Google Uses Kill-Switch to Address Malware at Android Market
Google just outlined four steps it's taking to prevent malicious attacks at the Android Market as well as measures implemented to secure smartphones recently affected by a malware outbreak at the online mobile app store. Last week about about 50 applications at the Android Market were hacked with malware, and Google acted quickly to pull them from the online storefront. Still, some 260,000 downloads were infected by the malware before Google could remedy the situation. The news of the malware attack at the Market Place comes at a time when Android is increasing market share in the mobile operating system race, most recently edging out rivals iOs and the BlackBerry OS for the month of January, according to Nielsen Wire.
In the aftermath of last week's attack, Google (NASDAQ: GOOG) is moving beyond removal of the compromised apps to address the situation. In addition to suspending the associated developer accounts and relaying the incident to law enforcement, Google is remotely erasing the malicious apps from affected smartphones. "This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications," writes Rich Cannings, of the Google security team, at the Google Mobile Blog.
The third thing Google is doing involves pushing an Android Market security update to compromised devices "that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices," according to the blog post. Owners of handsets that have been infected by the malware will receive an email from firstname.lastname@example.org along with a notification on their device that Android Market Security Tool March 2011 has been installed. Finally, Google said it is "adding a number of measures to help prevent additional malicious applications using similar exploits" from being distributed through Android Market and "are working with our partners to provide the fix for the underlying security issues." While some posts at the blog applauded Google's swift action plan, others were more critical. Some critics think Google is lacking a system in which developers can provide immediate feedback or sound an alarm. "You became aware because someone had a contact inside Google who alerted to right people. According to one of the developers of the hijacked applications, he had tried for almost a week to get in contact with someone through the normal channels to correct the situation....surely you should be able to pick up a distress call from a developer within hours instead of a week," writes one commenter.