Google's DroidDream Cleanup: FAQ
Google recently began remote wiping Android devices infected with malware after discovering more than 50 malicious applications in the official Android Market.
Mon, March 07, 2011
PC World — Google (GOOG) recently began remote wiping Android devices infected with malware after discovering more than 50 malicious applications in the official Android Market.
Slideshow: The Google Android Quiz
Called DroidDream the malware gained root access to devices running Android 2.2.1 (Froyo) and older to access sensitive information such as a device's unique identifying numbers--International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI)-- as well as the device's language, phone model and, in some cases, UserID.
If something has root access to your device, it means the software could potentially take control of the entire device and any data stored on it.
Mobile security firm Lookout isn't sure what DroidDream was designed to do once it gained access to your phone, but the company said the possibilities were "limitless." DroidDream had been discovered in third-party app stores before, but this was the first time it had popped up in the official Android Market.
With Google starting to remove the malware from infected devices and promising to beef up security for the Android Market, it appears the DroidDream threat will be limited. Nevertheless, if you've got an Android device and are worried you might be infected, here's what you need to know.
Which applications were loaded with DroidDream?
The more than 50 malware-laden apps in the Android Market included software created by three developers: Kingmall2010, we20090202, and Myournet. Malicious titles included Super Guitar Solo, Hot Sexy Videos, Super Stopwatch & Timer, Bubble Shoot, and Quick Delete Contacts. You can find a complete list of infected apps on Lookout's blog.
Have the malicious apps been removed from the Android Market?
Google said late Tuesday that all DroidDream-infected apps were removed from the Market.
I am infected. When can I expect Google to wipe the apps?
Google said anyone with an infected device could expect to hear from firstname.lastname@example.org by the evening of Tuesday, March 8. The search giant will also install a new security update on your device called "Android Market Security Tool March 2011." The update will automatically undo the exploit.
Wait a second -- Google can remotely wipe data from my device?
Yes, and it's not the first time the company has done this. In June, the company wiped two applications from user's phones that were built by a security researcher. Google said it removed the apps, because the apps "intentionally misrepresented their purpose in order to encourage user downloads."
Google says its ability to remote wipe devices is "one of many security controls the Android team can use to help protect users from malicious applications."