Your Android phone has a built-in kill switch for nasty apps. And Google, apparently, is not afraid to use it.
Over the weekend, the search giant announced that it had remotely wiped “a number” of malicious Android apps from users’ phones, programs that earlier in the week had been identified as malware and pulled from Android’s app store. “We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” Google wrote on its mobile blog, linking to an explanation it posted in June of a built-in functionality for deleting apps from users’ phones.
Google also wrote that it’s contacting law enforcement about the issue and updating Android devices with a fix for the exploit used by those apps–pirated copies of legitimate programs with malicious code weaved in–designed to prevent any further compromise of users’ data. The company added that “we are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.”
Exactly what those “measures” might be, Google isn’t saying. A Google spokesperson I contacted declined to comment beyond the text of the company’s blog post.
But Chris Wysopal, the chief technology officer of security vulnerability analysis firm Veracode, speculates that Google is likely introducing signature-based scanning to the Android Market, a tool for identifying malware and making sure that similar instances of malicious code are blocked from the Market in the future, just as viruses are identified and blocked by signature-based scans on PCs.
“This relies on someone external to Google finding the first malware and reporting it. In this case the trojan apps were pirated so the original developers were tipped off,” Wysopal wrote to me in an email. “This is definitely an improvement, but I expect malware writers to adjust.”
The last time Google deleted applications that were already downloaded to users’ devices was in June, and its targets were two proof of concept apps built by security researcher Jon Oberheide. As I wrote at the time, that use of its kill switch seemed to be a loud warning to malware writers about the company’s ability to remotely destroy their tools. After all, Oberheide’s apps were designed to show the possibility of creating an Android-hosted botnet, not to actually create one.
But as cybercriminals increasingly look to mobile platforms as new targets, their malware is no longer a mere demonstration–and nor is Google’s ability to nuke those apps from orbit.