Google promises better Android security after DroidDream


Google has moved to shore up Android Market defences after over 50 malicious apps sneaked their way onto the app store.

The apps, which Google subsequently took down, were able to steal device details and could even download extra code, installing extra malware designed to take even more data from users, reports indicated.

It was feared between 50,000 and 200,000 users had downloaded the rogue apps, featuring a piece of malware known as DroidDream, according to the Android Police website.

Google remotely removed the malicious applications from affected devices and an Android Market security update has been issued for all affected devices.

This will undo the exploits that could have allowed hackers to gain additional data from affected devices.

Google said it believed only IMEI/IMSI unique codes could have been accessed by the perpetrators, but admitted other data could have gone missing.

"We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues," said Rich Cannings, Android security lead, in a blog post.

"Security is a priority for the Android team, and we're committed to building new safeguards to help prevent these kinds of attacks from happening in the future."

The DroidDream affair will do nothing to allay fears that app stores could potentially be a security time bomb waiting to explode.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.