Android malware clean-up exposes reliance on mobile carriers to push out updates

Android versions: Eclair, Froyo, GingerbreadLast week there were many headlines in the security press after it was discovered that malicious apps had been found on the official Android Market.

The good news is that Google used has removed the offending apps which formed the so-called “Droid Dream” attack from the Android Market, so no-one else can be tricked into downloading them from an official source at least.

In addition, Google has revoked permissions from the developer accounts which published the malware, and claims to have contacted law enforcement agencies about the malicious activity.

This weekend, Google announced that it was pushing a clean-up tool to all of the Android smartphones it believed had been affected by the attack.

Sign up to our free newsletter.
Security news, advice, and tips.

This is, in effect, Google’s “remote kill switch” – capable of forcibly removing offending apps from users’ phones.

Affected users will see a notification on their smartphone that a tool called “Android Market Security Tool March 2011” has been installed.

Android Market Security Tool

If, for any reason, you want to determine for yourself if your own Android smartphone was affected by the “Droid Dream attack” you should visit Settings / Applications / Running services and look for “DownloadManageService” in the list of running services.

But is that the end of the story?

Not quite. You see, Google’s tool undoes the damage caused by the malware – but it doesn’t fix the underlying vulnerabilities that allowed the malware to cause a nuisance in the first place.

The malware attack took advantage of known vulnerabilities which only affect versions of the Android operating system before 2.2.2.

However, although the bug is fixed in Android 2.2.2 and later, it’s up to individual carriers and smartphone vendors to make sure that the patch is rolled-out to users running older versions of Android.

In other words, if you’re running an older version of Android on your smartphone, you may still be vulnerable to an attack like that conducted in the information-stealing Droid Dream attack.

Android 2.2.1So, if your smartphone is still running the “Eclair” version of Android, for instance, you might be at greater risk than a friend who has a smartphone running the “Gingerbread” flavour.

As a security-conscious Android phone owner you might find yourself having to make a choice as to whether you want to wait for your mobile carrier to send you this critical security patch over the airwaves, or install a custom ROM on your device.

There are so many devices running so many different flavours of Android, ensuring that all of them are kept up-to-date with security patches becomes a very serious problem. And it’s one that is largely out of the poor phone owners’ hands – all they can do is try to make their voices heard and hope that someone at the mobile carrier/smartphone manufacturer is listening.

You have to wonder if this is a security model that is going to work effectively as more and more people start relying upon smartphones as part of their daily lives.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.