— After it was made known that 50 or so rogue malicious apps had wormed their way into the Android App Market, Google immediately removed them. But this weekend it came to light that the company went a step further, and remotely deleted the dangerous apps from the phones of users who'd accidentally downloaded them.
Google's own Mobile Blog reported the remote surgery, and said that the company was also "pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices." Third-party security app Lookout also pushed an update to its users to curtail any further malware intrusion.
What kind of damage may have already been done? "For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific," the blog reported. This would include "unique codes which are used to identify mobile devices, and the version of Android running on your device. But given the nature of the exploits, the attacker(s) could access other data." Assuming they were successful on all handsets, fixes should have cut off attackers from any further access.
The number of affected phones could be as high as 50,000, according to Engadget.
Google's blog linked to a June 2010 discussion of the "remote application removal feature," aka "kill switch," where they first used it to get rid of some improperly deployed (but not malicious) developer software. Tim Bray of the Android Developers blog remarked, at the time, "While we hope to not have to use it, we know that we have the capability to take swift action on behalf of users' safety when needed."
By now, it's clear that this tool isn't just a precautionary measure but a necessary feature, one that, unfortunately, may get quite a bit of exercise in the future.