Google pulls Market apps with root exploit -- one patched in AOSP,
Wildman
Legend

Here is some information that needs to be brought to the attention of anyone that hasnt hear about this...  

 

http://www.androidcentral.com/google-pulls-market-apps-root-exploit-one-patched-aosp-you-probably-di...

 

Someone contacted Android Police with a list of applications that contain malicious code to root your device, and this has resulted in Google using the kill-switch and  pulling 21 applications from the Market (and users phones).  Here's the list of affected applications according to Android Police:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

All the apps were published by Myournet to the Android Market.  The apps use the rageagainstthecage exploit to root your phone (or tablet), which opens the door for the app to do anything with your data -- like send it to a remote server.  Of course with root it can do much worse as well. 

If you installed any of these applications, they should have been pulled off your phone, but that's not enough.  You need to do a full system wipe and reset your phone completely, the data wipe and reset from settings may not be enough.  This means ODIN, RUU's, .sbf files or a trip to your carrier store if this is beyond your capabilities.  The call to our forum moderators and advisers is out, and we're going to try and help as much as we can.

Perhaps the worst part of the whole situation is that this exploit has been patched by Google.  Starting with 2.2.2, AOSP has been fixed to halt this exploit, and with Gingerbread it no longer works at all.  This puts the need for quick carrier updates in an entirely new perspective, as potentially 50,000 users are affected because they are still running old versions of the OS.  I'm all for an open Market, but something has to be done, and it will have to start at the top in Mountain View. [Android Police]

0 Likes
1 Solution

Correct answers
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
Wildman
Legend

 


pool_shark wrote:

 

OOOooooooo, you said root.

 


 

:smileyvery-happy: Yes I did :smileytongue::smileysurprised::smileyvery-happy:


A exploit that can root device without your knowledge can lead to some real issues, but as long as the device has 2.2 already installed the device should be safe but this is still a good thing to know and watch for.

 


AZSALUKI wrote:

i have 2.2........should i have 2.2.2????


No but you should have 2.2.1 which is the most recent version.

 

View solution in original post

0 Likes
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
gerio
Specialist - Level 2

Man...It's a new day in the neighborhood (but not unexpected, I suppose). 

 

More proof that ya just can't have nothin'....:smileymad:

 

Geri O

0 Likes
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
AZSALUKI
Legend

a bit off topic, but sort of related:

 

http://www.androidcentral.com/another-trojan-found-pirated-android-apps

 

i came across this the other day. the moral of the article is to those of you using sites with free (pirated) apps that should be paid apps, don't come crying to us when this happens to you. pay the $1-2 for the original app from the developer, if that is what it costs!!!! i don't judge and don't really care what you do.....just don't complain when you get what should be a good app, but infects your device.

0 Likes
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
mdram4x4
Champion - Level 1

 


AZSALUKI wrote:

a bit off topic, but sort of related:

 

http://www.androidcentral.com/another-trojan-found-pirated-android-apps

 

i came across this the other day. the moral of the article is to those of you using sites with free (pirated) apps that should be paid apps, don't come crying to us when this happens to you. pay the $1-2 for the original app from the developer, if that is what it costs!!!! i don't judge and don't really care what you do.....just don't complain when you get what should be a good app, but infects your device.


 

yep, its all about common sense.  pirated pc apps also contain many virus's

 

the more an os grows in popularity the more people try to hack it.

thats why windows has more viruses then linux or macs.  you target the masses

0 Likes
UPDATED: Google pulls Market apps with root exploit -- one patched in AOSP,
Wildman
Legend

Google late Saturday night publicly revealed the action it has taken in the wake of a number of malicious applications that were lurking not so quietly in the Android Market. As you'll recall, some 21 apps from a single developer were found to be collecting and sending device IDs (IMEI codes) and Android versions, but the exploit left users open to worse attacks. Here's the short version of what Google's done since being alerted March 1:

  • The apps were removed from the Market, developer accounts banned and law enforcement notified.
  • Google is remotely removing the malicious applications from infected phones. (That's a feature Google has its disposal, and has used in the past.)
  • Google is pushing an update to undo the security exploits that allowed these malicious apps to work in the first place.
  • Google is "adding a number of measures to help prevent additional malicious applications using similar exploits from being distributed through Android Market."

A couple things to note here: If you are running Android 2.2.2 or higher, you don't have these security vulnerabilities. If you were affected, you'll be getting an e-mail from Google (android-market-support@google.com) explaining things, and you'll be getting an Android Market Security Tool 2011 app to patch the exploits.

So the barn door's been closed, folks. Google says it's taking additional steps to keep this sort of thing from happening again. That's not to say it won't happen -- by nature, attacks will continue. But good on Google for explaining exactly what happened, and what's being done in the aftermath. [Google Mobile Blog]

0 Likes
Re: UPDATED: Google pulls Market apps with root exploit -- one patched in AOSP,
AZSALUKI
Legend

i have 2.2........should i have 2.2.2????

0 Likes
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
pool_shark
Specialist - Level 1

 


Wildman wrote:

Here is some information that needs to be brought to the attention of anyone that hasnt hear about this...  

 

http://www.androidcentral.com/google-pulls-market-apps-root-exploit-one-patched-aosp-you-probably-di...

 

Someone contacted Android Police with a list of applications that contain malicious code to root your device, and this has resulted in Google using the kill-switch and  pulling 21 applications from the Market (and users phones).  Here's the list of affected applications according to Android Police:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠

All the apps were published by Myournet to the Android Market.  The apps use the rageagainstthecage exploit to root your phone (or tablet), which opens the door for the app to do anything with your data -- like send it to a remote server.  Of course with root it can do much worse as well. 

If you installed any of these applications, they should have been pulled off your phone, but that's not enough.  You need to do a full system wipe and reset your phone completely, the data wipe and reset from settings may not be enough.  This means ODIN, RUU's, .sbf files or a trip to your carrier store if this is beyond your capabilities.  The call to our forum moderators and advisers is out, and we're going to try and help as much as we can.

Perhaps the worst part of the whole situation is that this exploit has been patched by Google.  Starting with 2.2.2, AOSP has been fixed to halt this exploit, and with Gingerbread it no longer works at all.  This puts the need for quick carrier updates in an entirely new perspective, as potentially 50,000 users are affected because they are still running old versions of the OS.  I'm all for an open Market, but something has to be done, and it will have to start at the top in Mountain View. [Android Police]


OOOooooooo, you said root.

 

0 Likes
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
Wildman
Legend

 


pool_shark wrote:

 

OOOooooooo, you said root.

 


 

:smileyvery-happy: Yes I did :smileytongue::smileysurprised::smileyvery-happy:


A exploit that can root device without your knowledge can lead to some real issues, but as long as the device has 2.2 already installed the device should be safe but this is still a good thing to know and watch for.

 


AZSALUKI wrote:

i have 2.2........should i have 2.2.2????


No but you should have 2.2.1 which is the most recent version.

 

0 Likes
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
B33
Legend

Wildman you so cool Like the Fonz When he would say Hey! :smileytongue::smileyvery-happy::smileywink:

0 Likes
Re: Google pulls Market apps with root exploit -- one patched in AOSP,
AZSALUKI
Legend

 



AZSALUKI wrote:

i have 2.2........should i have 2.2.2????


No but you should have 2.2.1 which is the most recent version.

 


mine just says "2.2"??? how do i get 2.2.1?

 

0 Likes