October 31, 2014

Google Pulls Malware from Market and Infected Phones

Photo: L. Marie

In quite a scary incident for Android users, an individual unpacked 21 apps from the Android Market, added root exploits, and republished them as new apps. Over the course of four days, the apps were downloaded tens of thousands of times.

Redditor lompolo uncovered the scheme and after posting info, it was picked up by the folks at Android Police, who did two important things. First, they contacted Google. Second, they investigated further and discovered that not only were the infected apps rooting phones and sending all manner of info back to servers in California, they were also able to download and execute new code.

Within five minutes of alerting them, Google had pulled the apps from the Market, and exercised its rarely used ability to remotely remove the apps from the phones of users that had installed them.

Sounds like a great response from Google, but the developer of one of the original apps that had been ripped off says he alerted Google a week ago but got no response:

“I’m the developer of Guitar Solo Lite. I noticed this pirated app a bit more than a week ago (I was receiving crash reports sent from the pirated version of the app). I notified Google about this through all the channels I could think of: DCMA notice, malicious app reporting, Android Market Help…they have yet to respond. Thankfully this was posted on Reddit, since after the post the rogue dev and all his apps have been removed from the market. There really should be a faster/easier way to get Google to act on it!”

Typically, when we’ve heard of Android malware in the past, it’s been associated with non-Market apps, and its appearance in apps in the Android Market could make users more hesitant to download and install apps. Will it have an effect on how you evaluate apps before putting them on your phone?