back to article Google vanishes 'DroidDream' malware from citizen phones

Google has acknowledged that it removed "a number" of malicious malware applications from the Android Market on March 1, and it has now reached out over the airwaves to remove the apps from end users devices as well. Last week, reports indicated that more than 50 Android apps had been loaded with info-pilfering software known …


This topic is closed for new posts.
  1. Tigra 07 Silver badge
    Thumb Up

    Looks like bash a network day...

    Lucky they have a killswitch.

    Imagine if Microsoft had a similar feature to remote update peoples PCs, most botnets would disappear overnight.

    A kill switch is only a bad thing if it's used for bad and Google isn't doing a bad job here, especially since it could have been avoided by operators updating the phones of their customers.

    Google shouldn't have to do this but it's a good job they did as they're doing phone operators job for them.

    1. Steve Evans

      Re: Looks like bash a network day

      Actually, if MS had a kill switch it would be fundamentally flawed. Two weeks after it goes live it would be exploited and Microsoft office would magically be uninstalled from every PC on the planet!

      1. John Brown (no body) Silver badge

        Re: Looks like bash a network day → #

        ...and the downside is?

  2. The Fuzzy Wotnot

    What was that?

    Now what was it the droid-boys were shouting about, they have control over their own phones and apps unlike the Apple fanbois?

    1. Kay Burley ate my hamster

      Yes we do

      We both have kill switches. Only Android has a choice of markets and the ability to install from outside of the markets.

    2. Steve Evans

      Re: What was that?

      No, the 'droid boys have a choice over what they put on their phone, and where they get it from. They are not subject to the whims of a single corporation and what seem like their very personal likes and dislikes.

      How many times have Google pulled the switch and said "No, that's bad!", errr, once, and that's on programs that are trojans... How many times has St Jobs and pals said "No, they can't use/see/have that", probably multiple times an hour, and that will be for programs that maybe show too much flesh, or just look wrong, or maybe even let people purchase from somewhere other than the istore! Shock horror!

      You've got to remember that a mobile phone is a very powerful device which is generally released into the hands of the moronic masses (If you don't think the public are that stupid just look at the viewing figures for reality TV).

      For google to release a device that powerful without any way to reign it in to stop the masses from hurting themselves is akin to letting Joe Public walk about with a .44 magnum... Oh...

    3. Ammaross Danan


      "Now what was it the droid-boys were shouting about, they have control over their own phones and apps unlike the Apple fanbois?"

      Another fail for this commentard, since the kill switch can be compiled out of the code, thus providing a kill-switch-free firmware. Last I checked, iOS doesn't have such capability. With the ability to install Apps from outside the Android Market, you're not locked into some company's idea of a worthwhile App. Without lock-in, subscription-based services would be cheaper too, since there's no 30% Apple-tax. Yes, there's a 10% Google-tax, but only if they are used for the credit-card processor and other associated functionality. There is no rule against allowing the App to use alternate payment methods and ditching any Google-provided services altogether.

      One does also wonder if the kill switch will yank Apps installed from non Android Market sources? Would be a whole new anti-malware technique of simply blacklisting apps from the get-go.

      1. Anonymous Coward
        Anonymous Coward

        You wrong in almost everything.

        You're mistaken, the kill switch is part of the Android Market app which is closed source, so no "compiling out of the code". It can be blocked but it's far from being a direct affair.

        Also Apple subscriptions are a completely different service to what your mentioning which is called Google One Pass which is meant more for websites than anything else. Google's comparable in-app purchase mechanism, which is coming this May, will also charge 30%.

        You did get it right that for now Google allows alternate payment methods.. but we shall see what the future brings, after all Apple also didn't have a problem with alternate payment systems for 2 years after launching in-app payments.

  3. Gfranty

    malicious maliciousness

    'malicious malware applications' just doesn't work here, they're either `malicious applications', OR `malware`, or maybe, just maybe 'malware applications'.

