Home

Share this Story

Google Starts Remotely Removing and Fixing Malicious Malware from Affected Devices

There was a lot of talk last week about security on the Android platform after the DroidDream malware scare, but to help ease all of your minds, Google has released a statement detailing all of the steps they are actively taking to make our mobile world a safer place.  We should point out that anyone running anything less than Android 2.2.2 was susceptible, so please read the 4 steps below carefully to see what you need to be on the look for.

  1. We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
  2. We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.
  3. We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from [email protected] over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.
  4. We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.

And as you can see from our picture above, there is an app in the market that will help remove garbage from affected devices.  You don’t need to download it though; it’s just there so that Google can remotely push it onto devices in need.  More info can be found here.

Via:  Google Mobile Blog

  • Anonymous

    Everyone needs to calm down and stop turning on each other. WTF…. but screw Iphone..

  • http://pulse.yahoo.com/_IDGUZI4TI22VNIG3QKXSKDQWVM Chris

    Prime example of why “open source” also comes with great risk such as this!

  • Anonymous

    Way off topic but did any of you read the review about the XOOM on ARS TECHNICA by this Apple lover Ryan Paul? WOW I couldn’t believe what I was reading and the comments. He made the XOOM seem like a Sony Walkman and he was comparing it to an Ipod…lol. He wrote over 10 pages of his BS opinons. Unbelievable lol. Please read it.

  • Anonymous

    I’m glad I’ve been running Lookout from the beginning. 1st on my OG Droid, and now on my DX. It is a Must-have for any Android phone. It’s at the top of my list. It should be at the top of yours.

  • http://twitter.com/OMFGitsJUSTIN OMFGitsJUSTIN

    Android is officially Windows.

    • John

      go stick your head up steve jobs ass then

      • http://twitter.com/OMFGitsJUSTIN OMFGitsJUSTIN

        Sure thing, I will do that right after we run Norton Antivirus on your mobile device lol.

        His ass is probably cleaner than your bugged up phone :D AHAHAA.

        • John

          sorry. nortons is blocked on my ROM. ohhh that’s right, you wouldn’t know that b/c you can run ROMs on your cute little i*hone toy.

          • http://twitter.com/OMFGitsJUSTIN OMFGitsJUSTIN

            And Norton Antivirus is not spelled Nortons….

            I think you need a dictionary app to correct your failed attempt at a comeback.

          • John

            huh? didn’t spell it nortons?

            it’s ok troll.

        • Brutalsnowman

          please define “bugged up phone”

          Google OS has a virus= they acknowledged it and dealt with the issue
          IOS has a virus = “If you stop holding your phone that way the virus will go away” – Jobs

          • http://twitter.com/OMFGitsJUSTIN OMFGitsJUSTIN

            Funny because they haas yet to happen. Plus if it did, it doesn’t send your data, number ect to some hacker in China.

            Nice comparison but the only thing the iphone can lose is signal strength. Not your identity.

            PLEASE INSERT MORE TOKENS TO TRY AGAIN

      • Anonymous

        the guys entitled to his own opinion

  • DroidzFX

    Hackers/viruses penetrating the Android market was only a matter of time. I do believe Google will have to implement some kind of verification process to ensure apps don’t contain malicious code. Not create regulations of what type of apps are allowed but just ensure they are safe for users. This could also create a way for them to reduce apps from requesting unnecessary permissions.

  • http://twitter.com/megamanfan3 Ken Rogers

    Nice to see Google taking action against malicious software on the Android Market.

  • Jrk1234

    Android blows I’m never going back. Love my iPhone.

    • Anonymous

      correction. You blow, and leave this site…

      • http://pulse.yahoo.com/_IDGUZI4TI22VNIG3QKXSKDQWVM Chris

        wow, you’re really fascinated about people blowing. Perhaps you’re the one who needs to relieve yourself and go blow someone!

    • Bmos

      Then get off of this site

    • Anonymous

      You’re one of those people who booted their android phone and could find your apps, aren’t you?

    • DBK

      Andy thanks you for the blowjob and now wants you to GTFO.

