Google acknowledges Android Trojan
Just days after developers discovered more than 50 mobile applications containing a hidden Android Trojan, Google has acknowledged a security gap in its Android Market, and said it would take steps to prevent malicious apps from appearing there in the future. 
According to Google Security Head :
“We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through the Android Market.”
Security experts have warned that mobile application vulnerabilities would present a new and potentially lucrative attack vector for cybercriminals. Mobile malware has been surfacing in a number of third-party Android application repositories as well as unofficial applications that can be downloaded on jailbroken iPhones.
A hidden Trojan called DroidDream was discovered last week in at least 50 Android applications. The malware could gain root access to the smartphone, giving it the ability to view the device’s sensitive data and download additional malware. Cannings said Google engineers believe DroidDream gathered device-specific codes to identify mobile devices and the version of Android running on the device, but it could have stolen other data, he said. Google is automatically deploying a malware removal tool to victims, which wipes the malware from the infected device.
More on Android apps:
More Android mobile malware surfaces in third-party app repositories:
Security researchers have discovered a new mobile malware hidden in apps on unregulated third-party Android marketplaces.
Google pulls malicious apps from Android Market:
The Android applications contained a hidden Trojan that attempted to gain root access to the smartphone to view sensitive data and download additional malware.
Android enterprise security: Mobile phone data protection advice:
Android devices are increasingly popular among enterprise users, but is Android enterprise security where it needs to be to ensure the safety of important enterprise documents?
Experts agree that users should continue to stick to official marketplaces where malware is less of a problem. But malware in official application repositories will grow worse, warns Charles Miller, principal security analyst at Independent Security Evaluators. Miller said Google’s Android Marketplace differs from Apple’s more controlled App Store. Apple performs a scan of the application’s binary for private APIs and other issues that could harm the performance of the iPhone. The centralized control has helped keep the iPhone relatively safe, he said. Anyone can put apps in the Android Marketplace, Miller said, “but at least users can see what other users think of the app and if something is really bad, Google can come in and remove it and also remotely remove it from user’s phones.”
