06
Mar
android_soldier

Google continues to be admirably quick to react to DroidDream, the nasty Android Trojan we helped uncover on Tuesday. After removing the offending apps from the Market in just a few minutes of finding out about them, a new post on the Google Mobile Blog reveals that they're now ready to take further steps.

Update: The tool Google is using to bulldoze DroidDream malware off your phone has surfaced in the Android Market: Android Market Security Tool. From the app's description:

"There is no need to download and install this application on your own.

This is an Android Market security update that undoes exploits caused by the malicious applications that were removed from Android Market on 03/01/2011. Only some users were affected. Those users will receive an email notification that states this update will be automatically pushed to their devices. This app will be removed automatically after it has completed running."

First, as expected, they plan to remotely wipe the apps from affected users using the "remote application removal feature." Next, they're rolling out an update to infected devices that "undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices." These affected users will receive an email from Google notifying them that they are infected, and the update - "Android Market Security Tool March 2011" - will automatically be installed. Finally, they're taking steps with the Market to prevent something like this happening again, as well as working with their "partners" (manufacturers and/or carriers, I'd assume) to patch the security issue.

We've pinged the Google Mobile team to ask for clarification on the last two points, although it's doubtful we'll hear anything back. If we do, we'll be sure to update the post.

[Source: Google Mobile Blog]

Aaron Gingrich
Aaron is a geek who has always had a passion for technology. When not working or writing, he can be found spending time with his family, playing a game, or watching a movie.

  • ari-free

    I wonder if the amazon appstore will be able to remotely take out bad apps that have evaded their approval regime.

  • http://trueacu.com acupunc

    "We’ve pinged the Google Mobile team to ask for clarification on the last two points, although it’s doubtful we’ll hear anything back."

    I'm glade to see someone asking them the right questions! Keep on 'em!

  • http://lavadip.com HRJ

    While it is great to hear that Google has reacted quickly to these issues, I fear that the discovered applications might be just the tip of the ice-berg.
    1. There could be many publicly-unknown exploits still present in any given Android version.
    2. There could be many apps still out there or apps being newly uploaded that use these exploits. Such apps might even be original (that is not copied packages) with a malicious payload.
    It's a scary thought!

    • Zigmar

      Zero-day exploits exist everywhere, even on walled garden enviroments like iOS/W7 and nuclear power plants. There is nothing can be done about it. Even in enviroments where apps pass an appoval process, they won't be able to detect an unknown exploit if it is hidden well enough, which won't be too difficult, as it is much easier to hide something you won't be looking for.

  • http://www.bankscabinets.com Cody

    This is good info to know. I'm glad I don't have this on my phone. Its awesome to know that google is on top of things and fixing the exploit fast. This site rocks for always keeping the android users updated!

  • http://mindmirror007.blogspot.com/p/home.html alchemist007

    At this point in time, I really don't give damn about what they did! It is too little too late! What were they doing since they fixed the exploit in 2.2.2 until now? At times, their policies are really crappy!

    • Davros62

      Hi Alchemist,

      They patched the code and pushed it to their own phones.

      The way it works is Google patch the source tree and in most cases it is up to the OEM's/carriers to push those patches to their devices. A process Google have little control over, as each vendor builds their port from source and carriers insist on pre-testing and approving each update.

      Only Google branded phones in the Nexus range can be sure of immediate updates.

      On the other hand, for those vendors to include the Gogole Apps and Market in their builds, they supposedly have to sign a 'with Google' license agrrement, so I would think it would be feasible for Google to try and lock in some SLA's for timely patch deployment into the contract.

  • Lee

    App developers should pay a fee to have their apps put into the market. This fee should go towards analyzing the behavior of the app for malicious code and behaviour. Really though if Android Market makes google enough money this should be done for free.

    They should also modularize advertisement. This way an application itself doesn't need device information or internet access, only the advertisement module. Same with any score keeping modules. The less direct access an app needs to your system and the internet the better.

    • baley

      @Lee accessing the market is NOT free. Its not much, but its not for free.

  • Bellanda

    I did a "factory data reset" of my samsung galaxy s after hearing about the problem a few days ago (my phone had been acting "strange" (screen captures of my mobile's home page triggered on their own even though I never put this capability on my phone, unable to make/receive calls for short periods of time, etc).

    Sorry, I am far from a pro when it comes to all of this... but should I still be seeing com.sec.android.providers.downloads and com.sec.android.app.screencapture under my Settings/Applications/Manage Applications/All after a factory data reset? (all looks normal in the Settings/Applications/Running Services now.)

    I was a bit freaked out by all of this and have been afraid to add anything on my mobile which involves passwords until I am sure it is safe (having changed all of them). I'd appreciate any help I could get. Thanks!

    • Charled

      I had the same thing happen to my galaxy s, however I dont recall downloading such app whom had the malware. My device my wife's evo were hacked.... Hackers were able to use the wifi on the phones to access my wireless home network accessing everything via remote access stealing everything, rebooting helps but only way to completely rid the code is take device to ur phone carrier and have flashed n factory reset from cd-rom, they say its not needed but I just went thru a week of hell so I would make sure u do so.... just advice

  • AKBMobile

    My question, and maybe a furture article idea;

    Did *any* Android AV software which claims to offer AV ssecurity catch, block, or otherwise protect user devices against the recent DroidDream Trojan?

    Not trolling, just a huge Android Nerd who would like more info on this.

  • Bellanda

    My AV soft didn't detect anything going on when I found the download manger in my running services, as well as the com.android.providers.downloadsmanager (thanks to Android Police going public with it)
    I'm rather new at all of this, so you might want to confirm but from what I have read, I think DroidDream caught most off guard (however they seem to be catching up now with soft that can detect it)

    • charles

      Android security/anti-spyware does not work.

  • Icaro Kalleu

    I want to know a thing, I’m from Brazil, if I’ve downloaded one of this apps made by myournet or those other ones, from the internet “PC” as .apk I’ll receive this e-mail with this update “android market security tool march 2011″???? I think i’ve downloaded the app “spider-man” by myournet!!! but I think I downloaded that by internet in my PC!!!

  • benro

    Awesome, the free market speaks. I don't see why any sort of regulation is necessary. Developers and other business/industry leaders need no oversight. Users should be smarter, decompiling their own code, monitoring their own network use and creating their own complex solutions.

    And here is the obligatory closing /sarcasm tag.

  • janette

    Please help me my phone is definitely got this virus its been downloading updating and using a lot of my background and Ive tried everything I know to remove it!! Plz help

    • charles

      Forgot to mention change all passwrds bank cards or anything u have used with ur device

  • charles

    I went thru same thing a week of hell my home network was also attack via the wifi on device since was on a home network. Only thing to completely the rid the problem is to have your phone carrier repair shop flash the phone and do factory reset from cd-rom NOT from the phone itself... if they tell u it's not needed that's bs I just went thru it.