Google has moved to shore up Android Market defences after over 50 malicious apps sneaked their way onto the app store.
The apps, which Google subsequently took down, were able to steal device details and could even download extra code, installing extra malware designed to take even more data from users, reports indicated.
It was feared between 50,000 and 200,000 users had downloaded the rogue apps, featuring a piece of malware known as DroidDream, according to the Android Police website.
Google remotely removed the malicious applications from affected devices and an Android Market security update has been issued for all affected devices.
This will undo the exploits that could have allowed hackers to gain additional data from affected devices.
Google said it believed only IMEI/IMSI unique codes could have been accessed by the perpetrators, but admitted other data could have gone missing.
“We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues,” said Rich Cannings, Android security lead, in a blog post.
“Security is a priority for the Android team, and we’re committed to building new safeguards to help prevent these kinds of attacks from happening in the future.”
The DroidDream affair will do nothing to allay fears that app stores could potentially be a security time bomb waiting to explode.
This article originally appeared at itpro.co.uk
Copyright © ITPro, Dennis Publishing
Issue: 322 | December 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.