    Either way, their is no reason to double up on the mal-modifier.

  4. Piri Piri Chicken
    Big Brother


    So will Google refund any monies that the end user paid for the applications that Google has decided to remove without end user approval? Even if the software was nefarious.

    Whilst I'll stand off a judgement at this time over the rights and wrongs of kill switches and the likes on the devices end users pay to own, and not rent. (It does seem to be a worrying trend)

    If a company has decided to remove, without my authority, something that I paid for on a device that I own. I fully expect to not only have those monies I paid for the product removed refunded to me, but some form of basic "compensation" as well. (marketplace credits would suffice).

    1. Anonymous Coward
      Thumb Up


      You want compensation for the inconvenience of having a virus removed from your phone?

      Good luck with that :)

    2. Ammaross Danan


      Your "compensation" is not having your banking details sold to/stolen by a 14-yr-old in China or Russia (or other hotspots these days). Worth the $0.99 loss I'd say, if you actually paid anything at all in the first place...

    3. Anonymous Coward
      Anonymous Coward

      And now I find that my anti-virus software does the same...

      Yes, it's been deleting stuff without telling me first just because of some minor issue like sharing my confidential files with international crime syndicates. I want my money back. And it even had the nerve to delete a security program I paid for when an unsolicited pop up told me it had found a problem on my PC and promised to fix it if I bought their program. Refund for that too please Mr Kaspersky.

  5. jake Silver badge

    Why do so-called techies buy into this crap?

    I mean, TheGreatUnwashedSheeple[tm], sure ... but technical folks?

    I don't know about any of all y'all, but I don't want anyone mucking about with the code running my hardware but me ...

  6. Pascal Monett Silver badge

    "we would be irresponsible not to have a lever like that to pull"

    Quite right old chap - and I would be irresponsible to put good money on a toy that has a lever like that that someone else can pull without my consent or even knowledge until after the fact.

    I don't care what you think your reasons are, if it's MY toy, then nobody but ME gets to put something on it, or take something off it.

    A truly responsible company would post a proper removal procedure for the offending app, not just yank it out without even asking.

    People are supposed to be responsible for their actions, you know. Of course, that is the real problem.

  7. Anonymous Coward
    Anonymous Coward

    left hand ? right hand

    Doesn't Google scan pages that they scan for viruses? Surely they scan and index their Android marketplace.?.?.?.

  8. Paul 87

    Is it me or...

    ... the email address they're sending fom look like spam? Just the thing to really panic people after mystery app lands on your phone

  9. Anonymous Coward
    Anonymous Coward

    Walled gardens

    "We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues,"

    Does that mean they're going to copy Apple's App Store model? =)

    <ducks to avoid the rabid Apple anti-fans>

    1. Anonymous Coward
      Thumb Up

      Great stuff

      Where can we download a copy of your operating system?

    2. Tigra 07 Silver badge

      RE: Pascal

      Would you feel the way if your bank account was raided by one of these rogue apps and you couldn't get rid of it or figure out which app it was until Google used the killswitch?

      1. Steven Knox

        RE: Tigra 07

        You're assuming he'd be moronic enough to put his bank details on a smartphone to begin with.

        1. Tigra 07 Silver badge

          RE: Steven Knox

          No i'm assuming it's used as a phone, hence contact names and dates of birth, maybe a couple passwords.

          Easily enough to cause havoc or possibly steal an identity.

          Then moving onto the smartphone, we get more information, possible Facebook info, easily enough to steal an identity and find out where they work, where they live etc

      2. jake Silver badge

        OS? What OS?

        My primary telephone is a rotary-dial Western Electric. It was my Fathers first desktop telephone, back in the early 1950s. It still works wonderfully. It is at my elbow as I type, and will be until $telco removes the option of pulse dialing.

        Sometimes a 'phone is just a 'phone. Personally, I see no need for a 'phone to have an OS.

