15 bad apps sneak past Google’s ‘bouncer’

70,000 Android users to download nosy apps.
  • Liam Tung (CSO Online)
  • — 16 April, 2012 11:19

Despite Google’s best efforts to prevent malware entering its official market, Google Play, it let 15 data-stealing apps slip by, according to security vendor, McAfee.

The new batch of malware follows Google’s February introduction of ‘bouncer’, its in-house security platform aimed at keeping malware off Google Play, known previously as just Android Market.

Google’s ‘bouncer’ is supposed to identify known malware and apps that display suspicious traits. The company said that it runs “every application” on Google’s cloud infrastructure as part of its automated vetting process, suggesting that process was not enough to detect what McAfee describes as “suspicious” permission requests.

During installation the malicious apps, which promise trailers of upcoming games, ask for permission to read contact data, including all names, telephone numbers and email addresses on the victim’s device, the phone’s unique identifier, and the user’s phone number.

Google has removed the offending apps from Google Play, but not before the apps were downloaded by 70,000 Android users, according to McAfee, citing Google Play statistics.

What remains to be seen if Google’s eye on new developer accounts will prevent the developers from “repeat-offending”.

The discovery followed a warning by Angry Birds maker Rovio to watch out for “fake versions of Angry Birds Space”.

Antivirus vendor Sophos last week warned that a fake version of the new game was being distributed on non-Google sites.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Microsoft confirms HTTP Strict Transport Security for IE 12

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Mobile Security

Comprehensive enterprise protection for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.