260,000 Android handsets infected with trojans
We don’t normally spend too much time on the failings of other mobile platforms (else there would be no space for anything else) but the recent kerfuffle about infected apps on the Android Market is pretty significant.
We have known for about a week now that infected applications have been found in the Android market. The apps are popular applications that have been downloaded by hackers, infected with trojans and then uploaded for free to Marketplace under attractive names such as Super Ringtone Maker,Super Sex Positions and Super Guitar Solo.
Analysis of the code shows the trojans upload IMEI and IMSI numbers, product ID, model, language, country, and userID, but much worse still has the ability to download more code from remote servers, which, since the app has root access, could do anything, from spying on users to dialling expensive premium numbers.
Google has now released some information about the scale of the attack. 58 apps are known to be affected, and have now been removed from Market, but not after they were downloaded 260,000 times. The apps gain root access using a flaw in Android 2.2.1 and lower, which the vast majority of Android handsets run, most of which will not see upgrades any time soon.
Google has now said they would uninstall these apps remotely, and that they would take new measures to enhance security. These does not however remove any extra downloaded software, and does not patch the hole in Android 2.2.1 and lower in any case.
The number of serious failings highlighted in this incident are pretty high, from security flaws in the OS, the ability for hackers to steal applications from other developers and upload them under their name to Android Market, the ability to upload infected code to Market, to the fragmentation in the Android OS which will allow tens of millions of Android users to remain vulnerable to further exploits in the future, and all of this argues that Android is the typhoid Mary of mobile operating systems.