Despite Google’s best efforts to prevent malware entering its official market, Google Play, it let 15 data-stealing apps slip by, according to security vendor, McAfee.
The new batch of malware follows Google’s February introduction of ‘bouncer’, its in-house security platform aimed at keeping malware off Google Play, known previously as just Android Market.
Google’s ‘bouncer’ is supposed to identify known malware and apps that display suspicious traits. The company said that it runs “every application” on Google’s cloud infrastructure as part of its automated vetting process, suggesting that process was not enough to detect what McAfee describes as “suspicious” permission requests.
During installation the malicious apps, which promise trailers of upcoming games, ask for permission to read contact data, including all names, telephone numbers and email addresses on the victim’s device, the phone’s unique identifier, and the user’s phone number.
Google has removed the offending apps from Google Play, but not before the apps were downloaded by 70,000 Android users, according to McAfee, citing Google Play statistics.
What remains to be seen if Google’s eye on new developer accounts will prevent the developers from “repeat-offending”.
The discovery followed a warning by Angry Birds maker Rovio to watch out for “fake versions of Angry Birds Space”.
Antivirus vendor Sophos last week warned that a fake version of the new game was being distributed on non-Google sites.