Print 47 comment(s) - last by YashBudini.. on Mar 10 at 2:40 PM

Company will release special removal tool for affected users, is remotely killing apps

Google is reacting quickly to what is perhaps the largest mass infection of users of its Android OS, yet. Rather than keep quiet, Google quickly pulled the 58 malicious apps, which were repackaged versions of legitimate apps (containing extra malicious APKs designed to grab personal information, obtain root access, and install code remotely).

Now it's take even more strident measures to combat the attack, personally reaching out to affected users.  Google began executing its remote kill functionality on the malicious apps Saturday.

It also pushed out an update to affected users phones, which will remove the installed rootkit.  Google sent the following email [source] to the estimated 260,000 Android users:


We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.

According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).

However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.

To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.

For more details, please visit the Android Market Help Center.

The Android Market Team

The flaw that allowed the malware to gain root access without asking for permissions was actually fixed by Google with firmware update Android 2.2.1.  Unfortunately carriers have been extremely sluggish at rolling out updates for Android users, and this is the end result.

Google has repackaged the fix as an individual patch and given it to carriers and handset makers.  But it's up to carriers and their hardware partners to push it down to phone customers as the patch will have to be adjusted to individual hardware configurations.  

In other words Google's keeping busy killing the burglars in the house, but back door is still wide open.  At least it's doing something, though, and giving its customers the decency of communication.

Google is also taking steps to make sure similar malware doesn't reappear in the Android Marketplace.  While the company is vague on specifics, it writes:

We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

According to professional hackers and security researchers, most phones and applications markets have the potential to be infiltrated by malware.  

For example, at Nicolas Seriot, a Swiss iPhone expert, has demoed [white paper] at the annual Black Hat conference an app called "SpyPhone", which showed off how easy it would be to sneak malware into the App Store.  It is unknown if this is being actively done, but Mr. Seriot's whitepaper offered obfuscation code that disguised disallowed strings, offering hackers a clear path to getting their malware into the App Store (the only other necessary steps would be a delayed activation of the malicious activity, and avoidance of using private APIs).

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Googles done decently
By gamerk2 on 3/7/2011 10:38:51 AM , Rating: 5
Google has actually done a pretty good job getting things under control, and the email to affected users is a nice touch. I'm blmaining this more on the makers of the phones then on google.

RE: Googles done decently
By trooper11 on 3/7/2011 10:45:36 AM , Rating: 5
Not sure why the phone makers would be to blame for this. Google takes the hit first of course becuase of the flaw in the first place, but it sounds like its the carriers that are to blame for the number of people affected.

If the carriers are responsible for delaying the updates that would have protected these customers, then something needs to be done to avoid this.

RE: Googles done decently
By Akrovah on 3/7/2011 10:59:27 AM , Rating: 3
And that is my #1 reason why I won't go with an Android., Even though almost everything about it is awsome the utter lack of timely system wide updates is a deal breaker for me.

RE: Googles done decently
By Stoanhart on 3/7/2011 4:54:00 PM , Rating: 3
So buy a Nexus phone. It's cheaper to pay full price and pay less per month than it is to get a "free" phone anyways.

RE: Googles done decently
By Murst on 3/7/2011 5:06:40 PM , Rating: 2
It's cheaper to pay full price and pay less per month than it is to get a "free" phone anyways.

What does this have to do w/ anything? You can buy all kinds of phones from T-mobile w/o the subsidy.

The Nexus S is $200 w/ a 2 year contract, and $530 without... pretty similar to other smartphones.

RE: Googles done decently
By Akrovah on 3/7/2011 6:29:39 PM , Rating: 2
The Nexus looks nice, but is only available on T-Mobile in the states, and T-Mobile mas terrible reception in my home town. I had to return my HD7 (which I friggin loved otherwise) because I couldn't make calls from home on it.

RE: Googles done decently
By Zoomer on 3/7/2011 7:46:47 PM , Rating: 2
So that's why I got an OTA update for my Desire back, erm, Nov?

RE: Googles done decently
By Akrovah on 3/8/2011 12:52:04 PM , Rating: 2
I never said there were no updaes, jsut a lack of timely updates, dependent completely on when the manufacturer and carrier get around to making them. As a result hoels like this go unplugged for an extended period of time.