    • Anonymous

      Whats up with all of the TROLLS lately??? And, why do they keep “Liking” themselves? Nobody “”Likes” them, maybe thier momma, but I doubt it :P

      • http://twitter.com/EvanTheGamer EvanTheGamer

        Yes.

        • Anonymous

          Lol Evan, whats up Bro, we need to get rid of these Apple fan boy haters
          lol. Time to put a Ass Whoopin on some TROLLS and I do mean TROLLS LMAO

        • Anonymous

          Sorry, I couldn’t send it earlier
          http://gorgeouscomplexion.com/about.html Enjoy!

    • Anonymous

      i love android but he is entitled to his own opinion just as we are people

      • http://twitter.com/EvanTheGamer EvanTheGamer

        When you come to an Android-specific site, and then bash us for loving Android, and then talks about his so-called iPhone, then this is called a troll. He is not entitled to his own opinion if his intent was to flame us for our own opinion about Android.

        • http://twitter.com/jbernard703 Jeff Bernard

          It is not a “so-called” iPhone, it is actually called the iPhone. He also didn’t bash anyone. He said android blows(opinion) and stated we was never going back. The only ones who feel bashed are those whose identity is tied to a consumer electronic product.

          • http://pulse.yahoo.com/_IDGUZI4TI22VNIG3QKXSKDQWVM Chris

            couldn’t agree more Jeff. Well said!

          • Weazerdogg

            Its still ignorant and immature to go to a website for a specific product and bash that product, knowing most of the people on it think positively of it. Its called being a Troll and the solution is to GROW UP.

    • http://twitter.com/EvanTheGamer EvanTheGamer

      You, sir, are a hungry troll.

  • Mr.Joe

    “and contacted law enforcement about the attack.”

    Can you really arrest someone for this?

    • Timmah

      Oh no, people can just submit virus to the market, steal users info, sell their information or anything else they can think of, and the law won’t do a thing. Psh they won’t even contact the virus maker about it, the law supports stealing peoples information and promotes it!

      /sarcasm

      For Real: Dude your kidding me right?

      • http://profiles.yahoo.com/u/PP2KC2NKYXJ5AUNAJWRZTBRPUA Matty G

        Suspect is described as a rather wide, green skinned individual known only as “Andy” and there is also a warrant out for him for stealing and eating iPhones

    • Anonymous

      i feel like they might try the ‘stealing’ way
      but could also say damaging property maybe?

    • Anonymous

      Um, yes?

  • http://twitter.com/jbernard703 Jeff Bernard

    Personally i think this is a great move. However, where are all the calls of outrage? Imagine if Apple started remotely erasing apps from user’s phones. I thought this was open source and the user had ultlimate freedom and you guys didn’t need Apple babysitting you with their walled garden.

  • http://twitter.com/jbernard703 Jeff Bernard

    Personally i think this is a great move. However, where are all the calls of outrage? Imagine if Apple started remotely erasing apps from user’s phones. I thought this was open source and the user had ultlimate freedom and you guys didn’t need Apple babysitting you with their walled garden.

    • Mr.Joe

      Yeah… People are gonna be really pissed that google isn’t letting them keep an infected application on their phone…

    • Anonymous

      Apple wouldn’t let such obviously malicious apps into its walled garden in the first place.

      There are advantages and disadvantages to the Android and iOS models.

      • Anonymous

        You’re joking, right? Do you think that Apple checks every last piece of code in every single application submitted to the app store? Must be nice living in that fantasy world…

      • jason6g

        http://www.funkyspacemonkey.com/spyphone-ni
        http://blog.trendmicro.com/cybercriminals-make-money-out-of-app-store/
        http://vgable.com/blog/2010/07/21/sneaking-malware-into-the-app-store/
        http://news.cnet.com/8301-27080_3-10446402-245.html

        from a quick google search. apple may be a bit more closed door than google, but they are still far from perfect. i think google’s model is alot nicer, and just like the pc world, if you want open, you have to cover your a** to some degree (or just use common sense which seems to be dying)

        • Anonymous

          Nobody’s perfect, but iOS tends to be better.

          Like you said, the Android model is more open, but you have to cover your ass. There are advantages e.g. “more open”, and disadvantages e.g. “you have to cover your ass”.

