Wednesday, March 2, 2011

Google pulls Market apps with root exploit -- one patched in AOSP, but you probably didn't get it

Android Market

Someone contacted Android Police with a list of applications that contain malicious code to root your device, and this has resulted in Google using the kill-switch and  pulling 21 applications from the Market (and users phones).  Here's the list of affected applications according to Android Police:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • ????_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • ????
  • Advanced Currency Converter
  • App Uninstaller
  • ????_PewPew
  • Funny Paint
  • Spider Man
  • ???

All the apps were published by Myournet to the Android Market.  The apps use the rageagainstthecage exploit to root your phone (or tablet), which opens the door for the app to do anything with your data -- like send it to a remote server.  Of course with root it can do much worse as well. 

If you installed any of these applications, they should have been pulled off your phone, but that's not enough.  You need to do a full system wipe and reset your phone completely, the data wipe and reset from settings may not be enough.  This means ODIN, RUU's, .sbf files or a trip to your carrier store if this is beyond your capabilities.  The call to our forum moderators and advisers is out, and we're going to try and help as much as we can.

Perhaps the worst part of the whole situation is that this exploit has been patched by Google.  Starting with 2.2.2, AOSP has been fixed to halt this exploit, and with Gingerbread it no longer works at all.  This puts the need for quick carrier updates in an entirely new perspective, as potentially 50,000 users are affected because they are still running old versions of the OS.  I'm all for an open Market, but something has to be done, and it will have to start at the top in Mountain View. [Android Police]

Google pulls Market apps with root exploit -- one patched in AOSP, but you probably didn't get it posted originally by Android Central

Sponsored by Android Cases and Accessories


INTERNATIONAL BUSINESS MACHINES (IBM) INTERDIGITAL COMMUNICATIONS INTEL INSIGHT ENTERPRISES INGRAM MICRO

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)