Skip to main content

Google Remotely Disinfecting Android Handsets

Last week Google received reports that the Android Market was infested with a number of malicious apps aimed to gather device-specific information. Google said that it quickly performed a sweep across the Android Market just minutes later, confirming and removing the apps that targeted handsets using Android v2.2.1 and lower. Google even suspended the developer accounts associated with the malicious apps.

But Google also performed a task that seemed just as sinister as the evil apps themselves: remotely accessing Android handsets to delete the troublesome malware. "We are remotely removing the malicious applications from affected devices," the company admitted on Saturday. "This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications."

While pointing readers to this article, Google explains that its Remote Application Feature was established in case of an emergency such as this. "A dangerous application could be removed from active circulation in a rapid and scalable manner to prevent further exposure to users," Google states. "While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users’ safety when needed."

In addition to the remote disinfection, Google said that it's pushing an Android Market update to all affected devices that reverses the exploit used by the malicious apps. This should prevent attackers from obtaining additional info. Originally the exploit allowed attackers to collect IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on the device.

"If your device has been affected, you will receive an email from android-market-support@google.com over the next 72 hours," Google warned. "You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email."

Google added that it's including a number of security measures to the Android Market to help prevent additional malicious applications from using similar exploits. It's also working with partners to fix underlying security issues, Google said.