Google has now confirmed that 58 malicious applications were uploaded to Android Market, and that they were downloaded onto around 260,000 devices before Google removed the apps on Tuesday evening. Although that number sounds quite high, the company believes that only device-specific information, such as the phone’s IMEI number, was compromised — no personal data or account information was transferred or compromised. Given that the apps had full root access, it could have been a whole lot worse, reports TechCrunch.
Originally, the suspect apps were discovered by Reddit user Lompolo who, after some investigation, found that the authors didn't match. He looked at a game which allowed users to play guitar on their handsets, and noticed that although the new version retained the same functionality of the original, it contained the virus code hidden within the application. Lompolo originally found 21 apps, but he was soon surpassed by Android Police who, after an in depth investigation, found a total of over 50.
Starting this evening, Google will launch a special 'remote kill' function to affected handsets, with no user interaction required, Google will also be issuing a fully automated Android Market security update to infected devices that should remove the rootkit (again, no user action will be required). Affected Users will also receive an email, which can be viewed below.
You are receiving this message to inform you of a critical issue affecting your Android Market account.
We recently discovered applications on Android Market that were designed to harm devices. These malicious applications (“malware”) have been removed from Android Market, and the corresponding developer accounts have been closed.
According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).
However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says “Android Market Security Tool March 2011” has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.
To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.
For more details, please visit the Android Market Help Center.
The Android Market Team
TechCrunch also notes: "Unfortunately, while Google can remotely fix affected devices, it can’t automatically patch the security hole that made the exploit possible in the first place. That’s because the hole exists on the system level, so it requires a system upgrade to resolve — and it’s up to the carriers and hardware manufacturers to deploy the fix. Google is issuing a patch and informing its partners that it is urgent, but who knows how long it will take the carriers to push it to users."
Google also says that the exploit was actually already fixed in recent versions of Android, and that it was only affected by version 2.2.1 and lower.
The company also said that it was already taking steps to block malicious apps from reaching the Android Market in the future, with a somewhat vague statement.
We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.
Applications aren't screened manually by a reviewer (nor do Apple), but one can only hope that there will be at least some (better) tools and security checks implemented to prevent such a breach in the future.