August 1, 2014

Google's Statement on Recent Malware Incident

In case you missed it, last week there was a rather big stink in the Android Market where a handful of application were found to be malicious. Google swept into action, removing the apps, but only after they learned of the problem. That’s when the Android detractors chimed in with how other approaches to app distribution are superior to the open-ended Market. Another debate that could be had any day.

Google filled us in over the weekend with an official statement on the situation, telling us what they did in days following the findings. Apparently, the exploits only affected phones running older versions of Android, pre-Froyo 2.2. According to Google, the hackers could only yield information such as “device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android”.

Users who have the app(s) on their phone will find that they are being remotely pulled from their device. Google is instituting a remote kill to wipe the apps and are pushing a security update to affected devices to ensure the attackers don’t circle back and glean more from the devices. Should you have downloaded any of these apps, Google should be emailing you, if they have not already done so.

Google also adds they they are “adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market” and claim to be working with partners to fix the security issues.

Be sure to read the full post over on the Google Mobile blog.