          For people like us, Android is the obvious choice. However, I might get an iOS product for my grandmother just because it’s so stupidly easy to use. Sometimes having fewer choices can be a good thing.

    • http://stark23x.tumblr.com JimK

      “nd you guys didn’t need Apple babysitting you with their walled garden. ”

      Which, of course, is not at all what is happening here. Hence your wonderment at a lack of posts complaining about that.

    • http://twitter.com/OMFGitsJUSTIN OMFGitsJUSTIN

      Apple deletes garbage like this before it ever hits the phone. Google’s approach is more sloppy.

      Let the user download the app, waste their time/battery/data on it, let the app attack the phone and steal information, then let’s resolve the issue.

  • Anonymous

    ok no offence and i don’t care but isn’t this definately android life? anyways, its cool google is finally taking action, they really need to fix themselves to half of apples standards….make the round nice high def icons, better graphics and some standards…plus more security and less crap in the market= better than apple…what i mean by that is do we really need 95 thousand puzzle games and 100 thousand regular good games? take out the puzzles! :)

  • Anonymous

    ok no offence and i don’t care but isn’t this definately android life? anyways, its cool google is finally taking action, they really need to fix themselves to half of apples standards….make the round nice high def icons, better graphics and some standards…plus more security and less crap in the market= better than apple…what i mean by that is do we really need 95 thousand puzzle games and 100 thousand regular good games? take out the puzzles! :)

    • Mr.Joe

      Android life is dead. I wish they would just get rid of it…

      Either that or get someone else to take care of it.

      • jason6g

        i think they should get rid of android life as well and just post everything here. the droid brand is a joke as far as verizon is concerned, if its not a droid then its some bing piece of crap. and even if it is a droid, then its going to be loaded with a bunch of crapware anywho

        i like the general news as this is a blog i probably will never stop checking

        • Mr. Joe

          Android life was supposed to be for other android related devices and I believe other things. While Droid Life was for Verizon stuff.

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

          • DBK

            Correct.

            Droid-Life = Droid news, Verizon Android news

            Android-Life = The other carriers’ Android news

  • Rocktoonz

    First off, I’d like to state that I think it’s wonderful that Google is able and willing to help these folks that were affected by this. I’d like to see Microsoft do the same when Windows computers are infected, but I don’t see that ever happening.

    I do have some concerns though….if they can remotely remove apps from my phone without any interaction from me, what else can they remotely do to/with my phone without my knowledge or approval??

  • Rocktoonz

    First off, I’d like to state that I think it’s wonderful that Google is able and willing to help these folks that were affected by this. I’d like to see Microsoft do the same when Windows computers are infected, but I don’t see that ever happening.

    I do have some concerns though….if they can remotely remove apps from my phone without any interaction from me, what else can they remotely do to/with my phone without my knowledge or approval??

    • Mr.Joe

      Comparing this to an attack on MS is COMPLETELY different. First off these apps where obtained from the android marketplace which is google territory. Do you get virus’s from downloading something from Microsoft.com? No. I would hope that Google would help them out considering this all came from THEIR marketplace.

      Besides. Microsoft offers both a firewall and antivirus program which helps in the removal of this stuff so yeah they do help you when your computer is infected. Plus they supply malicious software removal tools every month.

      • Timmah

        +1 for MS

      • jason6g

        i agree with you. microsoft cannot protect the idiots from themselves.

        computers are machines afterall – they do sets of commands for better or worse.

        if you get rid of the lower 10% of users from every technology epidemic, most the problems dont seem as bad.

    • Anonymous

      I think in the end, it all comes down to the company. Google so far, has only used their kill switch to remove viruses from phones. Apple has thus far used it to remove tether apps and iBoobs.

      I don’t like the idea of Google remotely removing apps from my phone, but I suppose at the end of the day it comes down to corporate responsibility. So far, Google has demonstrated itself trustworthy, but we should remain vigilant. It doesn’t take much to become as bad as Apple.

  • Anonymous

    Oh no! It’s the end of the world! Android is evil and Google is going to remove all of your apps!!!!1111oneoneone

    God forbid Google actually acts wisely and doesn’t abuse their power. Google, from all of us sane people here: Thank you.

