Google Android App Malware Update

Tagged: , , , , , , , ,

Google App Malware Update

It seems that since our last post about the Google android app marketplace allowing malware to be downloaded, the same thing has happened yet again in a matter of days.

We are naming and shaming the apps here and also asking questions over what Google intends to do in the future to stop the Android app marketplace being infiltrated by malware infected apps that have nasty/dubious elements contained within them.

The apps that have recently been removed include:

[arrowlist]

  • Bubble Buster
  • Scientific Calculator
  • Quick FallDown
  • Best Compass & Leveler Note:

[/arrowlist]

Caution – beware of similar sounding illegitimate apps named closely after established safe apps!

Just a note of caution here, the developer who appears to be doing much of the nasty work is called “Mobnet” and was behind the first wave of the DroidDream virus back in March and he has seemingly resorted to tactics such as releasing a similar closely sounding app to a legitimate one, just to add to confusion and concern for unsuspecting Android app users.

In this case there is a legitimate application with the package name something similar to that of Best Compass & Leveler.

The nasty Trojanized application simply but sneakily capitalizes the application package name (i.e. com.gb.CompassLeveler), while the legitimate application does not (i.e. com.gb.compassleveler).

Not the easiest to spot when you have no warning I must say!

Stark warning for Android users:

A leading security firm has said stealing bank details by fraudulent app submissions and subsequent download and use would be almost trivial to accomplish on the Android market.

I have to say if this is true, and I assume this essentially has to be true as Google Android simply do not check whatsoever once you submit the app (tested by my myself and available here: Mobile News App) then the security fears of Android users like myself are fully justified, this is not good at all Google.

The mobile inquirer app was available within seconds of publishing via a third party developer, now I do not develop apps myself but assume that if we already have malware already getting into the marketplace, then this policy of safe until proven otherwise is seriously flawed.

It is a major gripe of mine since moving from an iPhone 3G to a fantastic Samsung S2. As a user of Apple most of my life (well 10 + years anyway) I have enjoyed not having to worry about issues related to security, and I enjoyed the same privilege using my iPhone, blissfully.

While I do not worry too much about the Android marketplace currently as I am relatively switched on with security, the truth is anyone can become a victim if developers of malware are copying names of legitimate apps, seriously Google take note now.

Your thoughts on security in the Android app marketplace

What are you thoughts on this, is the Android marketplace rife for developers of dodgy apps, and will it eventually lead to a major security risk with people losing their credit card and bank details to these developers, all because Google will not put in place some kind of safety screening system?

Or is the openness of the marketplace something to embrace and the pains of having occasional malware of whatever variety appearing now and again just a fact of life for which we all simply need to take more precaution over….I do not think so at all personally…time for a system to be put in place…but open to discussion as always!

Anthony Munns