Google Uses Kill-Switch to Address Malware at Android Market

Google just outlined four steps it's taking to prevent malicious attacks at the Android Market as well as measures implemented to secure smartphones recently affected by a malware outbreak at the online mobile app store.

Last week about about 50 applications at the Android Market were hacked with malware, and Google acted quickly to pull them from the online storefront. Still, some 260,000 downloads were infected by the malware before Google could remedy the situation.

The news of the malware attack at the Market Place comes at a time when Android is increasing market share in the mobile operating system race, most recently edging out rivals iOs and the BlackBerry OS for the month of January, according to Nielsen Wire.

In the aftermath of last week's attack, Google (NASDAQ: GOOG) is moving beyond removal of the compromised apps to address the situation. In addition to suspending the associated developer accounts and relaying the incident to law enforcement, Google is remotely erasing the malicious apps from affected smartphones.

"This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications," writes Rich Cannings, of the Google security team, at the Google Mobile Blog.

The third thing Google is doing involves pushing an Android Market security update to compromised devices "that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices," according to the blog post.

Owners of handsets that have been infected by the malware will receive an email from android-market-support@google.com along with a notification on their device that “Android Market Security Tool March 2011” has been installed.

Finally, Google said it is "adding a number of measures to help prevent additional malicious applications using similar exploits" from being distributed through Android Market and "are working with our partners to provide the fix for the underlying security issues."

While some posts at the blog applauded Google's swift action plan, others were more critical.

Some critics think Google is lacking a system in which developers can provide immediate feedback or sound an alarm.

"You became aware because someone had a contact inside Google who alerted to right people. According to one of the developers of the hijacked applications, he had tried for almost a week to get in contact with someone through the normal channels to correct the situation....surely you should be able to pick up a distress call from a developer within hours instead of a week," writes one commenter.

Android fragmentation part of the smartphone security problem?

Also at issue with Android device owners is the fragmentation of the platform. Google just released the tablet-optimized version called Honeycomb, or Android 3.0, but many smartphones are still running Froyo and Gingerbread, versions 2.2 and 2.3 respectively. Typically, the wireless carriers, as opposed to the smartphone makers or Google, oversee the distribution of mobile platform updates.

"You need to do one of two things in regard to fragmentation: take complete control over updates being pushed to phones, or force manufacturers and carriers to get them out within a reasonable time frame. You cannot let the fragmentation occurring continue. It is simply unacceptable. Not only from a security stand point, but also from the standpoint of easing development for developers and ensuring users have all of the features their handsets can support," writes another commenter.

Currently, about 57.6 percent of Android devices are running version 2.2, followed by 2.1 at 31.4 percent. About 6.3 percent are still on Android 1.6, according to the Android Developers site.

This is a big problem, says Adam Powers, CTO of networking performance and security firm Lancope.

"The vulnerability exploited by the rootkit has been patched in Android v2.3 (Gingerbread) but the problem is that few phone providers have upgraded their users to 2.3... many phones will never be upgraded to 2.3 due to hardware requirements that aren't up to snuff. "From a security perspective this is one of Apple's greatest advantages over Android. Apple's iOS updates are universal and applied to almost all phones at the time of release. Google has almost no control over how its vendors handle smartphone updates," says Powers.

To help prevent rogue apps from affecting the enterprise, he offers tips for mobile IT in his blog post, "First Widespread Malware for Android and How You Can Avoid."


Google, Android, smartphone security, malware, mobile security