Google has kicked 21 apps out of the Android Market for being stuffed full with malware.
Apps released by developers using the names ‘Myournet’, ‘Kingmall2010’ and ‘we20090202’ were riddled with malware, including the rageagainstthecage root exploit. They’ve been harvesting data including product ID, model, partner, language, country, and userID.
Even more worryingly, the apps also add a backdoor allowing them to download more code in future, without the owner’s knowledge – giving them almost unlimited possibilities. Phones running Android 2.2.2 and above appear to have been immune.
Some of the apps are pirated versions of genuine apps. They include Super Guitar Solo, Photo Editor and, um, Screaming Sexy Japanese Girls. Another, ironically, is App Installer.
Between them, they appear to have clocked up somewhere between 50,000 and 200,000 downloads over a four-day period.
Following a tip-off, the rogue apps were reported by Android Police, which says that Google pulled them from the store within five minutes of being alerted.
Google’s also erasing them remotely from users’ devices using the Android kill-switch feature – although this will do nothing to eliminate any code that the app has already downloaded.