Skip to main content

Google Remotely Disinfecting Android Handsets

Last week Google received reports that the Android Market was infested with a number of malicious apps aimed to gather device-specific information. Google said that it quickly performed a sweep across the Android Market just minutes later, confirming and removing the apps that targeted handsets using Android v2.2.1 and lower. Google even suspended the developer accounts associated with the malicious apps.

But Google also performed a task that seemed just as sinister as the evil apps themselves: remotely accessing Android handsets to delete the troublesome malware. "We are remotely removing the malicious applications from affected devices," the company admitted on Saturday. "This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications."

While pointing readers to this article, Google explains that its Remote Application Feature was established in case of an emergency such as this. "A dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users," Google states. "While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed."

In addition to the remote disinfection, Google said that it's pushing an Android Market update to all affected devices that reverses the exploit used by the malicious apps. This should prevent attackers from obtaining additional info. Originally the exploit allowed attackers to collect IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on the device.

"If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours," Google warned. "You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email."

Google added that it's including a number of security measures to the Android Market to help prevent additional malicious applications from using similar exploits. It's also working with partners to fix underlying security issues, Google said.

  • joytech22
    Honestly I don't mind that Google can access my data, I have nothing secretive or illegal to hide.
    Plus in this case it's a good thing they can, and they have a really good strategy against malicious people/apps.
    Reply
  • wino85
    Good work google!!
    Reply
  • irish_adam
    yeah i mean how many users dont know that there apps were malware? if they dont keep up to date with tech news they'd never find out. What they are doing is the only way that you can protect all the users
    Reply
  • So, they are able to push an app to my phone? I don't mind the concept of quickly shutting down an exploit, but what happens when somebody exploits android's built in capacity to push apps to everybody's phone? I hope they have some sort of uber-security measures protecting this functionality. If it ever gets hacked, lol.
    Reply
  • quixilver1
    I'm just glad Nintendo is there to protect us from those evil malicious apps..... oh wait that was the previous article about Nintendo remotely shutting down peoples systems for "non authorized software"
    Reply
  • nebun
    so are you telling me that they can connect to my device without my permission? that's just wrong on so many levels...how about providing the users with a antimalware software, or make it a little more secure like iOS
    Reply
  • Google = Skynet
    Reply
  • TheWhiteRose000
    Cool beans bro.
    :D
    Reply
  • RealityClash
    Although its a bit controversial that they are able to remotly access data on your phone, Im still impressed by how quickly they were able to react to the threat. Personally I think in the future they should just send an email or some other type of message to anyone who has downloaded any of these apps instead of modifying the user's data themselves, just for of the principal. But still, good work Google :)
    Reply
  • charlie_m
    I vehemently disagree with anyone trying to give Google a pass on this. This is very very wrong that google has a complete backdoor into android phones. I want this backdoor closed and I want it closed now!
    Reply