        On the other hand, my Cell is a Nokia 5185 ... works everywhere, even in Sonoma County's so-called "dead zones".

        On the gripping hand, you can download my OS of choice at ;-)

    3. Anonymous Coward
      Anonymous Coward

      I'd say that was genuine 99999 times out of a hundred.....

    4. Anonymous Coward


      That is from signature based scanning. If they find a malware on a website it is because signatures are known to anti-virus vendors. It's harder on a mobile platform because the application is doing what it is doing until it is removed. This is when people complain that they notice the application stealing data.

      Google also can test the applications to see what they do and will remove it from the market when they see it.

  10. dotdavid


    The fact that there is a killswitch there isn't an issue for me, but I don't like the fact that it runs without end-user authorisation. Wouldn't it be best for your phone to prompt you that Google has discovered a problem with one of your apps, and would you like to allow them to remove it?

    I guess "normal users" might conceivably press "No" when they should press "Yes" but I think that's a risk I'm willing to take!

    On another note, in response to the iFans who crow about how this shows that Android isn't as open as it should be - the good thing about Android is that you could install a customised AOSP build of Android on your phone should you want to which doesn't include this killswitch. That may not be "easy" but it's an option...

  11. Robert Carnegie Silver badge

    Microsoft Windows -does- have a kill switch.

    In the licence terms, you nowadays agree that if Microsoft's updater programs find illegal files, proÃrams, documents, on your computer, they can delete them.

    That's something for Linux users to think about, wIth Microsoft's patents on FAT32 as well as NTFS (I suppose). And think about OpenOffice/LibreOffice, too: Any file that you use with Linux, including documents and media, could be tainted and liable to be deleted by Microsoft with the explicit permission you already gave them.

    Imagine the fun we'd all have sueing Microsoft to -stop- deleting files generated or processed by leading open-source products, once they chose to. Are you even confident that you'd win? You'd need to prove that they deleted files that were there legally. But guess what. The files were deleted.

    Then you have to hope Microsoft doesn't own the government when this happens...

    1. Anonymous Coward

      Patents != ownership of accessed files

      "Any file that you use with Linux, including documents and media, could be tainted and liable to be deleted by Microsoft with the explicit permission you already gave them."

      Have you forgotten to take your medication today ? If you have you may wish to read the Computer Misuse Act, which applies to Sony and Microsoft UK executives as much as you or I.

    2. Anonymous Coward

      Logo says it all...

      Erm.. That's some tenuous links you've made there!

      Can I suggest you put down the tinfoil hat, go outside and see "real life" at some point.

    3. Brezin Bardout


      I don't mean to imply you've just made that up, but any chance of providing a link or quote of the relevant part?

      1. Robert Carnegie Silver badge


        Select Pre-installed Windows 7 Home Premium in English, for instance. You get a PDF to download.

        Here's one of several clauses that describe how YOU ARE CONSENTING IN ADVANCE that Microsoft can scan your computer for software / media / documents (see also "Digital Rights" for instance) that are illegal / harmful / unlicensed, in their opinion, and delete or disable those items, or your entire computer:

        "The software will from time to time perform a validation check of the software. The check may be initiated by the software or Microsoft. To enable the activation function and validation checks, the software may from time to time require updates or additional downloads of the validation, licensing or activation functions of the software. The updates or downloads are required for the proper functioning of the software and may be downloaded and installed without further notice to you. During or after a validation check, the software may send information about the software, the computer and the results of the validation check to Microsoft. This information includes, for example, the version and product key of the software, any unauthorized changes made to the validation, licensing or activation functions of the software, any related malicious or unauthorized software found and the Internet protocol address of the computer. Microsoft does not use the information to identify or contact you. By using the software, you consent to the transmission of this information. For more information about validation and what is sent during or after a validation check, see

