Yesterday a questionable report from SMobile Systems was released talking about Android security and how a fifth of Android apps pose security risks. The methodology behind this report has pretty much been ridiculed throughout the Blogosphere, though quite a few publications covered it. CNET even went so far as to retract the report.
Google’s Jay Nancarrow told WebProNews, "This report falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious."
Even still, today Android has taken the initiative to have a couple of (intentionally) questionable apps removed from the Android Market. Android Security Lead Rich Cannings writes:
Every now and then, we remove applications from Android Market due to violations of our Android Market Terms of Service or Content Policy. In cases where users may have installed a malicious application that poses a threat, we’ve also developed technologies and processes to remotely remove an installed application from devices. If an application is removed in this way, users will receive a notification on their phone.
Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission.INTERNET. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.
Google used its remote application removal feature to "clean up" any remaining installed copies of the apps.