Android root exploit likely affected 100k+ before Google response

Malware is nothing new in the Android Market, but most of the threats have been minimal and fairly easy to spot with a keen eye. Now, however, a new and very serious threat has been detected by an Android app developer whose creation was targeted by scammers as a front for their data-stealing code. And according to that developer, Google took a full week to respond to alerts regarding those threats.

The malware is called “DroidDream”, and was reportedly discovered by the developer when he noticed that someone had pirated a copy of his app and posted it to the Android Market. It didn’t take much investigating on his part to find even more affected apps.

Android root exploit likely affected 100k+ before Google response

“I randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be,” said the developer, who goes by the name Lompolo on Reddit.

“Super Guitar Solo, for example, is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APKs [Android Package files], they both contained what seems to be the ‘rageagainstthecage’ root exploit,” Lompolo posted.

That root exploit actually roots the victim’s device, sends sensitive information back to a remote server, and also opens a back door for the opportunity to gather even more data. By early this week, over 50 apps by a few different developers were found to be pirated with the “DroidDream” exploit, and warnings began circulate from the major tech security firms.

Google has subsequently removed the infected apps from the marketplace, however, the developer claims that he had informed the company a full week before the company took any action to minimize the spread of the threat. And in that time, he says that there were “50k-200k downloads combined in 4 days.” That means that by the time the apps were removed, there could have been nearly 400,000 devices infected by the malware.

As an Android phone owner, I’ve been concerned over the increasing number of threats present in the Android Market, and have heard fellow Droid users voice their own concerns regarding their impressions that Google seemed to be doing little about it.

While there may have been an issue with the communication channels Lompolo used to share his concerns with Google, it’s clear that the company needs to establish a better way for developers and users to share these types of concerns and identify threats so that hundreds of thousands of devices are not exploited before the issues are resolved.