How Google Responded To The DroidDream Malware
A couple of days ago, a Redditor lompolo, uncovered something very weird in the Android Market. lompolo discovered that someone has ripped 21 free apps from the market, injected them with malicious codes and uploaded them to the Market again. The malware used a known exploit to root the devices on which the Apps has been installed, and collect device specific details and sends them to a server. The malware is believed to be capable of downloading additional payload to the infected device.
It was later determined that the number of affected apps is greater than the originally believed number of 21. A total of more than 50 apps were later confirmed to have been affected. The scary part was that these 50 apps had been downloaded by an estimated 200,ooo people in a just four days.
After the news of the malware broke, Google responded very quickly. They acknowledged that the malware is indeed real and that it can infect any device running Android prior to version 2.2.2. They also mentioned that the malware collects and sends IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on the infected device to a remote server. No user data were stolen by the malware though according to Google.
The step that Google took was to remove all the infected apps from the market and suspend the accounts of the developers responsible. Google went a step from merely removing the apps and contacted law enforcement agencies.
An obvious question at this point is what happens to the affected users. Fortunately, Android has a built-in remote kill switch. It allows Google to remotely wipe any installed app on an Android device. Google has used the remote kill switch before, and for the second time they deployed it to remove the malicious apps from all Android devices.
The mere removal of the apps is not the end though. Since the malware was installed with root privileges, only removing the app does not remove it completely. To fix it, Google has pushed an update to the Android Market. Google will notify affected user within the next three days of the security update. The security update will undo the damages that the DroidDream malware has caused.
According to Google they are now working with their partners to fix the security issue that the malware exploited. They also mentioned that they are taking steps to ensure that such incidents does not happen again.
At a time when the competition between Android and iOS is so intense, this security incident is sure to affect the image of Android. However, the quick response from Google is also certainly commendable. However, I hope that Google takes some concrete security measures to ensure that it does not happen again in the future.
1. Someone just ripped off 21 popular free apps from the market, injected root exploits into them and republished. 50k-200k downloads combined in 4 days [Reddit]
2. An Update On Android Market Security [Google Mobile Blog]
3. The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor [AndroidPolice]
4. Android Market Security Tool [Android Market]