  • Anonymous

    Oh no! It’s the end of the world! Android is evil and Google is going to remove all of your apps!!!!1111oneoneone

    God forbid Google actually acts wisely and doesn’t abuse their power. Google, from all of us sane people here: Thank you.

    • Rocktoonz

      That’s just it, it’s a power that could be abused, and not necessarily by Google. What happens when someone else figures a way to remotely start manipulating people’s phones for nefarious purposes? Again, I think it’s a great thing that they’re doing removing this for people, but I hate the idea of Google or anyone else having the ability to remotely manipulate my device without my knowledge or permission.

      • Anonymous

        Everything can be abused. There’s a security risk with anything and everything. Might as well put on your tin foil hat and go crawl into the corner of your basement in the fetal position and wait to die.

        • http://iamandroid.co/profile/rocktoonz Rocktoonz

          I’m not necessarily saying that Google would do anything of the sort, because I doubt there would be anything to gain from it by Google. On the other hand, for example, Verizon chould gain that same ability, and decide that, “Oh, look. He has Wireless Hotspot installed, thereby bypassing our paid Wi-Fi Tethering charges. Let’s remove that and install OUR app in its place without his knowledge or permission.” This is something that would greatly concern me as a viable possibility, as they WOULD have something to gain from it.

        • http://iamandroid.co/profile/rocktoonz Rocktoonz

          I’m not necessarily saying that Google would do anything of the sort, because I doubt there would be anything to gain from it by Google. On the other hand, for example, Verizon chould gain that same ability, and decide that, “Oh, look. He has Wireless Hotspot installed, thereby bypassing our paid Wi-Fi Tethering charges. Let’s remove that and install OUR app in its place without his knowledge or permission.” This is something that would greatly concern me as a viable possibility, as they WOULD have something to gain from it.

          • Anonymous

            I’m pretty sure it has been stated that this functionality only applies to market-installed applications. Anything outside of the market can’t be touched. So if you don’t want something removed, get the .apk.

            Someone correct me if I’m mistaken.

          • Anonymous

            thats technically illegal….

          • http://iamandroid.co/profile/rocktoonz Rocktoonz

            I have to believe it’s in a EULA somewhere, making it perfectly legal because you agreed to it.

          • Anonymous

            I’m not sure what you’re saying is illegal. But nothing here is. Removing an app isn’t illegal. Regardless of whether it’s covered in a EULA, that would be a matter for a civil court and not a criminal one. If you were actually referring to tethering through a third party app without paying… well, that would be grounds for a contract termination. Nothing for either a civil or a criminal court.

          • http://iamandroid.co/profile/rocktoonz Rocktoonz

            Actually, I pay Verizon for unlimited data usage, there is nothing stating how I’m allowed to use it, therefore they can’t terminate service for making use of the functionality of the device that they provided me, simply because I’m intelligent enough to find a way to do so without paying extra for it. I’m stealing nothing, and abusing nothing.

          • Timmah

            Good luck with that. Thats like saying I paid for my Windows computer, but I can steal the Windows code because I’m intelligent enough to figure out how to do so. Your stealing something, and abusing the use of the computer.

          • http://iamandroid.co/profile/rocktoonz Rocktoonz

            actually it’s more like hooking up a wireless router to your cable modem and letting more than one computer access it.

          • http://iamandroid.co/profile/rocktoonz Rocktoonz

            and I didn’t steal any code. Android is open-source, and development of apps is encouraged. Downloading them from the market is also perfectly legal.

          • Timmah

            I didn’t say you did. It was an example of what you were basically saying, which is incorrect. Just cause you can do it, doesn’t mean you should.

          • Anonymous

            They’re Verizon. They would find a way. :P

      • Anonymous

        Everything can be abused. There’s a security risk with anything and everything. Might as well put on your tin foil hat and go crawl into the corner of your basement in the fetal position and wait to die.

    • Rocktoonz

      That’s just it, it’s a power that could be abused, and not necessarily by Google. What happens when someone else figures a way to remotely start manipulating people’s phones for nefarious purposes? Again, I think it’s a great thing that they’re doing removing this for people, but I hate the idea of Google or anyone else having the ability to remotely manipulate my device without my knowledge or permission.