Google has moved to shore up Android Market defences after over 50 malicious apps sneaked their way onto the app store.
The apps, which Google subsequently took down, were able to steal device details and could even download extra code, installing extra malware designed to take even more data from users, reports indicated.
It was feared between 50,000 and 200,000 users had downloaded the rogue apps, featuring a piece of malware known as DroidDream, according to the Android Police website.
Google remotely removed the malicious applications from affected devices and an Android Market security update has been issued for all affected devices.
This will undo the exploits that could have allowed hackers to gain additional data from affected devices.
Google said it believed only IMEI/IMSI unique codes could have been accessed by the perpetrators, but admitted other data could have gone missing.
“We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues,” said Rich Cannings, Android security lead, in a blog post.
“Security is a priority for the Android team, and we’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future.”
The DroidDream affair will do nothing to allay fears that app stores could potentially be a security time bomb waiting to explode.
This article originally appeared at itpro.co.uk
Copyright © ITPro, Dennis Publishing
Issue: 340 | July 2015