Google's DroidDream cleanup: FAQ

What users of mobile Android devices should know about the infected apps, Google's clean-up effort, and what happens next.

By Ian Paul, PC World |  Mobile & Wireless, Android, Android Market

Google said anyone with an infected device could expect to hear from by the evening of Tuesday, March 8. The search giant will also install a new security update on your device called "Android Market Security Tool March 2011." The update will automatically undo the exploit.

Wait a second -- Google can remotely wipe data from my device?

Yes, and it's not the first time the company has done this. In June, the company wiped two applications from user's phones that were built by a security researcher. Google said it removed the apps, because the apps "intentionally misrepresented their purpose in order to encourage user downloads."

Google says its ability to remote wipe devices is "one of many security controls the Android team can use to help protect users from malicious applications."

What could attackers do with an infected phone?

It's not clear what the DroidDream attackers planned to do with the infected phones, but with root access the attackers could have downloaded more malicious software to your handset or attempted to pull more personal data from your device.

What exactly did DroidDream do?

DroidDream was embedded within more than 50 Android apps, and would gain root access to your Android device after you ran the app for the first time. It would then install a second application, which required special permission to uninstall. After that, an exploited phone could have more malicious apps installed on it and send more of your data to the DroidDream attackers.

Interestingly, DroidDream was designed to do most of its dirty work between 11 p.m. and 8 a.m. when most people would be sleeping and the phone was less likely to be in use. This made it harder for you to detect abnormal behavior with your device. For a complete breakdown of how DroidDream worked, check out this post on Lookout's blog.

What is Google doing to secure the Android Market?

Google said it is adding "a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market."

The company didn't specify what those measures were. It's not clear if Google intends to vet applications prior to the app's introduction into the Android Market, similar to what Apple does for iPhone and iPad applications.

Originally published on PC World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question