Concerns over the safety of mobile apps have been bubbling under for a while, but come bursting through to the surface this week with news that over 50 Android apps harbouring the same rootkit had been uploaded to the Android Market, and downloaded by hundreds of thousands of users.
Google acted swiftly to remove the malicious apps from its online repository, and is now introducing a new 'remote kill' function to remove malicious apps from Android devices without the user having to get involved.
In addition to the new function, Google will be sending out a fully automated Android Market security update that will remove the rootkit from affected devices, together with email notifications to affected users.
The company is at pains to point out that only device-specific information was gathered by the rootkit, rather than personal data or account information.
“We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues,” it adds.
The affair once again brings the issue of Android fragmentation to the fore. Google reveals that the security hole is in fact only present in Android devices running version 2.2.1 or older of the operating system. However, in reality that's the majority of users, and given the sluggish and inconsistent nature of how updates to the platform have been rolling out, the reality of “working with our partners” may be far more complex than the theory.