Kaspersky: Google's handling of Android malware is debatable
Google has been criticised for the way it has handled the cleansing of devices infected with the DroidDream malware. Anti-virus vendor Kaspersky finds installing the "Android Market Security Tool March 2011" without asking for user authorisation a questionable approach. Google has been remotely installing the tool on the affected devices. The tool launches itself, obtains root privileges, uninstalls the malicious apps and then deletes itself – without ever requesting any user authorisation. This approach has a number of similarities to the practices employed by malware authors.
Kaspersky has also criticised Google for dealing with the symptoms while leaving the cause untreated. Although Google's announcement talks about an "Android Market Security Update", Kaspersky says that, according to its analyses, the update doesn't actually close the exploited hole in the Android debugging bridge.
Apparently, installing patches is generally almost impossible. Kaspersky's Timothy Armstrong says this is due to Android's inability to install granular patches; furthermore, regular larger updates are reportedly difficult because of Android's use of the 3G data connection for syncing and updating with over the air (OTA) updates. According to Google's own Android version statistics, quite a few devices are likely to be vulnerable to the current exploit. The hole was apparently only closed in Android 2.2.2 and later versions.
Google has announced that measures will be implemented in the Android Market to prevent the future injection of infected apps with similar exploits. However, hardly any malware detection mechanisms seem to exist so far. The success of Android has drawn comparisons with the success of Windows in the 1990s, but the increasing number of malware cases could make this comparison more appropriate than intended.