        "c. If, after a validation check, the software is found to be counterfeit, improperly licensed, or a non-genuine Windows product, or if it includes unauthorized changes, then the functionality and experience of using the software will be affected. For example:

        Microsoft may

        · repair the software, and remove, quarantine or disable any unauthorized changes that may interfere with the proper use of the software, including circumvention of the activation or validation functions of the software; or

        · check and remove malicious or unauthorized software known to be related to such unauthorized changes; or

        · provide notice that the software is improperly licensed or a non-genuine Windows product;

        and you may

        · receive reminders to obtain a properly licensed copy of the software; or

        · need to follow Microsoft’s instructions to be licensed to use the software and reactivate;

        and you may not be able to

        · use or continue to use the software or some of the features of the software; or

        · obtain certain updates or upgrades from Microsoft."

        With the legal language they use, they are allowed to do almost anything.

        P.S. Most of this language also applies to only updating Windows Media Player.

        1. Brezin Bardout

          Ah, now I see.

          I misunderstood the bit that was making it clear about how they can remove or disable any changes made to enable unlicenced versions of Windows to run.

          I didn't realise it also meant, if they catch you using anything open source, they can start deleting anything they feel like off your computer.

        2. Blitterbug


 realize that this specifically refers to the OS, and only to the OS? It's their standard Windows installer T&C, and the definition of 'The Software' is specified at the top of the file as being Windows...

          1. Ammaross Danan


            One great example of a "IANAL" commentard freaking out over legalese. Even without knowing what "the Software" was defined as, it's obvious that it's for Microsoft products only, and definitely not applicable to content (such as pictures or doc files) that were generated by said "non-Genuine" software.

            1. Robert Carnegie Silver badge

              Read the rest of the PDF.

              The Media Player parts especially.

              Anyway, since FAT32 is a patented part of Microsoft Windows, other software such as Linux that addresses FAT32 is clearly (if you have enough lawyer money, which they do) just an unlicensed copy of Windows, since it's from Windows that that facility was copied. And since there are regular security issue updates to Linux distros to stop bad things from hapsening, Linux is also malware. Your documents created with Not-Microsoft Office but using the Microsoft document format (one of them), which is a trade secret as we all know, are clearly illegal as well. And also malformed, which is the kind of document that usually introduces a virus to your computer. It is for your own good that they will be deleted. Or so they will say.

              You can however tell -some- parts of Microsoft Windows -not- to phone home and tell Jeff Bridges (the non-old evil one) everything you are doing on their computer - but does that arouse their suspicion and get them interested in you? It will.

              Anyway... we started this because someone said that Microsoft doesn't have the means or legal authority to e.g. disable that Al Qaeda rootkit that overclocks every American and Israeli DVD laser into a death ray (or makes it blind you at least), and I'm saying that they do have the means and authority - at least, if you updated from Windows XP with its more primitive licence, and Internet Explorer 6, and so forth. They -won't- do it, but they -could-.

              And this is why you MUST read that licence if you intend to use the software. (Unless you got ta cracked copy. Duh.)

    4. Chemist

      "That's something for Linux users to think about,"

      I thought about it - a long time ago - Microsoft's cr*p doesn't go near my systems.

  12. MrT


    "...the malware exploited known vulnerabilities that had been patched in Android versions 2.2.2 and higher"

    Hence the reason that Android should be able to update independently and not be reliant on manufacturer or teleco gloss/tripe/foistware etc. to be added before it arrives on handsets.

    It looks like HTC will be releasing 2.3.x for all 2.x handsets in Q2 this year, but from the same source the news that T-Mobile (for example) will probably not pass on the upgrade to their locked-in handsets if they are over a year old. Still, since the last update for UK Desirtes was stuffed full of Germany-only apps, that might not be a bad thing...

    "Gold card - unrEVOked - Titanium or My Backup - Oxygen or DevNul" sounds like the way forward, or just unhitch the teleco stuff and join the stock HTC route.

