[LINK] Android apps and kill switch

stephen at melbpc.org.au stephen at melbpc.org.au
Fri Mar 11 00:56:14 AEDT 2011

Google unleashes 'kill switch' on malicious malware apps  March 8, 2011

Remember those 21 malware-infested applications Google removed from its 
Android Market last week?

Google now says there were actually 58 malicious apps downloaded to 
260,000 Android smartphones, and late Saturday night in the US, Google 
remotely turned on its kill switch, which is able to remove those errant 
applications from the phones.

The kill switch is actually software that’s downloaded onto an Android 
smartphone and installed automatically, removing the apps in question 
with no user action required.

Google’s had this kill switch in place since 2008, and it used the remote 
application removal capability for the first time in June, 2010.

Google downplayed the harm caused by these malware apps, assuring users 
that none of their personal data has been compromised.

The kill switch is not going to completely fix this problem. TechCrunch 
points out that Android devices are still vulnerable because of existing 
security holes at the system level, which must be fixed by mobile 
carriers and hardware manufacturers. 

The problem is made worse by cellular providers sticking with older 
versions of Android, unfortunate because the security exploit only 
affects Android versions 2.2.1 and older. 

The good news is, if an Android phone is running the latest software, 
that security hole has already been patched. This post was originally 
published on Mashable.com

Google Mobile Blog

An Update on Android Market Security 

Saturday, March 5, 2011 | 10:08 PM 

On Tuesday evening, the Android team was made aware of a number of 
malicious applications published to Android Market. Within minutes of 
becoming aware, we identified and removed the malicious applications. 

The applications took advantage of known vulnerabilities which don’t 
affect Android versions 2.2.2 or higher. 

For affected devices, we believe that the only information the attacker
(s) were able to gather was device-specific (IMEI/IMSI, unique codes 
which are used to identify mobile devices, and the version of Android 
running on your device). 

But given the nature of the exploits, the attacker(s) could access other 
data, which is why we’ve taken a number of steps to protect those who 
downloaded a malicious application:

1. We removed the malicious applications from Android Market, suspended 
the associated developer accounts, and contacted law enforcement about 
the attack.

2. We are remotely removing the malicious applications from affected 
devices. This remote application removal feature is one of many security 
controls the Android team can use to help protect users from malicious 

3. We are pushing an Android Market security update to all affected 
devices that undoes the exploits to prevent the attacker(s) from 
accessing any more information from affected devices. If your device has 
been affected, you will receive an email from android-market-
support at google.com over the next 72 hours. You will also receive a 
notification on your device that “Android Market Security Tool March 
2011” has been installed. You may also receive notification(s) on your 
device that an application has been removed. You are not required to take 
any action from there; the update will automatically undo the exploit. 
Within 24 hours of the exploit being undone, you will receive a second 

4. We are adding a number of measures to help prevent additional 
malicious applications using similar exploits from being distributed 
through Android Market and are working with our partners to provide the 
fix for the underlying security issues.

For more details, please visit the Android Market Help Center. We always 
encourage you to check the list of permissions when installing an 
application from Android Market. Security is a priority for the Android 
team, and we’re committed to building new safeguards to help prevent 
these kinds of attacks from happening in the future.

Posted by Rich Cannings, Android Security Lead



More information about the Link mailing list