Before these 21 apps were removed, they were downloaded between 50 000 and 200 000 times for four days, and the security breakthrough became known only after a vigilant Androider informed Google about the problem.
The situation is described in the following way:
"[a publisher has taken]… 21 popular free apps from the market, injected root exploits into them and republished."
One of the apps (full list below) is called Chess, but despite its name, the actual app has nothing to do with the ancient Indian game.
These apps use the "rageagainstthecage" root exploit to gain root access, and there is a separate APK that steals the product ID, model, partner, language, country and userID. Worst of all, though, is their ability to download more unknown code, that's likely harmful for your phone and the security of your data.
Since then, Google has pulled out these 21 apps and has remotely removed them from the infected phones, but unfortunately, there is no way to wipe out the code that was subsequently downloaded.
Only yesterday we told you about a similar Android scare, so it seems that Google would have to go a long way before its mobile OS is actually secure. The full list of dangerous apps is here, and take into account they were all published by a company called Myournet:
- Falling Down
- Super Guitar Solo
- Super History Eraser
- Photo Editor
- Super Ringtone Maker
- Super Sex Positions
- Hot Sexy Videos
- Hilton Sex Sound
- Screaming Sexy Japanese Girls
- Falling Ball Dodge
- Scientific Calculator
- Dice Roller
- Advanced Currency Converter
- App Uninstaller
- Funny Paint
- Spider Man
source: Android Police