Developer: Google took a week to pull infected apps

 

Gallery

By Stewart Mitchell

Posted on 3 Mar 2011 at 13:22

An Android developer has hit out at Google for the time it took to react to a malware attack on hijacked apps in its Market store.

There is continuing confusion over the severity of a rash of Android malware that forced Google to remove at least 21 apps from its Market, but developers have claimed Google could have reacted much more quickly after being informed of the threat more than a week ago.

The problem was brought to light by Reddit blogger Lompolo, who found the DroidDream virus in two apps listed on the official Market store.

After further investigation, the infected app count quickly rose to 21, while analysts at Lookout Mobile Security put the number of infected apps as high as 50.

The virus was been packaged into apps that were stolen from their original developers and reposted in the Market with the virus included.

Google finally contacted me and apologised for the delayed response, but there really should be a faster/easier way to get Google to act on it!

“I randomly stumbled into one of the apps, recognised it and noticed that the publisher wasn’t who it was supposed to be,” said Lompolo.

“Super Guitar Solo, for example, is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APKs [Android Package files], they both contained what seems to be the 'rageagainstthecage' root exploit.”

While news of the virus emerged yesterday, the developer of the original app said he had known about the problem for more than a week, and received no response from Google despiting flagging the rogue apps as infected imposters.

“I'm the developer of the original Guitar Solo Lite,” the developer posted under the Reddit user name Coding Caveman. “I noticed the rogue app a bit more than a week ago because I was receiving crash reports sent from the pirated version of the app.

“I notified Google about this through all the channels I could think of: DMCA notice, malicious app reporting and Android Market Help.

"After yesterday's media coverage, Google finally contacted me and apologised for the delayed response, but there really should be a faster/easier way to get Google to act on it!"

Google has not issued a statement regarding the issue, but told PC Pro it was looking into the security problem, and three accounts that were posting the apps appear to have been removed from the Market.

According to Lompolo and Android security websites, the virus not only sends personal information such as the device number to overseas servers, but also opens a back door.

A full list of apps that might be affected can be found at the Lookout Mobile Security website, but the flaw used to root the operating system was fixed in Android 2.2.2 and 2.3, so anyone who has updated need only remove rogue applications.