updated 10:25 am EST, Sun March 6, 2011
Google pushes update to purge malware from Android
Google in a late night Saturday update said it was taking extra action to patch up a large-scale Android malware infection that highlighted the risks of the platform. Along with having pulled the apps, it's now pushing an automatic update to compromised phones that will remove the privacy hacks. Anyone affected will get an e-mail first to let them know of the problem and a second after it had been patched, security head Rich Cannings said.
The company was also adding a "number of measures" in the Market to prevent more hostile apps and was working with phone makers and other partners to cure the root causes.
Google didn't provide the full details of the exploit but acknowledged that the apps had scraped unique hardware identifiers and personal information, including a phone's unique IMEI. The techniques let the app writers both exploit personal information and deliver hacks that could be targeted at individual phones. It also stressed that the hacks didn't hit phones using Android 2.2.2 or later.
The company nonetheless didn't answer questions of whether it would do anything to patch phones running the older platform and underscored a still ongoing problem with platform divisions. Its own version list as of February showed about 41.6 percent of Android devices running 2.1 or earlier, leaving nearly half of users vulnerable until a more permanent fix is available. Many of the phones can't be upgraded to 2.2 either due to hardware limits or because the hardware manufacturer has consciously abandoned it, usually through a perceived lack of reward for updating its customized, fragmented version of the OS.
The accessibility of bug and security fixes has been a mounting issue for Android and has left only those devices running unaltered versions of Android, chiefly Google's own Nexus One and Nexus S, getting the most reliable and safest software. Only Android 2.3 has a fix for random text messages and has reached just the 0.8 percent of the Android user base buying one of the two official Google phones.
Apple has been criticized for excessive control of iOS to limit the potential of apps and to shut out competing services. Its platform has nonetheless had far fewer risks and a more proactive approach to keeping the OS secure. While there is little device variety, its direct control over updates has meant that the vast majority are using a version no more than a few months old.