Skip to main content
  1. Home
  2. Mobile

Google issues malware-flushing security update, remotely removes malicious apps

Adam Rosenberg
By

Google hit a bit of a rough patch last week when it was learned that a large number of malware-infected apps were being sold by publisher Myournet on Android Market. The publisher and its products were quickly removed, but the damage had already been done: the 58 removed apps were downloaded roughly 260,000 times before they went away, TechCrunch reports.

Other than the app removal, which happened within minutes of the news hitting the Internet, Google remained relatively quiet on the issue until last night. This was likely to give the internal development team time to engineer a fix, which they have. Android Security Lead Rich Canning laid out the details in an update on the Google Mobile Blog last night.

Recommended Videos

A security update will be (or likely already has been) pushed to all of those devices that downloaded one or more of the problem apps. Google is sending e-mails out to the security update recipients “over the next 72 hours” to inform them of the mandatory update, which requires no action on the user side. At the same time, Google is also enacting one of its security controls to remotely remove all of the malicious apps from affected devices. If you’ve got one of the problem apps and haven’t removed it yet, it’s going to automatically be done for you. Sometimes, having Big Brother always watching isn’t such a bad thing.

Related

Canning also writes, “We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues,” though exactly what those measures are isn’t detailed.

The malware is believed to have only gathered device-specific information, though it contained code that could have allowed for the download of more potentially harmful data without a user’s knowledge. Devices with Android version 2.2.2 or higher were also not affected, as the malicious software takes advantage of exploits that were only present in earlier versions. That said, if you’re running a “safe” version and do somehow happen to still have one of the affected apps… it might be a good idea to remove it.

Editors' Recommendations

Topics
Adam Rosenberg
Adam Rosenberg
Former Digital Trends Contributor
Previously, Adam worked in the games press as a freelance writer and critic for a range of outlets, including Digital Trends…
Google is finally fixing an annoying issue with its Pixel phones
A person holding the Google Pixel 8, showing the back of the phone.

When Android 7.0 Nougat arrived in 2016, Google introduced a new seamless update system that allowed users to keep using their devices while the update was installed in the background. Down the road, Google made it mandatory for all smartphone makers, and it's most prevalent on Google's own Pixel smartphones. But the system was not without its fault — even on the latest Google Pixel 8 and Pixel 8 Pro devices.

Now, it seems like the latest Android 14 QPR update has considerably sped things up and fixed problems plaguing the whole update pipeline. What are seamless updates, though? It involves an A/B disk partition strategy, which ensures that you can keep using your phone while an update is installed in the background.  The only time you'll notice something's up is when it reboots to switch to the updated version. After an update, rebooting your device is just as fast as a normal restart without much extra waiting.

Read more
Google is killing your passwords, and security experts are (mostly) happy
Logging into a Google account with passkeys on an iPhone.

Google is inching closer to making passwords obsolete. The solution is called "Passkeys," a unique form of password that is stored locally on your phone or PC, just the way a physical security key works. The passkeys are protected behind a layer of authentication, which can be your fingerprint or face scan — or just an on-screen pattern or PIN.

Passkeys are faster, linked across platforms, and save you the hassle of remembering passwords for websites or services that you have subscribed to. There is a smaller scope for human error, and the risks of 2-factor authentication code interception are also reduced.

Read more
Your Google One plan just got 2 big security updates to keep you safe online
Two Google Pixel 7 Pro smartphones.

Google just added some major new security features to keep its Google One subscribers safe while on the web. After all, the internet is where you spend a lot of your time, whether that's looking things up, paying bills, shopping, booking appointments, or sharing photos with family and friends. That’s a lot of information, and Google wants to keep subscribers safe from the darker side of the web.

Regardless of whether you use an iPhone or an Android smartphone, all Google One subscribers are getting the following two security features.
VPN by Google One for everyone

Read more