DroidDream was the latest malware attack on the Android platform. The malware pulled the International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) numbers from the infected phones. After those numbers were discovered, the app downloaded a rootkit, giving the attacker complete control of the device. Google pushed the Android Market Security Tool March 2011 application to all infected phones.
This is a critical issue because an attacker could gain access to a user’s contact information and cripple your phone, which could be a major issue if you’re in an emergency. Also, if you have malware on your phone, your number could be spoofed or hijacked and cause your bill to be 10 times what it should be.
What is the bigger issue: the malware-infected applications or the “kill switch” Google obviously has in place for the Android platform? From my perspective, it’s the malware-infected applications. As much as I dislike the Apple mobile platform, I think the company is handling the development process the right way. Apple’s application vetting process is so strict because the company cannot afford to allow malware of this nature onto its mobile devices.
I am a big fan of Android; the flexibility it offers is far and above any other mobile platform. But Google needs to act fast before users lose confidence in the Android platform. If Google would take more of a hard line approach to accepting apps in the Android Market, it might frustrate some developers, but the primary focus should be on the applications’ security and the end user’s data and experience.
For now, I recommend that you use discretion when downloading and installing Android applications.
- Google confirms it pulled malicious Android apps (CNET News)
- Expert: Android Market should scan for malware (CNET News)
- Google’s Android wears big bullseye for mobile malware (ZDNet)
- Google kind of, sort of, addresses Android Malware (ZDNet)
- Google flips on death-ray, nukes Android malware … but is it enough? (ZDNet)
- What is Android missing? (TechRepublic)