While I love Google, I do not love their need to compete with Apple in terms of number of applications their phones have, so that they can compare with the iPhone. I mentioned a year ago that there was going to be problems with them allowing pretty much every app to be auto-accepted and put up onto their marketplace.
Now Google has pulled 21 applications today, more on the way, that have been found to contain a Trojan virus, collecting information and data from your phone and sending it onto private servers for whatever they feel the need to use it for. Your number, your friends’ numbers, your web browsing habits, all owned by random companies that will do nothing short of misuse and abuse your calendar appointments and schedules, addresses, etc.
The applications in question on the Android Marketplace contain an exploit that, when downloaded, automatically root the Android handset. Not only that, they also contain an embedded .apk file that can accept remote code and upload device information (like your IMEI) to a server in California. The malicious bundles were published by user Myournet and some of the individual applications have been downloaded over 50,000 times each. Once alerted of the potential malware, Google investigated and removed the code from the Market and users handsets. Unfortunately, that doesn’t have any effect on data already compromised by downloaders of the rogue applications. Google has yet to publicly comment on the incident.