Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Finally Uses Remote Kill Switch On Malware

Posted by timothy on from the you're-going-to-feel-a-little-zapping dept.

Hugh Pickens writes writes "The Google Mobile Team has announced that in addition to removing the 21 malicious applications from Android Market that were downloaded 50,000 times, suspending the associated developer accounts, and contacting law enforcement about the attacks, they are remotely removing the malicious applications from affected devices. 'We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,' wrote the team on their blog. 'For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).' Google's actions come after numerous complaints in tech publications. "Does Google really want its Android Market to gain the reputation of being a cesspool of malware? 'Certainly not,' wrote Nicholas Deleon in TechCrunch. 'But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.'"

8 of 177 comments (clear)

  1. 260,000 infected Android devices by Anonymous Coward · · Score: 5, Informative

    Correction: The malware was downloaded 260,000 times, not 50,000 as initially reported. source

  2. Re:Way to go! by Anonymous Coward · · Score: 5, Insightful

    And the reason for Apple's 'Walled Garden' helps prevent malware for reaching the app store to begin with.

  3. Openness and Archos by tepples · · Score: 5, Informative
    Quoth Nicholas Deleon in TechCrunch:

    But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.

    This might be true with respect to application developers but not hardware manufacturers such as Archos. To remain cost-competitive with iPod touch, Archos devices are missing various input and output components not needed in a portable media player, such as a cellular radio, compass, and GPS. However, because certain versions of Google's Android Compatibility Definition Document (CDD) list these components as requirements, Archos hasn't been able to include the Android Market application with the devices. To access the Market (and not the AppsLib that has a far smaller selection), one needs hacks that Google could cease-and-desist, just like it cease-and-desisted CyanogenMod for including Google applications.

  4. Android is safer than iPhone.. by WarwickRyan · · Score: 5, Insightful

    Angy Birds, for example, collects a heck of a lot of personal information on the iPhone. Why? Because the user isn't warned about it. Their Android application has so far been much cleaner, mostly because Android asks the user to give the app permission to access certain data.

    Link: http://www.observer.com/2010/media/angry-birds-and-other-must-have-apps-collect-more-personal-data-you-think

    1. Re:Android is safer than iPhone.. by Ender_Wiggin · · Score: 5, Informative

      Actually Apple DOES warn you, via the GPS icon in the top menu bar. In Settings, you can disable Location services for any specific app and see if it's accessed your location in the last 24 hours.

    2. Re:Android is safer than iPhone.. by jscotta44 · · Score: 5, Funny

      Please stop using facts to correct Adroid fans. It really confuses them.

  5. Re:GJ GOOGLE by tomhudson · · Score: 5, Funny

    The next time Microsoft releases a patch for a security vulnerability I would like to see this sentiment repeated.

    Okay, next patch Tuesday, someone please make Haven happy and post a "Good job again google. That's why you're on top." post.

  6. within minutes? by Bram+Stolk · · Score: 5, Interesting

    Google:
    Within minutes of becoming aware, we identified and removed the malicious applications.

    But from the comments in the blog post, we can read that:
    This is where the problem is. You became aware because someone had a contact inside Google who alerted to right people.
    According to one of the developers of the hijacked applications, he had tried for almost a week to get in contact with someone through the normal channels to correct the situation.
    I am sorry if I sounds harsh, but Google are a master of data processing, and surely you should be able to pick up a distress call from a developer within hours instead of a week.

    --
    Bram Stolk http://stolk.org/tlctc/