>Google eliminates 55 malware-infecting apps from Android Market

>

Responding to complaints of malware-infecting applications of its Android platform, Google removed a total of fifty-five applications from its Android Marketplace.

The applications in question had been modified to contain the malware. Once downloaded, these applications used to secretly install malware on the device to steal users’ personal information such as handset’s unique IMEI number.

In addition, the malware-infecting applications would exploit security holes and install a backdoor application to allow further installation of pirated software.

Earlier in January, Android platform manager Eric Chu announced that Google would also introduce an in-app payment system for Android and enhance discovery of applications in its mobile storefront. But, the malware fiasco has retarded the company’s broader push to enhance the Android Market.

In addition, the malware fiasco is hurting the reputation of the Android Market, which is trying to challenge Apple’s renowned App Store.

In the past, Apple and Amazon had to face sever criticism for remotely removing or disabling apps or e-books. But, Google should not be blamed for remotely removing the concerned applications due to the potential damage that the malicious applications could have done.

>Google Nukes Rogue Android Apps On Users’ Devices

>

Your Android phone has a built-in kill switch for nasty apps. And Google, apparently, is not afraid to use it.

Over the weekend, the search giant announced that it had remotely wiped “a number” of malicious Android apps from users’ phones, programs that earlier in the week had been identified as malware and pulled from Android’s app store. 

“We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” Google wrote on its mobile blog, linking to an explanation it posted in June of a built-in functionality for deleting apps from users’ phones.

Google also wrote that it’s contacting law enforcement about the issue and updating Android devices with a fix for the exploit used by those apps–pirated copies of legitimate programs with malicious code weaved in–designed to prevent any further compromise of users’ data. The company added that “we are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.”

Exactly what those “measures” might be, Google isn’t saying. A Google spokesperson I contacted declined to comment beyond the text of the company’s blog post.

But Chris Wysopal, the chief technology officer of security vulnerability analysis firm Veracode, speculates that Google is likely introducing signature-based scanning to the Android Market, a tool for identifying malware and making sure that similar instances of malicious code are blocked from the Market in the future, just as viruses are identified and blocked by signature-based scans on PCs.

“This relies on someone external to Google finding the first malware and reporting it. In this case the trojan apps were pirated so the original developers were tipped off,” Wysopal wrote to me in an email. “This is definitely an improvement, but I expect malware writers to adjust.”

The last time Google deleted applications that were already downloaded to users’ devices was in June, and its targets were two proof of concept apps built by security researcher Jon Oberheide. As I wrote at the time, that use of its kill switch seemed to be a loud warning to malware writers about the company’s ability to remotely destroy their tools. After all, Oberheide’s apps were designed to show the possibility of creating an Android-hosted botnet, not to actually create one.

But as cybercriminals increasingly look to mobile platforms as new targets, their malware is no longer a mere demonstration–and nor is Google’s ability to nuke those apps from orbit.