And what version of Android did your desire get updated to? was it the latest version, or a signifigantly delayed and now out of date version?

RE: Googles done decently
By omnicronx on 3/7/2011 11:09:22 AM , Rating: 4
Something gives me a feeling a lot of this falls on the basic design of Android.. Far too much can be changed from carrier to carrier, and requires a lot of testing for each update. Nothing is enforced either, so they don't have to continue to perform updates.

So whose fault is it? The carriers for doing what their agreement states they can do? Or Google's for not thinking the update process through?

I'm an Android user, and I love my phone, but out of all the 4 next gen smartphone OS's (iOS, Windows Phone, WebOS, Android), it has by far the worst update process and procedures.

RE: Googles done decently
By trooper11 on 3/7/2011 11:14:27 AM , Rating: 2
I would like to know what those carrier agreements are. This isnt the first example of carriers standing in the way of updates. Microsoft is dealing with the same problem trying to roll out thier first updates, so its not just an android thing.

Im not saying the carriers might not have a good reason for delaying updates, but it would be nice if the process was more transparent so that there wouldnt be the normal blame game that goes around.

RE: Googles done decently
By omnicronx on 3/7/2011 11:47:18 AM , Rating: 1
Rolling out updates is never easy, but other companies have made things easier on themselves. The very thing that makes Android so successful is also its most hindering, its ability to customize.

Apple, well as draconian as they may be, they have the update process down. Obviously having a single device makes it much easier on them, but from an update standpoint, they are one of the best.

Windows Phone, OEM approach like Android, but with some pretty big differences. No ability to customize the UI, which is a big one as this is often a big part of the delay. Standardized hardware, internal and external, once again, closer devices are, the easier it is to release updates. I'm also pretty sure that MS is actually only using one SOC variant on all of their phones as it currently stands.I'm also pretty sure that unlike Android, the carriers are only allowed to skip one update.

Palm, Well as low as their share and popularity is, their update process was actually a bright spot. Closed platform and only two phones, so this is kind of expected.

Android, great in theory, but a phone can differ so much from carrier to carrier, and the vast amount of phones available with no mandate to update their devices was just a bad idea in the first place. The only saving grace is the Nexus One, which is basically vanilla Android is a true display of how Android should be. Unless Google can somehow figure out a way to streamline the update process while still allowing such an ability to customize, then perhaps they need to go a different route (which apparently they may be already).

Perhaps by moving the responsibility of customizing the device to the user like it should be.

RE: Googles done decently
By Kurz on 3/7/2011 12:12:35 PM , Rating: 2
You would think since Android is based on Linux that the UI/software packages should have its own mem space and the guts of the OS should be able to update seperately while not messing up what the manufactures do to the phone.

RE: Googles done decently
By Alexstarfire on 3/7/2011 1:31:58 PM , Rating: 5
In this case it's mostly the carriers fault seeing as how this flaw has actually already been fixed. Carriers just haven't pushed/made the update. If this flaw was in all versions or at least the current version then I see it being much more Google's fault.

It sucks either way, don't get me wrong, but it's rather unfair to blame Google for something that's already been fixed. Might as well get mad at Apple, or any company for that matter, when someone gets iOS 4.1 hacked into on their iPhone 3GS. Flaw shouldn't have been their to begin with but no one makes perfect software. It's already been fixed however so it's a moot point from Apple's, in this case Google's, perspective.

RE: Googles done decently
By dubldwn on 3/7/2011 1:58:37 PM , Rating: 3
I feel old fashioned reading these comments. I blame the creators of the malicious apps.

By SublimeSimplicity on 3/7/2011 2:05:06 PM , Rating: 2
It can't be their fault, because they don't have any money to sue for.

RE: Googles done decently
By Alexstarfire on 3/7/2011 10:47:35 PM , Rating: 2
I thought that was a given. :P There are usually, and certainly in this case, more than 1 person/company/etc. to blame.

RE: Googles done decently
By SPOOFE on 3/8/2011 12:37:47 AM , Rating: 2
Just goes to show that there's multiple levels of blame.

Blaming the guys that made the malware is one of those "goes without saying" things.

