Malware Attack Highlights Android Market Security

securityistock_000012154723xsmall

Google has reportedly pulled more than 50 Android apps that were pirated and infected with malware that transmitted information from the apps. The issue, one of the most significant security concerns so far for the Android Market, highlights some of the vulnerabilities of the marketplace, which can be exploited through its openness.

The issue was first raised by a reader at Reddit, who noticed an Android app called Super Guitar Solo was a pirated and repackaged version of Guitar Solo Lite. After inspecting some apps from the publisher of the copied app, Reddit user Lompolo found code, dubbed “DreamDroid,” that roots the user’s device. Android Police, a blog, confirmed Lompolo’s account and found the hidden code gathers as much information as it can and sends it to a server in California. According to blogged accounts, the apps have been downloaded more than 50,000 times. The attack does not appear to affect devices running Android 2.2.2 and above, but that still leaves a lot of devices that may have been infected.

Google reportedly pulled 21 apps from a publisher named myournet last night. Lookout Security said two other publishers, Kingmall2010 and we20090202, that also had apps running the DroidDream malware exploit, were also pulled, bringing the total of infected apps to more than 50. Android Police said Google remotely removed apps from users’ devices though it’s unlikely it removed any code already on the devices. Lookout has a list of the pulled apps here. If you downloaded any of the apps, you might be infected. Lookout Security said it has an update that protects users against DroidDream.

The episode, which Android Police called the ultimate Android Trojan to date, underscores some of the challenges for Google’s mobile app store. Unlike Apple, Google does not review every app, and only steps in to remove programs after it becomes aware of a violation of its terms of service. The system can lead to app piracy and malware attacks, or in this case, both. That Google appeared to quickly respond is encouraging, but it doesn’t address the existing issues with the store. And with Android now becoming a leading global platform, it could invite even more attacks. We reported on the “Geinimi” Trojan attack back in December, which targeted apps that were sold in Chinese app stores or were side-loaded onto devices. And there have been other attacks in the last year.

Security concerns have not been a major issue yet for Google. But if Android Market develops a reputation as a potential danger zone, it could hamper its growth, especially at a time when it’s growing wildly. Much of the process of reviewing apps has been moved to the users, who must approve a list of application permissions when they download an app, something they often do blindly. As we reported, users should follow some simple steps to protect themselves.

But if this becomes an ongoing concern that requires a heightened level of vigilance, it could be an additional hassle for people downloading apps. Some developers have been asking Google to clean up the market for some time. The latest exploit may prove to be an impetus for more action, but it will require Google to be more proactive and hands-on, which isn’t a role the search giant seems willing to take on. Google has made efforts to address piracy, and recently said it has a team on the look out for violators. But the pressure will be on for the company to step and do more to police its store.

Related content from GigaOM Pro (sub req’d):

loading

Comments have been disabled for this post