15 bad apps sneak past Google’s ‘bouncer’

70,000 Android users to download nosy apps.

Despite Google’s best efforts to prevent malware entering its official market, Google Play, it let 15 data-stealing apps slip by, according to security vendor, McAfee.

The new batch of malware follows Google’s February introduction of ‘bouncer’, its in-house security platform aimed at keeping malware off Google Play, known previously as just Android Market.

Google’s ‘bouncer’ is supposed to identify known malware and apps that display suspicious traits. The company said that it runs “every application” on Google’s cloud infrastructure as part of its automated vetting process, suggesting that process was not enough to detect what McAfee describes as “suspicious” permission requests.

During installation the malicious apps, which promise trailers of upcoming games, ask for permission to read contact data, including all names, telephone numbers and email addresses on the victim’s device, the phone’s unique identifier, and the user’s phone number.

Google has removed the offending apps from Google Play, but not before the apps were downloaded by 70,000 Android users, according to McAfee, citing Google Play statistics.

What remains to be seen if Google’s eye on new developer accounts will prevent the developers from “repeat-offending”.

The discovery followed a warning by Angry Birds maker Rovio to watch out for “fake versions of Angry Birds Space”.

Antivirus vendor Sophos last week warned that a fake version of the new game was being distributed on non-Google sites.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Security for Enterprise

Encrypt data with easy-to-use key management for virtual, private, and public cloud environments with Trend Micro SecureCloud™.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.