However, it similarly goes without saying that hackers and crackers and the just plain mischievous are sort of a constant: They're out there, looking for most any opportunity to mess around with other hardware. It's an inherent aspect of the ecosystem, and there are better and worse ways to deal with it. A judgment of quality may be made based on how well a given vendor deals with it.

RE: Googles done decently
By Tony Swash on 3/7/11, Rating: -1
RE: Googles done decently
By JasonMick on 3/7/2011 3:39:12 PM , Rating: 4
Interesting that Google can install stuff on your phone without your permission and without you knowing about it. A bit creepy. And apparently they can't do the same for OS upgrades. Shame :)

I wish Apple were open like this ;)

Surely you know that Apple "installs stuff" on your computer, right? It's called automatic updates. It does them for iTunes, OS X, etc.

Apple just hasn't gotten around to implementing the feature in iOS yet.

And I'm sure you didn't mean to imply that installing a removal tool for rootkit malware was BAD thing, right?

Google and Apple are in much the same boat when it comes to malware apps. Some will sure slip through the cracks. But the difference with Google is that the company is more vocal and transparent about its security flaws, while Apple remains silent on these kinds of issues...

RE: Googles done decently
By W00dmann on 3/7/11, Rating: -1
RE: Googles done decently
By Tony Swash on 3/7/11, Rating: -1
RE: Googles done decently
By JasonMick on 3/7/2011 5:10:36 PM , Rating: 2
Fact alert!!!!

Look away now if facts offend.

Even if you have download updates automatically turned on in MacOSX you always have to give explicit permission for it to install.

I have an HTC EVO and it requires my permission to install updates.

No malware like the Android crap has appeared on iOS (except for jailbreakers)

I doubt that.

Lack of proof is not proof in and of itself that something doesn't exist.

Apple's screen eliminates *obvious* malware, but more subtle malware using string obfuscation, no internal APIs, no core system calls, and remote post-mortem activation would pass through scott-free. See white papers from recent Black Hat conventions, Tony.

The thing is, Apple eliminates dumb malware. The smart ones you'd never hear about.

Systems that check for malware in advance of distribution are never perfect but are always safer than systems that don't check for malware in advance of distribution.

Google checks its apps pre-approval, just not to the extent Apple tests them. It's misleading to suggest it doesn't screen, though, if that's what you're trying to say.

RE: Googles done decently
By Tony Swash on 3/7/11, Rating: -1
RE: Googles done decently
By Alexstarfire on 3/7/2011 11:06:44 PM , Rating: 2
Kinda have to agree with Tony on this one. Remote kill is one thing since several platforms seem to have that. I still think that is dumb btw, but that's something else all together. No company/person should be able to install something on my stuff remotely without my permission. It's like giving the government a backdoor into your phone. Sure, they could do good with it, but is that really the point? Moreover, backdoors almost always end up getting used for evil.

I wonder if they can do this on any phone with Android, even with rooted phones and such?

RE: Googles done decently
By themaster08 on 3/8/2011 3:06:15 AM , Rating: 2
I kinda agree too. That's probably one of the most rational and unbiased posts from Tony I've ever seen.

However, since this remote kill has been pushed without user acknowledgement or intervention, as you said, several platforms have this. This could have already have been done on any device, including those from Apple, Microsoft, HP, and so on, and we may not know it.

The only reason we know of it in this scenario is due to the severity of the issue, and Google's public response.

RE: Googles done decently
By W00dmann on 3/7/11, Rating: 0
RE: Googles done decently
By tayb on 3/7/2011 8:32:47 PM , Rating: 1
What? Was this seriously your response to that post?

1. I can't follow your logic at all. Your EVO requires your permission to install updates? Okay. Go on? How does that relate to these 260,000 people having updates install without permission and THEN having an email sent letting them know an update was just installed.

2. You doubt that? If you don't have proof then SHUT UP. You can't make claims that Apple and Google are in the same boat, offer no proof, and then claim that a lack of proof does not prove that something doesn't exist? I can't believe I just read that.

3. If Apple eliminates dumb malware but not the "smart malware" how does that make Google look? Also, since all of this "white paper" crap is supposedly possible why is it so difficult for you to come up with a single relevant example? Could it possibly be because reality doesn't support your baseless claims?

