Google to boost Android security after attacks

by Stewart Mitchell  |  Tuesday 8 March 2011
Google to boost Android security after attacks

Google has moved to tighten security on its Android platform following last week's widespread malware attacks, but questions remain over Google's response.

As many as 50 pirated applications were posted to the Market app store last week, each containing malware called DroidDream that snooped on phones.

Google was initially tight-lipped over the attacks, but has now confirmed it removed the malware from the Market and zapped it from infected handsets over the airwaves using its “kill switch” tool.

“We are remotely removing the malicious applications from affected devices,” the security lead Rich Cannings said on the company's official Mobile Blog. “This remote application removal feature is one of many security controls the Android team can use to protect users from malicious applications."

With Android facing criticism from end users over the incident, Google said it would review the security processes for flagging infected apps, although it has yet to provide any specifics.

“We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market," Cannings said. "And are working with our partners to provide the fix for the underlying security issues.”

However, the company's claim that it removed the malware “within minutes of becoming aware,” contradicts comments from developers who said they informed Google that infected copies of their apps had been posted to Market more than a week before the company took action.

It may be that the promised new measures include a review of reporting processes for flagging malware, or at least cross-checking reports of cloned apps more carefully to see whether the reported apps contain malware, as well as being pirated.

Google said it thought the malware was only able to steal information about handsets - not users - but admitted that “given the nature of the exploits, the attacker(s) could access other data”.

And amid mounting concern over whether Market's publishing model, which allows developers to post to the app store without moderation, Google warned consumers should be more wary.

“We always encourage you to check the list of permissions when installing an application from Android Market,” Cannings said.

This article originally appeared at pcpro.co.uk

Related Articles

Source: Copyright © PC Pro, Dennis Publishing

See more about:  google  |  boost  |  android  |  security  |  attacks
 
 
Comments: 2
amcmo
8 March 2011
 Again shows Google total lack of thought for it's end customers.

After the problem was widely published they finally do something, however apart from vague promises do nothing to address the root problem.

They mention the ability to remotely remove such programs, yet you and users seem to have no problem with that ability, or the possibility of remote installs by Google without you ever knowing....1984 . From the company that says they do no evil...apart from wifi snooping, installing and removing apps from your phone/tablet, manipulating search engine results.... a browser that secretly spies on you and sends that data to Google...

Their motto should be 'Do all evil'

- and your mag positively gushes over every new Android based product.... As for the browser, instead of raving over Chrome, you should be steering everyone who wants any privacy away from it!


Comment made about the PC & Tech Authority article:
Google to boost Android security after attacks?
Google has moved to tighten security on its Android platform following last week's widespread malware attacks, but questions remain over Google's response.

What do you think? Join the discussion.
.:Cyb3rGlitch:.
8 March 2011
 amcmo, you'd do well to research Google's practises before you form conspiracy theories. Google can remotely remove software, but that doesn't mean they're going to use it maliciously. Until they do, you can't claim that they're evil. Otherwise, you'd have to call Microsoft and Apple evil too, since they can do the same.

As for the "wifi snooping", this was explained several times over. Firstly, they weren't snooping. They were scanning wireless connections to gather their public SSIDs. Why? Because they happen to be a good alternative to GPS, by which you can determine your position by the SSID names being broadcast at your position. They used an off the shelf solution which happened to collect more than just the header information, and when they realised, THEY brought the fact to the public. If they were evil, they'd have kept their mouth shut.

I'm yet to see any proof that Google manipulate search results to their advantage. AFAIK, they're still being investigated, so one cannot yet jump to a conclusion.

Chrome doesn't "spy" on you. I'll give you a run down of data sent:

- Search terms in the omnibar to allow predictive search (optional)
- Any character typed into the omnibar to enable Instant search (optional)
- URLs of pages that return 404s, so that Google can provide a "did you mean" suggestion (optional)
- Your bookmarks, and other data you've elected to be synced (optional and encrypted)
- Crash reports and usage statistics (optional)
"Usage statistics contain aggregated information such as preferences, button clicks, and memory usage. It does not include web page URLs or any personal information. Crash reports contain system information at the time of the crash, and may contain web page URLs or personal information, depending on what was happening at the time of the crash."

Most of these options aren't uncommon on other browsers. You may turn them on/off at will. If you're still worried, you can get a Chrome fork project called Iron Browser instead.
Comments have been disabled for this article.
Most Read Most Discussed
Latest articles on BIT Latest Articles from BIT
Federal Budget 2013: So what are you going to be required to pay?
15 May 2013
Opinion: Want a handy summary of the 2013 federal budget? Here is one by Newcastle accountants ...
Architects: another profession on the list of people using Evernote
10 May 2013
Yes, apparently the hugely popular Evernote note-syncing app is also being used by people who ...
In Brisbane? Setting up a business?
10 May 2013
Too embarrassed to ask even the most basic questions? Here's your chance to find out about ...
Worried about staff losing the office keys?
8 May 2013
Here's an interesting idea: a system which lets you assign a digital office "key" to your ...
Need a LOT more storage?
7 May 2013
Do you have multiple offices or servers? Are your systems requiring so much storage your IT ...

Latest Comments

Powered by Disqus

Latest Poll

Which broadband network do you think is the best choice for Australia?
or View results
The Coalition's.
  19%
 
Labor's.
  63%
 
Screw this I'm going back to smoke signals and string on a can.
  19%
TOTAL VOTES: 1681

Vote now
View previous Polls »
Ads by Google

From our Partners

PC & Tech Authority Downloads