Google Plans To Remotely Kill Rogue Apps in Wake of Android Attack

Google said late on Saturday that it is taking a number of further actions to deal with a spate of malicious Android applications that were posted to both the official Android Market and other third-party Web sites.

The so-called “Droid Dream” attacks took place earlier this week, prompting Google to quickly remove some 58 infected applications from its Android storefront. On Saturday, the company said it was taking several further steps to mitigate the damage.



The biggest action it is taking is to remotely remove the malicious applications from any devices that did manage to download the programs. It’s an option that Google has maintained, but has also reserved for only egregious cases such as these kinds of attacks. It is also pushing a security update to those devices to prevent attackers from gaining any further information from the infected devices.

“This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” Android Security Lead Rich Cannings said in a blog posting. “We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.”

The latest action marks only the second time that Google has used its power to remotely remove applications from a user’s device. The first time it did so was last June, when a proof-of-concept malicious app made it to the Android Market.

Google said it will also e-mail those who are affected and the devices will post a notice saying that “Android Market Security Tool March 2011” has been installed and such users may also see a notification that applications have been removed from their device. Droid Dream worked by attaching malicious code to a number of seemingly useful applications.

Although the infected apps collected some information to identify the device and which versions of the Android software it was running, Google does not believe that any other information, such as personal user data, was compromised. The exploit used vulnerabilities that Google had closed in the most recent releases of Android, including Gingerbread. Only devices running versions of Android prior to version 2.2.2 could be affected, Google said.