Google has confirmed that malware-infected apps were remotely removed from Android mobile handsets on Saturday night. The malware was initially detected in 21 free apps, which were removed from the Android Market on 2 March 2011. However, it later emerged that around 58 apps were infected, and had been downloaded to over 260,000 smartphones, prompting Google to take action remotely.
In an official blog post, Google revealed the built-in kill switch security feature had been used to remotely remove the affected apps. Android security spokesman Rich Canning also reassured customers:
"We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from firstname.lastname@example.org over the next 72 hours."
Built-in kill switch
Google has been including a built-in kill switch in Android phones since 2008, intended for use in an emergency. It has only been used to remotely remove an app once before, in June 2010, although there have been several Android app security scares in the meantime.
The malware is a Trojan known as DroidDream, using a root exploit labelled "rageagainstthecage". The apps were all free, and created by Myournet. Google was quick to reassure very little information had been accessed; however, the Android Police blog divulged "there's another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that's all child's play; the true pi