Dozens of malicious applications were up for download on the Android market on the 1st of March, each of them being infected with a rootkit virus which is capable of making the device on which they were installed very vulnerable to being hacked. Google responded quickly to this threat and removed the malicious applications from its Android Market just minutes after it was informed of the issue. However, the company had otherwise remained very silent about the details of the incident.
Google has just confirmed that the incident involved a total of 58 such malicious applications being uploaded to the Android Market which were subsequently downloaded by as many as 260,000 Android phones before being finally removed by Google on Tuesday evening. The number of devices on which the user information was compromised appears unnervingly high at the onset, however Google has released a statement saying that they believe that the only information that was available to the hackers was the device specific information, i.e. the phone’s IMEI number, and they say that no user related personal data was transferred. At the given instance when these apps gave hackers root access, the amount of harm caused is relatively negligible and the results could have been much worse for the users.
Starting from tonight, a special function called remote kill will be invoked by Google in order to completely remove these malicious applications from any Android device which might have been affected without requiring any explicit action by the users. Along with this the company is also about to issue a security update for the Android Market to those devices which were infected, and this too will be without requiring user action. All the users who were affected by the problem will also additionally receive email notifications about the progress of the situation.