Over the weekend, Google announced that it will remotely kill DroidDream, the malware infecting 58 Android apps, from affected Android devices. In addition, the Google Mobile team have come up with a security update and will be adding "a number of measures" to prevent more malicious applications coming into the Android Market.
The increased security in the Android Market is new, mainly because Google's Android Market seemed to pride itself on its laissez-faire attitude -- a 180-degree turn from the micromanaged, ultra-secure Apple App Store. For some developers, Apple's security comes at a price -- too much interference and even censorship. The Android Market has few rules, mainly that an app notifies users when it will access personal information, and relies on the peer review of the marketplace rather than Apple's small committee. Unfortunately when the market becomes hit with a rush of malware, there's little to prevent a full-scale infection. There were more than 50,000 downloads of the compromised apps before the malware was discovered.
Google's initial report last week was that the infection was much smaller -- only 21 apps affected, and that its security team was all over it. Apparently that wasn't the case. The actual number was 58 affected apps -- from "Myournet," "Kingmall2010" and "we20090202."
DroidDream gains access to all passwords and sensitive information, usually while the user is sleeping (it works from 11 p.m. to 8 a.m. to avoid detection,) and then maintains a connection so its creator can operate the handheld remotely.The possibilities for damage and havoc are huge.
"DroidDream could be considered a powerful zombie agent that can install any applications silently and execute code with root privileges at will," wrote Lookout Mobile Security on its blog. It also has a list of all of the infected apps.
While some argue that there's nothing wrong with the Android Market and that it just requires a more aware buyer or downloader, others want a little more security and a closed marketplace like Apple. I'm probably in the pro-Android Market camp because I'm incredibly paranoid about downloading apps and check and doublecheck before finally committing to one (yes, even Angry Birds.) Android users can't afford to download on a whim, but need to do a little research before allowing software on your phone that could destroy or exploit information.