[LINK] Android apps and kill switch
stephen at melbpc.org.au
stephen at melbpc.org.au
Fri Mar 11 00:56:14 AEDT 2011
Google unleashes 'kill switch' on malicious malware apps March 8, 2011
Remember those 21 malware-infested applications Google removed from its
Android Market last week?
Google now says there were actually 58 malicious apps downloaded to
260,000 Android smartphones, and late Saturday night in the US, Google
remotely turned on its kill switch, which is able to remove those errant
applications from the phones.
The kill switch is actually software thats downloaded onto an Android
smartphone and installed automatically, removing the apps in question
with no user action required.
Googles had this kill switch in place since 2008, and it used the remote
application removal capability for the first time in June, 2010.
Google downplayed the harm caused by these malware apps, assuring users
that none of their personal data has been compromised.
The kill switch is not going to completely fix this problem. TechCrunch
points out that Android devices are still vulnerable because of existing
security holes at the system level, which must be fixed by mobile
carriers and hardware manufacturers.
The problem is made worse by cellular providers sticking with older
versions of Android, unfortunate because the security exploit only
affects Android versions 2.2.1 and older.
The good news is, if an Android phone is running the latest software,
that security hole has already been patched. This post was originally
published on Mashable.com
Google Mobile Blog
An Update on Android Market Security
Saturday, March 5, 2011 | 10:08 PM
On Tuesday evening, the Android team was made aware of a number of
malicious applications published to Android Market. Within minutes of
becoming aware, we identified and removed the malicious applications.
The applications took advantage of known vulnerabilities which dont
affect Android versions 2.2.2 or higher.
For affected devices, we believe that the only information the attacker
(s) were able to gather was device-specific (IMEI/IMSI, unique codes
which are used to identify mobile devices, and the version of Android
running on your device).
But given the nature of the exploits, the attacker(s) could access other
data, which is why weve taken a number of steps to protect those who
downloaded a malicious application:
1. We removed the malicious applications from Android Market, suspended
the associated developer accounts, and contacted law enforcement about
2. We are remotely removing the malicious applications from affected
devices. This remote application removal feature is one of many security
controls the Android team can use to help protect users from malicious
3. We are pushing an Android Market security update to all affected
devices that undoes the exploits to prevent the attacker(s) from
accessing any more information from affected devices. If your device has
been affected, you will receive an email from android-market-
support at google.com over the next 72 hours. You will also receive a
notification on your device that Android Market Security Tool March
2011 has been installed. You may also receive notification(s) on your
device that an application has been removed. You are not required to take
any action from there; the update will automatically undo the exploit.
Within 24 hours of the exploit being undone, you will receive a second
4. We are adding a number of measures to help prevent additional
malicious applications using similar exploits from being distributed
through Android Market and are working with our partners to provide the
fix for the underlying security issues.
For more details, please visit the Android Market Help Center. We always
encourage you to check the list of permissions when installing an
application from Android Market. Security is a priority for the Android
team, and were committed to building new safeguards to help prevent
these kinds of attacks from happening in the future.
Posted by Rich Cannings, Android Security Lead
More information about the Link