Last Saturday, Google's Android team has released a statement that last Tuesday evening, the Android team was made aware of a number of malicious applications published to Android Market. Within minutes of becoming aware, Google said it has identified and removed the malicious applications. The applications took advantage of known vulnerabilities which don't affect Android versions 2.2.2 or higher. For affected devices, Google believes that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, the SIM card and the version of Android running on your device).
But given the nature of the exploits, the attacker(s) could access other data, which is why Google has taken a number of steps to protect those who downloaded a malicious application:
- Google removed the malicious applications from Android Market, suspended the associated developer accounts and contacted law enforcement about the attack.
- Google has remotely removed the malicious applications from affected devices. This remote application removal feature is one of many security controls Google can use to help protect users from malicious applications.
- Google is pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.
- Google is now adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with its partners to provide the fix for the underlying security issues.
More details can be found at Android Market Help Center.
Cheers ~ Arne