4. This whole post is ridiculous. You painted yourself into a corner with a ridiculous original post but now you are just making yourself look like an idiot by trying to claw your way out. Stop while you are ahead next time.

RE: Googles done decently
By Alexstarfire on 3/7/2011 11:14:00 PM , Rating: 2
Am I the only one that remembers all the "media player" apps on the iOS that took personal information from its users? I can go dig up the articles if someone would like me to, but surely I can't be the only one to remember that.

RE: Googles done decently
By Alexstarfire on 3/7/2011 11:24:30 PM , Rating: 2
Apparently I remembered wrong and that was for Android. Though, when searching for that information I did come across this,

Recent? No, but it was at one point.

RE: Googles done decently
By Murst on 3/7/2011 5:03:05 PM , Rating: 2
Google and Apple are in much the same boat when it comes to malware apps.

Sorry, but that's not very accurate. iOS and WP7 do not allow apps to truly multitask. The threat of malware running on your phone is greatly lower if the code cannot be executing in the background.

Multitasking is great and I think both iOS and WP7 will eventually have it, but the lack of it does provide a layer of protection against malware.

RE: Googles done decently
By tayb on 3/7/2011 8:36:08 PM , Rating: 2
iOS and WP7 don't do true multi-tasking but they imitate it well and in my opinion it works better for the end user than what Android offers. I'm constantly killing tasks on my Droid X because it doesn't automatically cut them well enough. If I wasn't managing my tasks my battery life would suck. iOS and WP7 take that task management away from you. Some like that, some don't.

RE: Googles done decently
By tayb on 3/7/2011 8:26:57 PM , Rating: 2
First, I cannot ever remember a scenario where Apple downloaded and installed updates on any of my products without me explicitly saying "Yes, I agree, do this." It prompts me to agree to an action before it downloads and then AGAIN before it installs. This does NOT happen and you know it.

Second, yes I am 100% implying that Google having the ability to remotely install applications on my phone is a BAD thing. A much better solution would have been to attach the application to the email they sent out. I don't like the idea of Google (or anyone) having the ability to remotely delete or install ANYTHING on my phone. So, YES, the fact that Google has this power is a bad thing.

Third, Google and Apple are not in the same boat when it comes to malware apps. Apple has some 20 times as many applications in the App Store and I have yet to see a news article alerting us all about 250,000 iPhone users being infected with malware from a malicious app. When you consider the install base of each OS and the amount of apps for each respective device it becomes pretty clear which eco-system is safer regardless of which company is more "open" when flaws are found.

RE: Googles done decently
By sprockkets on 3/7/2011 8:45:40 PM , Rating: 2
All of you are really stupid: Google removed the malicious app by installing an update to the apps on the phone - that apparently according to the article how the kill switch works.

Apple has a kill switch too (which says something about their app approval process), so stop the incessant whining.

RE: Googles done decently
By NAVAIR on 3/7/2011 9:33:22 PM , Rating: 2
Both iOS and Android are Unix/Linux or Nix OSes they do the same thing. The big difference in buying an iPhone is; its like buying a computer and not getting the Root or Administrator logon. In order to install software on the iPhone, you have to let Apple do it through 'their' App Store. Apple is the only one that has admin rights unless you Jailbreak the phone, which kills the security and OS updates. Android, as I understand it, gives the user full rights to do what ever he wants on the phone without resorting to hacks. With the Apple iPhone, you give up your freedom for security(, much like the "Patriot Act.") Android with all of its freedom leaves a careless user exposed much like a careless PC user pointing and clicking on everything he sees on the internet (ie, yes, ok, install, open, are you sure,) bypassing all the security built in to the latest versions of Windows. Enterprise environments will not let a Windows user use the machine under a Admin logon mainly for security purposes, although they want to keep the unauthorized apps off the box as well. That is why you cannot "use" as root in Unix and Linux; you logon as root to handle installs and maintenance and then go back as a regular user to 'use' the box. iPhones are "relatively" safer while sacrificing freedom to Steve and Android is much more customizable to the user sacrificing safety in some regards for freedom. Apple through its App Submission Process "vets" the applications for safety before authorizing them and to make sure Steve gets his 30 percent.

