More Malicious Apps Found On Google Play

suraj.sun writes "We've seen quite a few Android malware discoveries in the recent past, mostly on unofficial Android markets. There was a premium-rate SMS Trojan that not only sent costly SMS messages automatically, but also prevented users' carriers from notifying them of the new charges, a massive Android malware campaign that may be responsible for duping as many as 5 million users, and an malware controlled via SMS. Ars Technica is now reporting another Android malware discovery made by McAfee researcher Carlos Castillo, this time on Google's official app market, Google Play, even after Google announced back in early February that it has started scanning Android apps for malware. Two weeks ago, a separate set of researchers found malicious extensions in the Google Chrome Web Store that could gain complete control of users' Facebook profiles. Quoting the article: 'The repeated discoveries of malware hosted on Google servers underscore the darker side of a market that allows anyone to submit apps with few questions asked. Whatever critics may say about Apple's App Store, which is significantly more selective about the titles it hosts, complaints about malware aren't one of them.'"

Re:Happening on App Store too

[chrb]

It's the same problem. From ArsTechnica:

"Google has removed at least 15 Android apps from its official Play market after receiving outside reports they were malicious trojans that siphoned names, telephone numbers of email addresses of every person in the phone's contact list.

..In the background and without warning, they also obtained the phone number and a unique identifier of the infected device and sent the information in clear text to a remote server under the control of the software developers. "

Which is exactly what some iOS apps are also doing. This is not an Android specific problem.