Google has announced plans to implement new security features in order to strengthen the defenses of the Android Market following the appearance of a Trojan horse, DroidDream, targeting devices running the company’s Android mobile operating system.

In a post on Google’s official Android blog, Rich Cannings, the Android Security Lead, said that Google has removed malicious applications from the Android Market, suspended the accounts of developers associated with these applications, and contacted law enforcement. The company has also used a security feature that remotely removes malicious applications from affected devices.

Google plans to push a security update to all infected devices. The update, “Android Market Security Tool March 2011” will undo the exploit that led to the attack, and prevent attackers from gaining access to any further information. Owners of affected devices should receive an email from Google’s support staff, notifying them that they were indeed infected and that the new security update has been applied.

In his post, Cannings also promised a number of less-specific measures to prevent similar occurrences in the future and to provide a fix for the specific, underlying security weaknesses that led to this in the first place.

Security experts have long predicted a wake-up call for mobile security, as powerful, late model smart phones become ubiquitous. In particular, the DroidDream Trojan horse, which was designed to monetize infected mobile phones, underscored weaknesses in Google’s loosely monitored application Marketplace.

Writing in his blog post, Cannings said that security is a priority for the Android team. “We’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future,” he wrote.

Categories: Malware, Social Engineering, Vulnerabilities, Web Security

Comments (2)

  1. Anonymous
    1

    With all the BILLIONS of $ profits that Google generates one would think that security would be woven into an ecosystem like the Android Marketplace. The fact that it takes an event like a major incident for this to get attention is completely unacceptable on any level. What was the “Android Security Lead” actually doing prior to this wake up call?

  2. Mirco Rohr
    2

    Can we really accept an remote application removal tool ?

    I have also read those articles from google and my first thought was that this is a very good decision. Why ? Because these apps leverage an exploit to access data.

    But hold on a second – what are they doing – they have removed the application from the device. This is against my privacy rights and this is also for me an unacceptable intrusion on my device.

    I am aware that a strategy of revoking the application certificate has the same effect: the application is not working anymore.

    But for me this is a huge difference, whether the vendor will de-install an app or just blocking the execution of it.

    The reason is fairly simple: If they mingle activly on my device, what else do they do on it ?

    What about my data, contacts, mail etc. ?

    What about my privacy rights ? Who will pay for the damage if something goes wrong ? Will they start deleting other files (copy right protection).

    Will they use the complete android family (Smartphones; Tab PC; TV (Android on Sony and Samsung) in future.

     

Comments are closed.