Google recently removed a number of apps from the Android Market which were identified as malicious. The apps in question looked like duplicates of popular Android games and other apps — but included code that could steal data from a users’s phone and download additional code to run on your device without your permission. Now Google is going a bit further, by also removing the apps remotely from the phones of users who downloaded the software.
According to Google the exploit used by the malicious software only affected Android 2.2.1 and lower. Devices running newer versions of the mobile operating system should not have been affected.
But it appears the apps in question may have been downloaded hundreds of thousands of times while they were available, which could cause problems for users running older versions of Android. Google says it’s pushing an Android Market security update to affected devices, removing the exploit that was used by the malicious software. The company has also suspended the account of the developer responsible for the apps and contacted law enforcement.
Overall, Google has done a pretty good job of responding to the situation. On the one hand, it’s unlikely that this sort of malicious software ever would have made it through a more supervised app market such as Apple’s iTunes App Store. On the other hand, because Google has the ability to not only remove offending apps, but also to remotely remove bad apps and push security updates to Android devices, the company does have more power to deal with malware than most desktop operating system makers — who can certainly issue security updates if you have “automatic updates” enabled, but can’t necessarily keep you from downloading malicious software by accident by removing it from the internet.
