In response to the recent Android Market exploit, using which a number of malicious applications were published. Google ssys that "the apps took advantage of known vulnerabilities which don't affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which're used to identify mobile devices, and the version of Android running on your device)."
A user can determine if their device has been affected by visiting Settings > Applications > Running services and look for "DownloadManageService" in the list of running services.
If your device has been affected, you'll receive an email from firstname.lastname@example.org over the next 72 hours. You'll also receive a notification on your device that "Android Market Security Tool March 2011" has been installed. You may also receive notification(s) on your device that an app has been removed.
You aren't required to take any action from there, the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you'll receive a second email.
Google says they've taken a number of steps to protect those who downloaded a malicious app:
- We removed the malicious app from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.
- We're remotely removing malicious apps from affected devices. This remote app removal feature is one of many security controls the Android team can use to help protect you from malicious apps.
- We're pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices.
- We're adding a number of measures to help prevent additional malicious apps using similar exploits from being distributed through Android Market and are working with partners to provide the fix for the underlying security issues.