Androids Hijacked by Innocent-Looking Apps - The UpStream

Androids Hijacked by Innocent-Looking Apps

posted Friday Mar 4, 2011 by Scott Ertz

Androids Hijacked by Innocent-Looking Apps

We've talked in the past about the benefits and issues from Android's lack of approval process for apps. This week, the fears we had about the process came true when Google was forced to remove 50+ apps from the Android Marketplace for containing malware. Yes, there are now distributed viruses and bots for Android.

While other OS developers have known that anytime data can be installed to a device from outside the developer's direct control there can and will be malware, Google seemed to think that they were above it. Microsoft doesn't include a web browser on their Xbox 360 console just for this reason. Google, however, was brought kicking and screaming into the real world when as many as 200,000 devices became infected with DroidDream, a rootkit malware, installed through these apps.

To find out what happened and how Google responded, hit the break.

Google, once informed about the issue, "suspended" these apps from the marketplace. Suspension suggests that they will eventually be reinstated after some sort of investigation process. It also suggests that the apps were not removed from the infected devices. In fairness, it is probably now impossible for the apps to be remotely wiped since the devices have been rooted.

What's all the fuss about? Well, DroidDream roots the device, which gives the developer complete access to your phone. It immediately takes your IMEI, model number, partner (service provider), language, country, userID and more and sends it to a remote server. After the offenders have this information, they proceed to download new code to your phone. At that point, they could have it acting like and normal computer bot - sending spam, attacking other devices, etc. Working off of a wireless device, however, makes it harder to track and harder to fix without a complete system restore.

It would appear now that Apple may have had the right idea with their rigorous testing process, as much as that pains me to say. What do you think? Is this the first of many malware attacks through the Marketplace or will Google start testing apps before publishing them? Let us know below.


Login to CommentWhat You're Saying

posted Sunday Mar 6, 2011 by kylepaddock

Have you heard about all of the Malware on the the Macs and iOS.

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats