Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Pulls 21 Malware Apps From Android Market

Posted by CmdrTaco on from the steve-jobs-is-laughing dept.

Hugh Pickens writes writes "CNN reports that Google has pulled 21 free apps from the Android Market that, according to the company, are aimed at gaining root access to the user's device, gathering a wide range of available data, and downloading more code without the user's knowledge. Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users. The apps are all pirated versions of popular games and utilities which once downloaded, root the user's device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID, and finally act as a wide-open backdoor for your device to quietly download more malicious code. 'If you've downloaded one of these apps, it might be best to take your device to your carrier and exchange it for a new one, since you can't be sure that your device and user information is truly secure,' writes Jolie O'Dell. 'Considering how much we do on our phones — shopping and mobile banking included — it's better to take precautions.'"

16 of 242 comments (clear)

  1. Exchange by Andy+Smith · · Score: 4, Insightful

    "it might be best to take your device to your carrier and exchange it for a new one"

    Yeah good luck with that.

    1. Re:Exchange by tehcyder · · Score: 3, Interesting

      You may not earn £100 for yourself, but your employer might bill your time with customers at £100/hour.

      If you're being charged out at £100/hour you are probably earning about a third of that, going by the professional rule of thumb of one third salary one third overheads and one third profit.. £33/hour is about £60K/year, which sounds more likely than £200K.

      Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    2. Re:Exchange by fidget42 · · Score: 4, Funny

      Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.

      The sad part of that statement is that a programmer who earns $10M (I assumed you didn't mean milli) a year still has to get a hooker in order to meet women.

      --
      The dogcow says "Moof!"
  2. What is up with Android malware? by Anonymous Coward · · Score: 4, Insightful

    I keep reading stories about Android malware. Why does Android attract more malware than any other phone platform?

    I'm curious. It doesn't have the largest marketshare, so that argument is moot.

    1. Re:What is up with Android malware? by clang_jangle · · Score: 4, Insightful

      It's a relatively open platform, which makes it easier to dupe users into installing trojans. The thing that troubles me is that google doesn't vet the apps before they're published, leaving a lot of users vulnerable. There's surely a better middle ground between "walled garden" and "wide open wild west".

      --
      Caveat Utilitor
    2. Re:What is up with Android malware? by netsharc · · Score: 3, Insightful

      How about just having a proper security system...

      BlackBerries ask you for each privileged task the app wants, whether you want to always allow that task, always deny, or prompt when the app needs it...

      --
      What time is it/will be over there? Check with my iPhone app!
    3. Re:What is up with Android malware? by Mr_Silver · · Score: 4, Insightful

      It's a relatively open platform, which makes it easier to dupe users into installing trojans. The thing that troubles me is that google doesn't vet the apps before they're published, leaving a lot of users vulnerable. There's surely a better middle ground between "walled garden" and "wide open wild west".

      The other issue is that the way the application presents the security access it needs is, for the average user, completely confusing. You install an app and it gives you a list of 7 things it needs to do including things like "read phone state" and "access internet".

      For overly simple apps it may be possible for something like "access contacts data" to be picked up as nefarious by the end user - but in the vast majority of cases there is a long list of permissions and the users are given no real help in understanding what it all means. As such, they blindly accept what is presented to them because they don't understand what the phone is trying to tell them.

      (Hell, if I were to decline to install any apps where I didn't fully understand the access it was asking for I don't think I'd have anything installed on my device)

      In short, whilst you cannot stop stupidity, there are some pretty major flaws in the user experience which isn't exactly helping people.

      --
      Avantslash - View Slashdot cleanly on your mobile phone.
    4. Re:What is up with Android malware? by babblefrog · · Score: 4, Informative

      Android does that already, essentially. This particular malware exploited OS bugs that have been known about forever, bypassing the security system. They are already fixed in the latest version of Android. The problem is that Motorola, HTC, Samsung, AT&T, T-Mobile, Verizon, etc aren't letting you have the latest version of Android, because up until now they have had no incentive to push out new versions to handsets. If it were Microsoft leaving known vulnerabilities unpatched, they would rightly be raked over the coals, and these companies should be too!

  3. Attention: by Anonymous Coward · · Score: 5, Funny

    "Please use only the official Google applications for harvesting your personal information."

  4. What about a full list? by jesseck · · Score: 4, Informative

    The first link has a partial list (17) of the apps which were pulled- here is a full list of apps from publisher Myournet (from this site: * Falling Down * Super Guitar Solo * Super History Eraser * Photo Editor * Super Ringtone Maker * Super Sex Positions * Hot Sexy Videos * Chess * _Falldown * Hilton Sex Sound * Screaming Sexy Japanese Girls * Falling Ball Dodge * Scientific Calculator * Dice Roller * * Advanced Currency Converter * App Uninstaller * _PewPew * Funny Paint * Spider Man *

  5. Re:This is one reason why I have an iPhone by Psiren · · Score: 3, Interesting

    but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.

    That's a "famous last words" just waiting to happen. Yes, it's arguably more unlikely. But to say it won't ever happen is just dumb.

  6. Re:iPhone suddenly looks wise by teh31337one · · Score: 3, Interesting

    Just because that one website displayed a prompt, and let you know what it was doing, doesn't mean others will. Stuff can get by Apple's review system too. http://www.engadget.com/2010/07/20/handy-light-for-iphones-dirty-little-secret-tethering-video/4

  7. Re:This is one reason why I have an iPhone by blahbooboo · · Score: 3, Insightful

    but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.

    That's a "famous last words" just waiting to happen. Yes, it's arguably more unlikely. But to say it won't ever happen is just dumb.

    Sure it can happen. But unlike the Google store, at least in theory, Apple actually reviews each app and supposedly does basic analysis and testing. Simple solution, Google should have an option or something in their store to have the app verified as passing some sort of bare minimum testing for safety and security. Google Android isn't so perfect it can't learn from others...

  8. So... by bhunachchicken · · Score: 3, Funny

    "Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users"

    Bet that remote kill and remove ability that some people were bitching about a few months back isn't looking like such a bad thing right now, is it?

    --
    THE HONOUR OF THE KNIGHTS - CC Licensed Sci-Fi Novel
  9. Re:Drivers, not auto mechanics by Skuld-Chan · · Score: 4, Informative

    The thing is - the free market takes care of you in situations like this. Those apps - I'm sure had 1 or 2 stars and market reviews along the lines of "malware" - plus the reviews I'm sure were not all that great either "Japanese screaming sexy girls" may have been popular, but its hard to mistake for anything serious like a SSH tool.

    I know the CNN article said they were popular apps, but they never showed up on the marketplace home page and I've never heard of them (I've been using Android since the G1).

    Also I should mention - even Apple has been a victim of malware. They themselves were shocked to notice that a company had been collecting information on internal iOS builds - they then changed the rules about what kinds of metrics apps could collect on the phone. There was that screensaver that made it onto the app store that was also a teathering tool. Apple isn't infallible when it comes to app use or claims.

    Google really does have our back on this one ;).

  10. Re:This is one reason why I have an iPhone by Skuld-Chan · · Score: 5, Informative

    Apple has let things slip through. Here's some examples:

    http://www.macworld.com/article/152835/2010/07/iphone_flashlight_tethering.html > app allows tethering as a hidden feature to being a flashlight tool.

    http://www.appleinsider.com/articles/10/06/02/flurry_modifies_data_collection_after_being_called_out_by_steve_jobs.html > Apple themselves being surprised that Flurry was collecting info on prototype versions of iOS...

    There might be more - but in both these situations here are applications doing something that Apple didn't know they were doing and they were screened applications.