Yesterday, the Android market had 21 applications pulled by Google and force-removed from users' devices due to them containing an exploit called 'rageagainstthecage'. And while Google successfully and quickly pulled the software from the market and from devices ("kill switch"), those 21 apps were downloaded over 50,000 times (bigger market, bigger target).
It was bound to happen. We've been bombarded for years about the threat of computer viruses, exploits, Trojans, etc. and if there was ever a viable target today, Android would be it. It has an open market (no approval processes), huge market share and one heck of a hacker community. How serious is the exploit? Our sister site Android Central says:
Mind you, all 21 apps were uploaded by one person. Going further, Android Police, who originally broke the story says
Egads. While we hope nothing too nefarious has happened, it goes to show that having a regulated Marketplace, like Windows Phone, where the code is checked for such things can be quite valuable when compared to what Android users are now facing. Will this become a regular occurrence? What will Google do to address the problem? It will be interesting to see in the next couple of days the fallout from this breach.
Windows Central Newsletter
Get the best of Windows Central in in your inbox, every day!
Daniel Rubino is the Editor-in-chief of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft since 2007 when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, laptops, next-gen computing, and for some reason, watches. Before all this tech stuff, he worked on a Ph.D. in linguistics, watched people sleep (for medical purposes!), and ran the projectors at movie theaters because it was fun.
Fragmentation was the number one reason I didn't go with Android. Looks like I've got a new one for the second slot on that list.Interesting to note that all the infected apps were downloaded from the Android store, infected, and then submitted. I feel bad for the original developers, because sales of their apps is bound to take a hit.
All cell phone OS's will end up with fragmentation. Most of the apps were being side loaded from "get this app for free" sites.
But fragmentation can be very limited. Look at Apple's iOS or HP's WebOS. Both of those systems keep their devices updated with the new OS as long as the devices can support it. And most apps will work on older OSes for a decent amount of time after the latest update as well. Android is more fragmented than Windows Mobile was back in the day, and that was awful. WP7 should be the same with keeping things up to date, but we'll see how long they support the current devices.
Of course some level of fragmentation is bound to happen. But Google's model all but guarantees mass fragmentation.The apps in question were hosted by Google's store, where there is a general expectation that reasonable precautions are in place to prevent this. Unfortunately, the instant publish model pretty much guarantees malware is going to be available to the unwitting masses.
im torn. i will miss the days of being able to download whatever .cab file i find off the internet onto my winmo 6.1 phone, but if you have a marketplace, there does need to be some oversight.if only you could install apps the old fashion way in addition to accessing a regulated marketplace. that way you could know the stuff you get from the marketplace is safe, but have the option for taking a risk if you want to load an app from somewhere else.
Im surprised, I thought Google has a system for blocking these things from coming out but what the hey, surprise!
Last I heard it was up to 50 apps that are malicious from the “Kingmall2010″ and “we20090202″ developer names as well as the originally reported “Myournet” name.
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.