Google Pulls 21 Malware Apps From Android Market

Hugh Pickens writes writes "CNN reports that Google has pulled 21 free apps from the Android Market that, according to the company, are aimed at gaining root access to the user's device, gathering a wide range of available data, and downloading more code without the user's knowledge. Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users. The apps are all pirated versions of popular games and utilities which once downloaded, root the user's device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID, and finally act as a wide-open backdoor for your device to quietly download more malicious code. 'If you've downloaded one of these apps, it might be best to take your device to your carrier and exchange it for a new one, since you can't be sure that your device and user information is truly secure,' writes Jolie O'Dell. 'Considering how much we do on our phones — shopping and mobile banking included — it's better to take precautions.'"

What about a full list?

[jesseck]

The first link has a partial list (17) of the apps which were pulled- here is a full list of apps from publisher Myournet (from this site [androidpolice.com]: * Falling Down * Super Guitar Solo * Super History Eraser * Photo Editor * Super Ringtone Maker * Super Sex Positions * Hot Sexy Videos * Chess * _Falldown * Hilton Sex Sound * Screaming Sexy Japanese Girls * Falling Ball Dodge * Scientific Calculator * Dice Roller * * Advanced Currency Converter * App Uninstaller * _PewPew * Funny Paint * Spider Man *

Re:Drivers, not auto mechanics

[Skuld-Chan]

The thing is - the free market takes care of you in situations like this. Those apps - I'm sure had 1 or 2 stars and market reviews along the lines of "malware" - plus the reviews I'm sure were not all that great either "Japanese screaming sexy girls" may have been popular, but its hard to mistake for anything serious like a SSH tool.

I know the CNN article said they were popular apps, but they never showed up on the marketplace home page and I've never heard of them (I've been using Android since the G1).

Also I should mention - even Apple has been a victim of malware. They themselves were shocked to notice that a company had been collecting information on internal iOS builds - they then changed the rules about what kinds of metrics apps could collect on the phone. There was that screensaver that made it onto the app store that was also a teathering tool. Apple isn't infallible when it comes to app use or claims.

Google really does have our back on this one ;).

Re:This is one reason why I have an iPhone

[Skuld-Chan]

Apple has let things slip through. Here's some examples:

http://www.macworld.com/article/152835/2010/07/iphone_flashlight_tethering.html [macworld.com] > app allows tethering as a hidden feature to being a flashlight tool.

http://www.appleinsider.com/articles/10/06/02/flurry_modifies_data_collection_after_being_called_out_by_steve_jobs.html [appleinsider.com] > Apple themselves being surprised that Flurry was collecting info on prototype versions of iOS...

There might be more - but in both these situations here are applications doing something that Apple didn't know they were doing and they were screened applications.

Re:What is up with Android malware?

[babblefrog]

Android does that already, essentially. This particular malware exploited OS bugs that have been known about forever, bypassing the security system. They are already fixed in the latest version of Android. The problem is that Motorola, HTC, Samsung, AT&T, T-Mobile, Verizon, etc aren't letting you have the latest version of Android, because up until now they have had no incentive to push out new versions to handsets. If it were Microsoft leaving known vulnerabilities unpatched, they would rightly be raked over the coals, and these companies should be too!