The applications took advantage of known vulnerabilities which don’t affect Android versions 2.2.2 or higher. For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).


1.We removed the malicious applications from Android Market, suspended the associated developer accounts, and contacted law enforcement about the attack.


2.We are remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.


3.We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices. If your device has been affected, you will receive an email from over the next 72 hours. You will also receive a notification on your device that “Android Market Security Tool March 2011” has been installed. You may also receive notification(s) on your device that an application has been removed. You are not required to take any action from there; the update will automatically undo the exploit. Within 24 hours of the exploit being undone, you will receive a second email.

他們也發布了Market更新給所有受感染的裝置,所以受感染的裝置在未來72小時內會收到來自android-market-support@google.com的一封信,你也會在裝置上收到Android Market Security Tool March 2011的已安裝通知,還會收到程式已移除的通知,你不需要做任何動作,這更新會自動完成佈署,在佈署24小時內,你會收到第二封信件。

4.We are adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market and are working with our partners to provide the fix for the underlying security issues.



創作者 柚子 的頭像


柚子 發表在 痞客邦 留言(0) 人氣()