    It should not be forced upon end users to do this for a security patch though.

  13. Anonymous Coward
    Anonymous Coward

    Whinge whinge whinge

    It's removed without choice so that users can't continue to share the app/virus. Otherwise they'd have to keep sending out messages to handsets as it was passed around.

    Do the people commenting on these stories have any idea about technology, or even own an Android handset?

    1. Anonymous Coward
      Thumb Down


      Do you own an Android handset? Who passes apps around? They download them from the Android market.

  14. Anonymous Coward
    Big Brother


    The fact that Google has a direct connection to each and every handset worries me greatly.

    On the one hand, it is undoubtedly awesome that you can login to a website on any device and automagickally install software on your phone the flipside is Google, and by association anyone that has/gains access to it, can install/uninstall and generally do anything with what is, or should be, your property.

    What happens when a disgruntled employee (even google must have those) decides to remote brick a bunch of phones out of spite? Or when something inevitably goes wrong and instead of uninstalling malware app X they reset the firmware to its factory state?

    To whom does the customer complain to then? The telco they bought the phone with? "Google did it." To google? "Support comes from the telco you bought the handset from Sir."

    1. Munchausen's proxy
      Black Helicopters

      Not just disgruntled employees

      "What happens when a disgruntled employee (even google must have those) decides to remote brick a bunch of phones out of spite?"

      Or when someone from a government agency, or even a consultant working for a government agency, puts a quiet word in Google's ear, and you find (or more accurately, don't find) the microphone activated at times when you wish it weren't.

  15. billranton

    I love my n900

    It's a shame that maemo/meego doesn't seem to have a future anymore, because you'd never get this sort of rubbish going on in that. Could you all please run out and buy one quickly while you still can?

  16. Anonymous Coward
    Anonymous Coward

    But will Google be contacting the users who were affected?

    Some people might not notice a missing app.

  17. Highlander

    So, Google has a rootkit on the android phone...

    Hang on a moment. Sony was recently faced with incredible outrage because they had the temerity to enable more secure authentication on the PS3 by allowing PSN to remotely initiate security checks on logon.

    Here Google are going several steps further allowing them to at will remotely remove and/or install applications and patches on your android phone. At least Sony makes user agree to the update before installing it. Where the hell is the outrage over this? Where are the screaming headlines about google installing a rootkit in Android? Where is the army of hacker apologists lining up to take their kick at the object of annoyance?

    Oh, wait, Android must be a media darling and not a media chew toy.

    Curious to see such a double standard at work here at The register.

    1. Highlander

      Fandroids indeed...

      I guess the anonymous cowherd below me is correct, it appears that the same two fandroids took exception to a knock against the new Google-eyed overlords.

  18. Anonymous Coward

    Love it...

    All the fandroids lining up to try and claim that somehow this is a good thing. At the end of the day your open platform is open right enough. Open to exploitation by virus writers. I'll stick to my walled garden thanks.

  19. Steven Knox
    Thumb Down


    "According to Google, the malware exploited known vulnerabilities that had been patched in Android versions 2.2.2 and higher."

    If they have the power to remotely remove software, doesn't Google have the ability to remotely install software ... like security patches?

    This "killswitch" does have its place -- but it shouldn't have even been developed until after responsible patching mechanisms were in place, and it should ALWAYS require consent of the user before doing anything.

  20. Rupertdenies

    eek, a Google government

    Hear ye, hear ye o citizens of Google; The good government of Google has decided that it needs to protect it's citizens from the evil forces of other entities having access to your personal details. Instead they would like to have exclusivity to that, and decide for you what is good for you, and what isn't.

    I'd like to see you try access my tracfone Google- HAH

  21. D. M
    Paris Hilton

    How does it work?

    Does anyone knows exactly how this killing switch works? I have a feeling it is not as powerful as many iPhans claim to be. Most likely it is for apps downloaded from Google market. Outside market, I doubt it would work.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019