We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.
According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).
However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.
To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.
For more details, please visit the Android Market Help Center.
The Android Market Team
We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.
quote: Google has actually done a pretty good job getting things under control, and the email to affected users is a nice touch. I'm blmaining this more on the makers of the phones then on google.
quote: Interesting that Google can install stuff on your phone without your permission and without you knowing about it. A bit creepy. And apparently they can't do the same for OS upgrades. Shame :)I wish Apple were open like this ;)
quote: Surely you know that Apple "installs stuff" on your computer, right? It's called automatic updates. It does them for iTunes, OS X, etc.Apple just hasn't gotten around to implementing the feature in iOS yet.And I'm sure you didn't mean to imply that installing a removal tool for rootkit malware was BAD thing, right?Google and Apple are in much the same boat when it comes to malware apps. Some will sure slip through the cracks. But the difference with Google is that the company is more vocal and transparent about its security flaws, while Apple remains silent on these kinds of issues...
quote: Fact alert!!!!Look away now if facts offend.Even if you have download updates automatically turned on in MacOSX you always have to give explicit permission for it to install.
quote: No malware like the Android crap has appeared on iOS (except for jailbreakers)
quote: Systems that check for malware in advance of distribution are never perfect but are always safer than systems that don't check for malware in advance of distribution.
quote: I have an HTC EVO and it requires my permission to install updates.quote:No malware like the Android crap has appeared on iOS (except for jailbreakers)I doubt that.Lack of proof is not proof in and of itself that something doesn't exist.Apple's screen eliminates *obvious* malware, but more subtle malware using string obfuscation, no internal APIs, no core system calls, and remote post-mortem activation would pass through scott-free. See white papers from recent Black Hat conventions, Tony.The thing is, Apple eliminates dumb malware. The smart ones you'd never hear about.quote:Systems that check for malware in advance of distribution are never perfect but are always safer than systems that don't check for malware in advance of distribution.Google checks its apps pre-approval, just not to the extent Apple tests them. It's misleading to suggest it doesn't screen, though, if that's what you're trying to say.
quote: Lack of proof is not proof in and of itself that something doesn't exist.
quote: Apple's screen eliminates *obvious* malware, but more subtle malware using string obfuscation, no internal APIs, no core system calls, and remote post-mortem activation would pass through scott-free. See white papers from recent Black Hat conventions, Tony.The thing is, Apple eliminates dumb malware. The smart ones you'd never hear about.
quote: Google and Apple are in much the same boat when it comes to malware apps.
quote: Imagine that.... Google being able to install software on your phone via an update.There's always downsides to open platforms, just as there is with closed. However, that's already happened. What matters now is the response of the company responsible, and Google thus far have handled this quite well.
quote: Actually Apple does have the capability to do remote wipeouts of malicious software. They've just never had to use it.