Android Market Malware Apps Root Phones and Send Your Details to Hackers

Oh noes!!

Google has had to strip 21 applications from the Android Market after it was discovered that the apps secretly installed malware. Ooopsy!

The apps seem to have included pirated and renamed versions of legit Android software that had been modified to include the malware and then offered for free on the Market. Those 21 programs clocked up more than 50,000 downloads over the course of about four days.

The nasty little freebies sent personal details, including the phone’s unique IMEI number, to a US-based server. Even more malicious is the fact that they also exploited security flaws to root the phone, and install a backdoor application that allows further software to be installed to the handsets.

Obviously Google has killed off these malware packed apps the rooting and backdoor means that the anyone who has run one of the malicious programs should reset their phone to stock conditions and clean it up and get rid of the nastiness.

The flaw used to root the operating system was fixed in Android 2.2.2 and 2.3, so users of those versions should be able to get away with simply removing the applications. The programs were all put on the Android Market by Myournet; which has also been removed from the Market.

A full list of the 21 programs can be found at Android Police, who originally reported the issue.

This shows that Apple’s aggressive protection of its App Store kinda makes sense as Google’s Android Market is a free-for-all and almost anything goes. Google can remove applications that are found to be actively harmful, as it has done here, but this action tends to be reactive, not proactive. The Android Market Developer Agreement does prohibit this kind of application but Google obviously took no steps to ensure that applications abide by this rule prior to publication.

Now that Android is a major smartphone player which is estimated to be outselling the iOS – do you think it’s time that Google tightened up its rules or do you think that would be a move away from the platforms openness and flexibility?

Let me know below 🙂

Enhanced by Zemanta