Android security has come to the forefront as malicious apps were recently found on the Android Market. Google is on the case, and has promptly removed the offending apps as announced in the Google Mobile Blog. Reports have indicated that 58 infected apps have been removed in the latest action by Google.
Over 260,000 devices installed the apps before they were discovered and removed. For these users, a remote kill switch will be activated by Google to remove the malicious apps and automatically undo the exploit on their devices.
According to Google, not only were the bad apps removed from the Android Market, the associated developer accounts were suspended and law enforcement was contacted. Pushing the security update to all affected devices will prevent the attackers from accessing more information, and affected users will be contacted via email. Devices running Android 2.2.2 and later were not vulnerable to the attack.
Apparently the only information that could be accessed by the malicious code was the Android version running and unique device identifier codes (IMEI/IMSI). Follow up emails will be sent to affected users after the exploit is successfully removed.
Google also issued the following statement as they are working diligently to confront Android Market security issues head on:
We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.