More Malicious Apps Found On Google Play 143
suraj.sun writes "We've seen quite a few Android malware discoveries in the recent past, mostly on unofficial Android markets. There was a premium-rate SMS Trojan that not only sent costly SMS messages automatically, but also prevented users' carriers from notifying them of the new charges, a massive Android malware campaign that may be responsible for duping as many as 5 million users, and an malware controlled via SMS. Ars Technica is now reporting another Android malware discovery made by McAfee researcher Carlos Castillo, this time on Google's official app market, Google Play, even after Google announced back in early February that it has started scanning Android apps for malware. Two weeks ago, a separate set of researchers found malicious extensions in the Google Chrome Web Store that could gain complete control of users' Facebook profiles. Quoting the article: 'The repeated discoveries of malware hosted on Google servers underscore the darker side of a market that allows anyone to submit apps with few questions asked. Whatever critics may say about Apple's App Store, which is significantly more selective about the titles it hosts, complaints about malware aren't one of them.'"
Except (Score:4, Insightful)
>complaints about malware aren't one of them
So the ones that raid your contacts and send the information to persons unknown are fine?
It drives me crazy (Score:5, Insightful)
Why can't they offer a vetting process for apps? Not everything needs the "Google seal of approval", but having a google verified or trusted apps icon appear on an app might alleviate some of the problems, or at least the perception of the google market store (I can't call it google play store, it's just stupid) being a haven for malware and cheap ripoffs.
In fact, this could be a policy that a third party app store could institute. It would be interesting to see it happen, as they could potentially become more popular than Google's own store.
Re:Except (Score:3, Insightful)
I've never seen or installed such an app on my iOS devices. I'm sure if I spent some time searching the Slashdot archives, there'd be at least one article; I'm sure the apps do exist. (And are no longer on the app store today). However, these articles about Android malware are weekly, or more often. Google needs to shut it all down, and then relaunch Play where all apps are properly vetted.
Would that destroy the "freedom" concept? Maybe, but such an idea just doesn't work. Would you run any random Windows app on a Windows machine without an antivirus? Android has a massive smartphone share, and it's thusly going to be targeted. Imagine a 1997 where 40% or more all computers sold came with Mac OS or Redhat. Do you think that today we'd know those platform as untargeted by malware? Of course not. Either Google needs to lock things down, or we'll start seeing Norton or McAfee on the phones within the year.
Happening on App Store too (Score:5, Insightful)
Re:It drives me crazy (Score:2, Insightful)
Oh bull. Google isn't letting malware into their store so a few more handsets will show ads.
Shit just slips through.
And Apple addressed it (Score:4, Insightful)
Apple: App Access to Contact Data Will Require Explicit User Permission [allthingsd.com]
I guess you forgot that part.
And the part about how these apps weren't "malware", irrespective of whether they were doing something previously allowable without explicit user permission.
So it's not at all accurate to say that it's "happening on the App Store too".
Re:Except (Score:5, Insightful)
>complaints about malware aren't one of them
So the ones that raid your contacts and send the information to persons unknown are fine?
No, but who could have imaged the apps below would harvest your contacts! It's almost like they were built specifically to share information.
Foursquare
Path
Instagram
Facebook
Twitter for iOS
Voxer
Re:It drives me crazy (Score:4, Insightful)
That's meaningless for the problem at hand, which is that Google's own store is being used as a vector for malware. Google pressing a bit harder on app developers to prevent their store being a hazardous place would have no impact on the openness of the platform.
Re:Except (Score:2, Insightful)
I think that anyone with self respecting brain capacity would realize that picking the small handful of issues Apple has had with their vetting model cannot be compared to the thousands of apps that compromise Google's model.
Google gathering ripoff-artists (Score:4, Insightful)
Yes, there's a significant problem here.
The problem is that Google does NOT like free apps. Google make their money from advertizing, and on Google Play they're actively hiding whether are apps paid for by advertizing. This means that FOSS is having a hard time there. And cheap rip-offs of various kinds are having a field day. Once a thriving community of rip-off artists have been gathered bad things(tm) happen (even more).
By the way. Congratulations, the professional anti-Google scaremongers found a semi-reasonable point to criticize. Well done.
And just enough off-center from the real problems not to bother your Corporate Overlords, nice.
Re:Except (Score:5, Insightful)
You finding an example of malware doesn't disprove the assertion that people are complaining about malware on the iOS App Store. Just as finding one criminal in the country's safest town wouldn't mean people are complaining about crime there.
iOS App Store has a minuscule amount of malware compared to it's size. There's orders of magnitude more malware on the Android stores.
Re:Except (Score:2, Insightful)
I too enjoy the random use of immediately made up statistics laid out in terms like 'miniscule' and 'orders of magnitude'. Most of the apps I've downloaded from the app store and from play/market reported all sorts of things they didnt need to know about or report back to some mothership who-knows-where. I've never loaded a malicious app that caused me harm or did something that required repair...from either.
Yet there are plenty of stories about malware and the ability to enact it on both platforms, in all kinds. To say otherwise is simply laying on the blinders because otherwise you'll wonder why you paid so much.
Re:Permissions (Score:4, Insightful)
Actually the real problem is you can't hit "no" and continue with the installation.
Knowing what an app wants to do is one thing, but it doesn't tell me whether it's actually malicious. Getting an intelligent list of what it tried to do would help. Being able to tell my tablet to disallow or just lie about certain things would help more though - i.e. prevent access to contacts data, or, better, pretend I don't have any contacts data.