Google will build new safeguards into Android Market , its software store for the Android Mobile River OS , follow an attack that infect M of telephone set and thrust the troupe to wipe the malware remotely from earphone , it said former Saturday .
More than 50 applications in the Android Market were found to arrest a program call off DroidDream , which is capable of steal information about a mobile twist and , more dangerously , download other malicious applications to the phone .
Google was fairly soundless about the trouble until Saturday , when itconfirmed in a blog postthat it decide to use a command that remotely erases malicious covering .
Android users that have download a malicious applications programme will get an tocopherol - ring armor within three daylight from the destination android-market-support@google.com explaining the situation , wrote Rich Cannings , Android ’s Security Lead . In summation to wiping malware , Google is also forcing an update on users called “ Android Market Security Tool March 2011 ” which define the protection issues that DroidDream work .
Some exploiter may get a presentment on their machine that a malicious app has been removed , Cannings publish . About a day after the vulnerabilities have been fixed , users will receive a second eastward - mail .
speech sound running Android versions below 2.2.2 are vulnerable . The issues are make in the previous 2.3 edition of Android , fuck as “ Gingerbread . ”
DroidDream uses two exploits call “ exploid ” and “ rageagainstthecage ” to get install on the phone , according to Lookout Mobile Security , a caller that has analyzed DroidDream . The fellowship was tipped off to the billet last week by a Reddit substance abuser going by the name of Lompolo .
Lookout posted a deep analysis of DroidDream on its blog on Sunday , revealing more alarming detail of the program . DroidDream is coded to only operate from 11 p.m. to 8 a.m. , “ a time when the owner of an infected gadget would most likely be sleeping and not notice any strange behaviors on the phone . ”
That information was sent to a outside service located in Fremont , Calif. , according to Lookout .
After institutionalise the data , DroidDream download a system program program call “ DownloadProviderManager.apk , ” which forbid someone from either seeing it or uninstalling it without other special permissions , according to Lookout .
That second level applications programme then compile additional info , including product designation , phone model , language used on the sound , state information and userIDs , Lookout write . It can also silently download other applications .
“ The first form of the malware serve up to gain root access on the gadget while the second phase preponderantly serves to keep a connection to the statement - and - control server to download and instal other files , ” Lookout write . “ Because we have not seen the command - and - ascendance host publication commands to download extra practical app we can not divine their accurate use . However the possibilities are limitless . ”
“ DroidDream could be view a powerful zombie agent that can install any applications silently and action code with theme privileges at will , ” Lookout write .
Google has taken the affect lotion , many of which were licit applications that had been modified with DroidDream , out of the Android market . It banned the publishing company of the corrupt program program and meet law enforcement , it said .
The DroidDream incident notice the first wide - scale plague of Google ’s official Android Market with malware , although there have been anterior instances of tampered applications .
Google does little vetting of the Android Market , saying it want developers to be able to quickly get applications in the manus of user . however , “ security is a priority for the Android team , and we ’re committed to building new safe-conduct to help prevent these kinds of plan of attack from happening in the future , ” Cannings wrote .
