Google won't pull suspected malicious Android apps

By Dan Kaplan on Feb 2, 2012 8:32 AM
Filed under Security

Don't "violate terms of service".

A security firm is trying to call attention to 13 applications that have showed up in the official Android Market over concerns that they contain software development tools that enable the theft of data.

The baker's dozen of applications, carrying names like Counter Elite Force and Balloon Game, allows downloaders to play action, adventure and puzzle games, Kevin Haley, director of Symantec Security Response, said.

But they also contain a software development kit (SDK), known as "Appherhand," that not only installs a search bar on the user's phone but also allows the distributors to change the user's home page and add and remove bookmarks and shortcuts.

"I'm not sure why you would need to pull someone's bookmarks," Haley said. "I'm not aware of the benefit."

The apps, which contain a trojan dubbed by Symantec as "Counterclank," have been downloaded between one and five million times, Haley said.

Apperhand is quite similar to an SDK that was present in a number of apps that appeared over the summer in the Android Market. They carried malicious code referred to as "Plankton," which enabled the distributor to gain remote access to the device. Ultimately, Google temporarily suspended these apps, but upon conclusion of its investigation, determined that they were not harmful.

"You should be aware what you're getting into when you download these apps, and if you don't want them taking these actions on your phone, then I think you should remove them," Haley said.

Google, however, will not remove the apps because they do not violate its terms of service, Symantec said in a blog post Monday. A Google spokesman declined to comment.

Lookout Mobile Security, meanwhile, said in a blog post it doesn't consider the applications malware, but it does appear to be "an aggresive form of [an] ad network and should be taken seriously."

As the mobile device space continues to mature, security companies and platform providers will be forced to sort out exactly what is worth flagging and what is not. Haley likened this to the early days of the PC industry, when spyware programs routinely were considered innocuous.

"Maybe we don't have all the nomenclature set yet in the Android or malware space," Haley admitted. "We're building consensus on what these things ought to be called."

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Google won't pull suspected malicious Android apps
 
 
 
 
 
Top Stories
Planet Tel buys Via IP in Aussie integration push
Telco provider talks up integration credentials.
 
Microsoft rides slight PC recovery
Uptick in PC sales after two years of decline.
 
NEC Australia to sell HQ, hints at possible job cuts
Another multimillion-dollar loss for local arm of Japanese giant.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Which mobile device couldn't you live without?


Latest Comments
CRN Magazine

Issue: 328 | June 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.