a malicious application”.
The malware only seemed to affect devices running version 2.2.1 and lower of the Android OS which unfortunately, according to Read Write Web still includes the majority of Android devices.