Google Remotely Wipes Malware From Android Handsets

Google moved to terminate the DroidDream malware attacks by invoking its remote removal application tool March 5. This will eliminate the apps from affected Android 2.1 and earlier devices.

Google March 5 remotely removed 58 malicious applications that affected smartphones based on its Android 2.1 operating system and earlier versions-the latest of several steps to blunt the malware.

Google March 1 learned of the suspicious programs, dubbed the DroidDream attacks, and removed them from the Android Markets, suspended the developer accounts responsible for them and contacted police about the software.

The company believes that the developers responsible were only able to grab codes used to identify mobile devices and determine the OS version running on a device.

However, because of the "the nature of the exploits," Google believes the attackers could access other data, so the company used its remote removal application tool to protect those who downloaded a malicious application.

For the DroidDream attack, Google is also pushing an Android Market security update to seal the exploits to prevent the attacker from gleaning any more information from affected devices.

Users whose smartphones have been affected by the malware will get an e-mail from the team over the next 72 hours and also receive a notification on their device that Android Market Security Tool March 2011 has been installed. Some users may also receive notifications on their device that an application has been removed.

Google isn't stopping there either, promised Android Security Lead Rich Cannings, who said his team is adding more measures to prevent malware using similar exploits and is working with its hardware partners to provide the fix for the security issues.

"Security is a priority for the Android team, and we're committed to building new safeguards to help prevent these kinds of attacks from happening in the future," Cannings said.

The attacks manifested this week after Android 2.1 and earlier handsets became infected with the DroidDream Trojan when users downloaded applications titled "Kingmall2010," "we20090202" and "Myournet." The applications swiped device and OS info and uploaded them to a remote server.

Google and Apple frequently remove applications from their mobile application stores for violating terms of service. But Google rarely has cause to invoke its remote removal tool to expunge applications from users' devices, an indication of how serious the Droid Dream attack could have been.

Google first leveraged its remote application removal tool last year to jettison from devices two applications created by a security expert for research purposes.

As an open-source platform, Android is under constant threat of exploitation. This makes shoring up the Android Market and the devices it serves a trickier proposition for Google, which frequently finds itself playing whack-a-mole with security threats.