Google has announced plans to implement new security features in order to strengthen the defenses of the Android Market following the appearance of a Trojan horse, DroidDream, targeting devices running the company’s Android mobile operating system.
In a post on Google’s official Android blog, Rich Cannings, the Android Security Lead, said that Google has removed malicious applications from the Android Market, suspended the accounts of developers associated with these applications, and contacted law enforcement. The company has also used a security feature that remotely removes malicious applications from affected devices.
Google plans to push a security update to all infected devices. The update, “Android Market Security Tool March 2011” will undo the exploit that led to the attack, and prevent attackers from gaining access to any further information. Owners of affected devices should receive an email from Google’s support staff, notifying them that they were indeed infected and that the new security update has been applied.
In his post, Cannings also promised a number of less-specific measures to prevent similar occurrences in the future and to provide a fix for the specific, underlying security weaknesses that led to this in the first place.
Security experts have long predicted a wake-up call for mobile security, as powerful, late model smart phones become ubiquitous. In particular, the DroidDream Trojan horse, which was designed to monetize infected mobile phones, underscored weaknesses in Google’s loosely monitored application Marketplace.
Writing in his blog post, Cannings said that security is a priority for the Android team. “We’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future,” he wrote.