Blog Post

Malware Attack Highlights Android Market Security

Google has reportedly pulled more than 50 Android (s goog) apps that were pirated and infected with malware that transmitted information from the apps. The issue, one of the most significant security concerns so far for the Android Market, highlights some of the vulnerabilities of the marketplace, which can be exploited through its openness.

The issue was first raised by a reader at Reddit, who noticed an Android app called Super Guitar Solo was a pirated and repackaged version of Guitar Solo Lite. After inspecting some apps from the publisher of the copied app, Reddit user Lompolo found code, dubbed “DreamDroid,” that roots the user’s device. Android Police, a blog, confirmed Lompolo’s account and found the hidden code gathers as much information as it can and sends it to a server in California. According to blogged accounts, the apps have been downloaded more than 50,000 times. The attack does not appear to affect devices running Android 2.2.2 and above, but that still leaves a lot of devices that may have been infected.

Google reportedly pulled 21 apps from a publisher named myournet last night. Lookout Security said two other publishers, Kingmall2010 and we20090202, that also had apps running the DroidDream malware exploit, were also pulled, bringing the total of infected apps to more than 50. Android Police said Google remotely removed apps from users’ devices though it’s unlikely it removed any code already on the devices. Lookout has a list of the pulled apps here. If you downloaded any of the apps, you might be infected. Lookout Security said it has an update that protects users against DroidDream.

The episode, which Android Police called the ultimate Android Trojan to date, underscores some of the challenges for Google’s mobile app store. Unlike Apple, (S AAPL) Google does not review every app, and only steps in to remove programs after it becomes aware of a violation of its terms of service. The system can lead to app piracy and malware attacks, or in this case, both. That Google appeared to quickly respond is encouraging, but it doesn’t address the existing issues with the store. And with Android now becoming a leading global platform, it could invite even more attacks. We reported on the “Geinimi” Trojan attack back in December, which targeted apps that were sold in Chinese app stores or were side-loaded onto devices. And there have been other attacks in the last year.

Security concerns have not been a major issue yet for Google. But if Android Market develops a reputation as a potential danger zone, it could hamper its growth, especially at a time when it’s growing wildly. Much of the process of reviewing apps has been moved to the users, who must approve a list of application permissions when they download an app, something they often do blindly. As we reported, users should follow some simple steps to protect themselves.

But if this becomes an ongoing concern that requires a heightened level of vigilance, it could be an additional hassle for people downloading apps. Some developers have been asking Google to clean up the market for some time. The latest exploit may prove to be an impetus for more action, but it will require Google to be more proactive and hands-on, which isn’t a role the search giant seems willing to take on. Google has made efforts to address piracy, and recently said it has a team on the look out for violators. But the pressure will be on for the company to step and do more to police its store.

Related content from GigaOM Pro (sub req’d):

3 Responses to “Malware Attack Highlights Android Market Security”

  1. Prasheen Prakash

    It will be difficult for Google to keep tabs on Android Market as their mobile market share is exploding and to keep up the momentum they need to ensure the application ecosystem is thriving as well as truly open. Even if Google manages to police their shop soon there will be dozens of independant stores who might not be as vigilant as Google.

    What Google can do:
    1. Build very strict policies around what is accepted and rejected in the store and monitor each and every application even those through independent stores.
    2. Build in antispyware / antimalware functions into the OS itself to catch naughty apps
    3. Do nothing for now and let 3rd vendors build antispyware / antimalware application.

    I see potential for Antispyware applications for Android.

    Mcafee & Symantec are you listening?

  2. acupunc

    Google can’t afford to be this lax with the Android Market. It will lead to significant negative publicity. They don’t have to be draconian about it but they need to ensure that pirated and virus infested software is very difficult if not impossible to pull off and has sever consequences for the instigators.