Google has responded to an Android market malware scare by removing the applications remotely. But Google's incident with malware is only likely to be the beginning as future attacks are certain.
In a blog post, Google's mobile team noted that it discovered a bunch of malware published on the Android Market. "Within minutes of becoming aware" Google removed the apps. These applications took advantage of vulnerabilities that don't affect Android 2.2.2 or higher. The attackers got device specific codes and could have poached data. Google added that it will reverse the damage done remotely too.
Google said it is "adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market." In other words, Google's game of malware Whac-A-Mole has just started. Kaspersky's Roel Schouwenberg said on Zero Day:
Up until now Android malware had only been found in third party marketplaces and web sites. Now, the malicious apps are living in Google’s own garden. This is particularly important because there are quite a few service providers who don’t allow their customers to install non-marketplace applications. In addition, people seem to inherently trust applications that reside in a central repository.
Add it up and Android may wind up having its Microsoft moment when it comes to security. Microsoft was lax, targeted because it had the market share and then became greatly improved with regular patch updates. Overall, I'd rate Microsoft as very good when it comes to security. After years of being pummeled Microsoft got its act together. Microsoft isn't perfect, but has improved dramatically.
- With Pwn2Own looming, Mozilla and Google ship browser patches
- Welcome to the mobile malware mess, we hope you enjoy your stay
Now Google's journey is beginning. This recent Android security issue is likely to be just the start. Now it's possible this Google attack is just a one-off, but that's unlikely. The stakes are too high.
Meanwhile, all the ingredients are there for an ongoing Android security issue. To wit:
- The Android Market is a free for all. A publisher pushed malware armed apps public without any issues. Why? There are no approval processes. Malware authors would have had a tougher time elsewhere.
- Android is the top mobile OS in market share and growing. Malware and market share go together nicely. Hackers need incentives and a big market to target is all they need.
- Google is untested. Sure, Google is good on security elsewhere, but mobile is a new game. With one successful malware attack complete, rest assured others will follow. How will Google prevent these items from hitting the Android Market?
Simply put, Google is quite the honey pot for attackers. Game on.