In an effort to protect end-users from malicious apps on Android devices, Google is not only removing those apps from its app store, called Android Market, but is also removing them remotely from user devices. The Android OS-maker will use its kill switch feature to apps deemed to be malware from Android devices and will also push a security update through Android Market. Affected users will get a notification once the app is removed.
TechCrunch is reporting that 58 malicious apps were identified in Android Market affecting 260,000 users. These malicious apps had root access and Google believes that the only information compromised was the device’s IMEI number or serial number.
Malware could exploit the OS and could potentially hack a user’s contact list, for example, and send it without the end-user knowing or authorizing it to a remote server.
Malware apps on Android is beginning to become more widespread thanks to Google’s more laxed policies surrounding third-party apps. Unlike Apple’s walled garden and curated app store approach, Google is not only more liberal with allowing third-party apps into its storefront, but also gives users the ability to download and install apps through other sources rather than restrict consumers to Google’s own Android Market. This means that anyone can create any app and if a user installs it without knowing it, they can be a target and victim of malware. The only U.S. carrier to restrict apps through Google’s Android Market is AT&T, which would force Android users on AT&T to go through Google’s own app store for all their apps in a similar strategy to Apple’s iOS App Store rules.
Google is taking measures to prevent malware from entering Android Market in the future, but you may still be at risk if you download your app through a third-party source, such as directly from a developer’s website.