Lat week, Google was made aware that there were over 21 malware-infested applications in the Android Market that were up to no good.
Google now says there were actually 58 malicious apps downloaded to 260,000 Android smartphones, and late Saturday night, Google remotely turned on its kill switch, which is able to remove those errant applications from the phones.
The kill switch is actually software that’s downloaded onto an Android smartphone and installed automatically, removing the apps in question with no user action required.
In its Google Mobile Blog, the company announced:
“We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”
Google’s had this kill switch in place since 2008, and it used the remote application removal capability for the first time in June, 2010.
Google downplayed the harm caused by these malware apps, assuring users that none of their personal data has been compromised.
However, it doesn’t look like that the kill switch will be completely able to fix this problem. TechCrunch points out that Android devices are still vulnerable because of existing security holes at the system level, which must be fixed by cellular carriers and hardware manufacturers.
The problem is made worse by cellular providers sticking with older versions of Android which is unfortunate for the users because the security exploit only affects Android versions 2.2.1 and older. The good news is, if an Android phone is running the latest software, the security issue has already been taken care of.
Google now says there were actually 58 malicious apps downloaded to 260,000 Android smartphones, and late Saturday night, Google remotely turned on its kill switch, which is able to remove those errant applications from the phones.
The kill switch is actually software that’s downloaded onto an Android smartphone and installed automatically, removing the apps in question with no user action required.
In its Google Mobile Blog, the company announced:
“We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”
Google’s had this kill switch in place since 2008, and it used the remote application removal capability for the first time in June, 2010.
Google downplayed the harm caused by these malware apps, assuring users that none of their personal data has been compromised.
However, it doesn’t look like that the kill switch will be completely able to fix this problem. TechCrunch points out that Android devices are still vulnerable because of existing security holes at the system level, which must be fixed by cellular carriers and hardware manufacturers.
The problem is made worse by cellular providers sticking with older versions of Android which is unfortunate for the users because the security exploit only affects Android versions 2.2.1 and older. The good news is, if an Android phone is running the latest software, the security issue has already been taken care of.
