The price of an open market: Google pulls 21 Android apps for malware

Yesterday, the Android market had 21 applications pulled by Google and force-removed from users' devices due to them containing an exploit called 'rageagainstthecage'. And while Google successfully and quickly pulled the software from the market and from devices ("kill switch"), those 21 apps were downloaded over 50,000 times (bigger market, bigger target).

It was bound to happen. We've been bombarded for years about the threat of computer viruses, exploits, Trojans, etc. and if there was ever a viable target today, Android would be it. It has an open market (no approval processes), huge market share and one heck of a hacker community. How serious is the exploit? Our sister site Android Central says:

rageagainstthecage...opens the door for the app to do anything with your data -- like send it to a remote server. Of course with root it can do much worse as well.If you installed any of these applications, they should have been pulled off your phone, but that's not enough. You need to do a full system wipe and reset your phone completely, the data wipe and reset from settings may not be enough. This means ODIN, RUU's, .sbf files or a trip to your carrier store if this is beyond your capabilities.

Mind you, all 21 apps were uploaded by one person. Going further, Android Police, who originally broke the story says steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

Egads. While we hope nothing too nefarious has happened, it goes to show that having a regulated Marketplace, like Windows Phone, where the code is checked for such things can be quite valuable when compared to what Android users are now facing. Will this become a regular occurrence? What will Google do to address the problem? It will be interesting to see in the next couple of days the fallout from this breach.

Daniel Rubino

Daniel Rubino is the Editor-in-chief of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft since 2007 when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, laptops, next-gen computing, and for some reason, watches. Before all this tech stuff, he worked on a Ph.D. in linguistics, watched people sleep (for medical purposes!), and ran the projectors at movie theaters because it was fun.

  • Fragmentation was the number one reason I didn't go with Android. Looks like I've got a new one for the second slot on that list.Interesting to note that all the infected apps were downloaded from the Android store, infected, and then submitted. I feel bad for the original developers, because sales of their apps is bound to take a hit.
  • All cell phone OS's will end up with fragmentation. Most of the apps were being side loaded from "get this app for free" sites.
  • But fragmentation can be very limited. Look at Apple's iOS or HP's WebOS. Both of those systems keep their devices updated with the new OS as long as the devices can support it. And most apps will work on older OSes for a decent amount of time after the latest update as well. Android is more fragmented than Windows Mobile was back in the day, and that was awful. WP7 should be the same with keeping things up to date, but we'll see how long they support the current devices.
  • Of course some level of fragmentation is bound to happen. But Google's model all but guarantees mass fragmentation.The apps in question were hosted by Google's store, where there is a general expectation that reasonable precautions are in place to prevent this. Unfortunately, the instant publish model pretty much guarantees malware is going to be available to the unwitting masses.
  • im torn. i will miss the days of being able to download whatever .cab file i find off the internet onto my winmo 6.1 phone, but if you have a marketplace, there does need to be some oversight.if only you could install apps the old fashion way in addition to accessing a regulated marketplace. that way you could know the stuff you get from the marketplace is safe, but have the option for taking a risk if you want to load an app from somewhere else.
  • Im surprised, I thought Google has a system for blocking these things from coming out but what the hey, surprise!
  • Last I heard it was up to 50 apps that are malicious from the “Kingmall2010″ and “we20090202″ developer names as well as the originally reported “Myournet” name.