There’s A Malware App For That
At least 50,000 unlucky Android smartphone users were the recipients of a nasty surprise -- malware -- after downloading one of 21 popular free titles from the Android Market
Once Google was informed of the issue, the apps were quickly pulled from the market and remotely deleted from users phones.
But as businesses continue to look at how to secure computing endpoints, including mobile phones, this is definitely a cautionary tale that smartphones, and all the assorted information users keep, are easily in reach of criminals.
Some of the titles, with innocuous names like Super Guitar Solo, were modified by taking a normal, non-tainted Android app, injecting the malware code and republishing on the Android Market with a slightly modified app name.
Once a user downloaded one of the titles, using the exploit rageagainstthecage, the phone is rooted and the users IMEI and IMSI along with other device data (like the carrier) was transmitted to the hackers. But even scarier is the possibility that the program could download even more malware to the compromised smartphone.
While Google touts the Android Market for its openness and ability for a publisher to instantly upload a program, the code of all programs on Apple’s App Store must be thoroughly examined and vetted to catch a wide range issues like malware.
And that’s not to say that iOS is completely secure, but the process for criminals to crack an iPad or iPhone at least takes a little more savvy than to publish a “Trojan horse” app for unsuspecting users to download.
While Android phones continue to sell almost as fast as iPhones, and with companies like Motorola and Samsung making a push into the tablet space to compete against the iPad, will an issue like this make you think twice before downloading an Android, or any other smartphone, app?
Posted by Brent Dirks on Mar 02, 2011