Google issues malware-flushing security update, remotely removes malicious apps

By Adam Rosenberg March 6, 2011

Google hit a bit of a rough patch last week when it was learned that a large number of malware-infected apps were being sold by publisher Myournet on Android Market. The publisher and its products were quickly removed, but the damage had already been done: the 58 removed apps were downloaded roughly 260,000 times before they went away, TechCrunch reports.

Other than the app removal, which happened within minutes of the news hitting the Internet, Google remained relatively quiet on the issue until last night. This was likely to give the internal development team time to engineer a fix, which they have. Android Security Lead Rich Canning laid out the details in an update on the Google Mobile Blog last night.

A security update will be (or likely already has been) pushed to all of those devices that downloaded one or more of the problem apps. Google is sending e-mails out to the security update recipients “over the next 72 hours” to inform them of the mandatory update, which requires no action on the user side. At the same time, Google is also enacting one of its security controls to remotely remove all of the malicious apps from affected devices. If you’ve got one of the problem apps and haven’t removed it yet, it’s going to automatically be done for you. Sometimes, having Big Brother always watching isn’t such a bad thing.

Canning also writes, “We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues,” though exactly what those measures are isn’t detailed.

The malware is believed to have only gathered device-specific information, though it contained code that could have allowed for the download of more potentially harmful data without a user’s knowledge. Devices with Android version 2.2.2 or higher were also not affected, as the malicious software takes advantage of exploits that were only present in earlier versions. That said, if you’re running a “safe” version and do somehow happen to still have one of the affected apps… it might be a good idea to remove it.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…

Mobile

Google is killing off its lightweight YouTube Go app

Three phone screens showing the new Android 12 Go Edition.

Google is killing off its lightweight YouTube Go app, an app designed for phones with low storage and limited access to robust LTE and 5G networks. The company cites improvements to the mainstream YouTube app that rendered this service redundant. The app will remain available for download in the Play Store until August. The app boiled down YouTube to its essentials and stripped away things that weren't necessary like commenting, posting, or creating videos.

"When we launched YouTube Go in 2016, it was designed for viewers in locations where connectivity, data prices, and low-end devices prevented us from delivering the best experience in the main YouTube app. Since then, YouTube has invested in improvements to the main YouTube app that make it perform better in these environments, while also delivering a better user experience which is inclusive of our entire community," the YouTube team said.

Mobile

Google Play Store helps find the apps invading your privacy

Instagram app on the Google Play Store on an Android smartphone.

Google has implemented a feature that requires app makers to disclose what data their apps are taking from users. Starting today, Android users will be able to see specific information about their apps' data collection through the Google Play Store. The data is accessible in the Play Store via the "Data Safety" tab listed in the information section for all apps.

With Google's announcement that the feature's rollout is live, the company notes that not all apps will be showing what privacy data they collect immediately. App makers have until July 20, 2022, to provide the Play Store with privacy information, making the feature something of a gradual rollout. It's likely that apps that take more types of data (like social media apps) will take longer to post the required info due to the sheer number of data points they collect when compared to something simpler such as an offline game.

Mobile

Google launches Switch to Android app to chirping crickets

Switch to Android app displaying Step 2 of 4 for transferring data from iPhone to new Android device.

Google has quietly launched the Switch to Android app on the App Store to the sound of chirping crickets. As reported by TechCrunch, the tech giant rolled out the app on Monday to make it easier for users who want to switch to an Android device, whether they want to try out Android for the first time or they just miss having one of the best Android phones in their hand. It was a quiet launch, so nobody paid any mind to it -- until now.

The Switch to Android website gives you steps on how to copy all the data in your iPhone -- contacts, photos, videos, calendar events, etc. -- and send them to the new Android device of your choice. It also instructs you to turn off iMessage, so you'll be able to see important text messages once you open your new device, and request Apple to transfer a copy of your data from iCloud. The app works in a similar manner to Move to iOS, which Apple launched in 2015 to ease users' transition from Android to iPhone.