Google has pulled more than 50 apps from its Android Market after learning from Android enthusiast site Android Police that they contained dangerous malware called DroidDream. The malware steals info from your phone, including your mobile provider and user ID. But it also has the ability to download other code, and it's not clear at this point what that code might be capable of doing.
Phones running Android 2.3 are immune. Unfortunately, most phones use earlier versions of the Android operating system and are vulnerable to this malware attack. Some models might ultimately be upgraded to version 2.3, but the rollout of those upgrades is determined by Google and the carriers on a model-by-model basis.
More than 50,000 Android phone users downloaded the apps, which come from three publishers: Myournet, KingMall2010, and we20090202. They range from a chess game to a guitar-playing app to several pornography apps. Many, like the guitar app, imitate legitimate apps from other publishers that aren't dangerous. Mobile-security company Lookout published a complete list of all the affected apps.
If you've downloaded any of the apps on the list, you might want to try to clean your device up with a copy of Lookout, a free security app whose publisher that says it's already updated its software to protect users from DroidDream. (Consumer Reports hasn't tested this app).
We've already advised against downloading apps from unofficial third-party markets, but there's more you can do. Check the permissions an app lists before you install it (although in this case, the apps apparently went beyond what the stated permissions allowed); download only apps that have been downloaded by large numbers of other users (again, not foolproof here because it seems many users were duped by these apps); and read user reviews before installing an app.
What makes Google's Android Market appealing is its open nature, providing more variety to users and making it easy for developers to make new products available. But that openness also leads to vulnerability. Apple, on the other hand, has been criticized for following a "walled garden" model with its app store, but the advantage of its more restricted approach is better security. Google might need to find a middle ground where it provides better vetting before allowing apps to be posted on its market.