Google on Saturday removed 58 applications that were reported to the company to contain malicious code that would expose customer’s information.
[ad#Google Adsense 300×250 in story]Apparently with the malicious apps installed, the developer was able to gain access to the customer’s IMEI and IMSI, product ID, model, partner, language, country, and userID, according to inneractive. In a statement released by Google, they said it’s believed that only the IMEI was compromised.
Google said it removed the applications within minutes of being notified they were on the store. The developer account was also suspended and law enforcement was contacted.
The company then began the process of remotely removing the application from customer’s devices.
“We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,” wrote Google on its mobile blog. “If your device has been affected, you will receive an email from [email protected] over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.”
Google said the infected applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher.
Apple has been heavily criticized at times for taking so much control and being so security conscious with its App Store, but to date, I don’t believe an infected app has made it onto an Apple device.