Google Says 260,000 Phones Hacked by Dodgy Android Apps

Google has admitted that up to 260,000 of its handsets were infected by malware contained in rogue apps downloaded from Android Market, according to a report in this morning’s Metro. The report says that Google activated a remote “kill” switch to delete up to 58 free, rogue apps on the infected phones to solve the problem.

The apps, which included titles such as Photo Editor, Super Guitar Solo and Sexy Legs, were infected with DroidDream malware, which could be used to access personal data, send spam texts, or call premium rate numbers. Google says it believes that the only information the attacker(s) were able to gather was device-specific, IMEI/IMSI codes which are used to identify mobile devices, and the version of Android running on the device).

The vulnerability to this type of attack was fixed with the release of Android V2.2.2, but since Android device owners are not encouraged to update their software, the majority of Android phones remain vulnerable. The root of the problem is the lack of vetting for apps on Android Market, in stark contrast to the control Apple exerts over apps for its iOS platform.

You can read Google’s response to the security issue in a blog post here.