As a side note: for all you OSX haters, OSX is a highly customized mixture of open BSD and NEXT OS called Darwin. OSX itself can be thought of as the GUI like Gnome or KDE in Linux. All the Linux BASH commands work. I use Unix, Linux, Windows and OSX; I prefer the rock solid stability of the Unix OS foundation. I compute on OSX now and game on a separate Windows box. On my Macbook Pro, Nvidia GPU, I get almost twice the frame rates under a Windows 7 bootcamp install for Steam games as I do under OSX. For all the Mac users talking about Mac's superior graphics technology, the 3D display drivers suck under OSX. I am not sure if its poor Nvidia driver code since I do not have a ATI GPU to compare it against.

RE: Googles done decently
By themaster08 on 3/7/2011 3:43:09 PM , Rating: 2
Imagine that.... Google being able to install software on your phone via an update.

There's always downsides to open platforms, just as there is with closed. However, that's already happened. What matters now is the response of the company responsible, and Google thus far have handled this quite well.

RE: Googles done decently
By Tony Swash on 3/7/2011 4:51:52 PM , Rating: 1
Imagine that.... Google being able to install software on your phone via an update.

There's always downsides to open platforms, just as there is with closed. However, that's already happened. What matters now is the response of the company responsible, and Google thus far have handled this quite well.

Honest question. Why don't Google push system upgrades the same way?

RE: Googles done decently
By dubldwn on 3/7/2011 5:06:31 PM , Rating: 2
Because who uses vanilla android?

RE: Googles done decently
By erple2 on 3/8/2011 1:46:40 PM , Rating: 2
That is the multi bajillion dollar question, and ultimately why there are so many Android Phones in the US. It's the Carriers that have been granted substantial say in what goes on the phones they sell (subsidized, at least).

Apple managed (somehow) to stop AT&T from installing all sorts of useless, money draining (Who the hell uses the AT&T Navigation that you have to pay a monthly fee for, when each Android comes with the free Google Nav???) apps on the iPhone. I'm sure there were a lot of negotiations AT&T and Apple had to go through before the iPhone hit the wild, ironing that part out was one of them.

Ultimately, it's because of agreements between Google and the Carriers. I'm sure that T-Mobile isn't making the mad post-sales money with the Nexus S that AT&T or Verizon is making with their Galaxy S phones. All of the carriers have to protect their margins...

RE: Googles done decently
By lawrance on 3/7/2011 4:51:44 PM , Rating: 2
Actually Apple does have the capability to do remote wipeouts of malicious software. They've just never had to use it. Google has had to use theirs a few times already.

You did bring up an interesting point about google not updating their OS though. It's because they only make the original OS... the handset makers then throw in some customizations and pass it off to the carries who add even more customizations! At this point... it's out of Googles hands and is up to the carrier/handset maker to agree to spend their time and money updating outdated phones when really... they would much rather just sell you a new one with a new two year contract!

RE: Googles done decently
By Alexstarfire on 3/7/2011 11:31:04 PM , Rating: 2
Actually, I'm pretty sure Apple has used it. Though, IIRC it wasn't for malicious apps it was for those apps that charged an arm and a leg but did nothing. I remember there being quite a few of those when the platform first premiered. There are still some now since they can slip through because they aren't malware, though they aren't usually around long.

RE: Googles done decently
By SPOOFE on 3/8/2011 12:54:03 AM , Rating: 2
Actually Apple does have the capability to do remote wipeouts of malicious software. They've just never had to use it.

Until recently nobody made malware for the iPhone because nobody could figure out how to make AT&T worse than it already is... :D

RE: Googles done decently
By Conner on 3/7/2011 2:32:18 PM , Rating: 2
Either way, I would guess it's gotta give a black mark on the pair for enterprise adoption (no personal Idea of how that stuff works). As Microsoft showed with windows that in order to win with market share, enterprise is key. With all the publicized ios adoption with FAA FDA and schools and business, I think if Google doesn't do something fast they'll turn out like Apple in the 90's. Only used by a small niche of zealots. And to Google's disadvantage ios devices don't have an Apple tax.

"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein
Related Articles

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki