The bad news is that Google used its kill switch feature to yank Android applications that contained malicious code. The good news is that Google has a kill switch for deleting Android applications that contain malicious code. Google Mobile Blog provided a security update on Saturday that outlined some of the security features of the kill switch that has been used only twice, the last time being on Tuesday.
The kill switch is done remotely and Android users are notified when an application is removed. The only real problem is when the application has been purchased. It is up to the user at that point to go through the process of getting a refund.
On Sunday, Google also pushed an application onto Android phones. It is a security tool that will provide extra protection. There is no need to install the application, but it is in the market as “Android Market Security Tool”.
Google’s first remote uninstall occurred in June 2010, and involved two apps where developers were trying out various functions in violation of the developer’s agreements with Google. Android users downloaded the apps and they did nothing. Since many of the users removed the apps themselves, Google only had to go in and kill the remaining apps that were still on user’s devices.
In the next kill action, 21 malicious apps were killed. In the latest action however, there were only three developers who produced 50 malicious applications. In many of those applications, popular and legitimate applications were modified to include malware and trojans. Between 50,000 and 200,000 users had downloaded the bogus and malicious apps.
On Wednesday, Google removed the apps from the marketplace. On Saturday, Google did the remote uninstall procedure to clear them out of all Android devices.
It all comes down to two things that malicious code will do. First, the developers will ask for far too many permissions. This means that smart phone users need to pay attention to the permissions and ask tough questions. Does a simple game, a book or a calculator need the extensive permissions?
Second, the developers will ask for far too much information from the phones. Particular attention should be paid to two numbers that give up the identity of the subscriber and of the smart phone:
• International Mobile Equipment Identity (IMEI)-this number
• International Mobile Subscriber Identy (IMSI)
Third, A second stage download that has “one or two root exploits will allow the application to root the device. At that point, the malware can grab any data from the device or force it to do just about anything. In other words, if the root exploit is downloaded, then it will be the smart phone equivalent of hacking the home computer.
Droid Community has a list of the 21 apps from March 3, and will give some other forum based information.