Google removed a number of malicious applications from the Android Market last week

Google removed a number of malicious applications from the Android Market last week

Google removed a number of malicious applications from the Android Market last week. The programs exploited a vulnerability in the platform that allows attackers to gain root access and apparently create a backdoor for deploying further malware. In a statement posted on the official Google Mobile blog this weekend by Android security lead Rich Cannings, the company has clarified the situation and described the steps it is taking to address the problem.

In addition to preventing further infection by removing the malicious applications from the Android Market, Google will also be using its remote kill switch to forcibly uninstall the application from infected handsets. The company is also pushing out an update to the Android Market that can reverse the exploit, thus preventing the attackers from using it to cause further damage. Google has already started to send out e-mails to affected users in order to explain the situation.

Although Google can deploy software to undo the damage caused by the malware, the underlying vulnerability that the attackers exploited can't be closed so easily. Google says that the bug is fixed in Android 2.2.2 and later, but there are still a large number of users at risk because their handsets runs a previous version of the operating system. Google is making a patch available, but it's going to be up to the carriers and handset makers to make sure that the patch gets deployed. In light of the mobile industry's poor track record updating Android phones, it's possible that this flaw will continue to be exploitable on a considerable number of handsets.

According to Cannings, the attackers only extracted a unique identifier for each device and didn't go any further, but they could still potentially use the deployed malware for more insidious purposes.

"We believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data, which is why we've taken a number of steps to protect those who downloaded a malicious application," Cannings wrote.

Google also intends to adopt some measures that will block malicious applications with similar behavior from being distributed through the Android Market. Cannings didn't provide any specific details, however, about how that will be accomplished.

Google's response is reasonable, but it's troubling that many users will have to rely on the mobile carriers in order to get critical security updates. The problem reflects a serious weakness in Android's decentralized update model.

Other Business News:Acer aspire 3680 battery,laptop batteries,Hp 484170-001 battery

POST COMMENT

A Collection of Marketplace Sites for Photographers Convert 2 Ev Scam - Convert 2 Ev Review Lead Generation With Image Marketing And Video Marketing Action Weight Loss – Scam or Final Secret to Weight Loss? Beware of Affiliate Marketing Scams Stripped Down Profits Review - Is Stripped Down Profits A Scam? Stock Market Trading Investment Suggestions For Inexperienced Trader Como Lograr Un Crecimiento Muscular Acelerado Scam-Como Lograr Un Crecimiento Muscular Acelerado How to control risk in the share market First Class Recipes Scam Best Ways To Generate Revenue from Email Marketing Targeting an email marketing campaign Setting targets in email marketing