To prove the concept works, Jon Oberheide created an app that pretended to be new game levels for the popular game Angry Birds. Those who downloaded the fake app also had three additional apps installed.
However, the apps were not malicious, Jon Oberheide only wanted to prove how easy it is to perform and that it is entirely possible to use the same method to install malicious apps on an Android phone.
Google acted quickly on the news and removed Jon Oberheide’s app from the Android Market yesterday. In addition, Google has released an update to Android that closes the current security hole.
One problem with Android is that most updates to the operating system must be customized by the mobile phone manufacturer. This means that it can sometimes take several months for a bug fix to reach end users.
– Since updates for mobile phones usually take longer to be released than for PCs, it can sometimes take a long time from the time a security hole is discovered until the users have been protected. It can be anything from weeks to several months, says Kevin Mahaffey of the security company Lookout to Cnet.