Google’s open policy towards apps on Android is starting to wreak havoc as there has been a recent spate of apps being released onto Android Market containing Trojan software. The malicious apps often pose themselves as free versions of premium apps, or downloaders for popular games like Angry Birds and Cut the Rope, but once installed sign the user up to premium rate SMS services.
Security companies that monitor such malicious content being added to Android have alerted Google, who have had the offending apps removed from Android Market. But just as Google removes some apps, even more are added by the same fraudsters. Even though Google can disable the accounts of people uploading malicious apps, there is nothing to stop them just setting up new accounts.
Many of the apps are primarily distributed through third party app websites and torrents. Security company Lookout have named the most recent threat as RuFraud, and say that it originated on Android Market via a horoscope app. Not many people downloaded this app, and it has since been removed. But RuFraud was then uploaded again in a dozen more apps that may have been downloaded by as many as 15,000 people.
The RuFraud Trojan appears to only affect Android phones in European countries, and so far does not appear to pose a threat to North American Android users.
The open nature of Android apps is often cited by Android fans as being one of the systems greatest benefits, which allows them much greater freedom than the ‘walled garden’ ecosystem employed by Apple on the iPhone. But with this freedom comes great risk. While the iPhone may occasionally suffer from similar problems, Apple’s vetting process for new apps helps to ensure that the impact of malicious content is minimal. It is also far easier for Apple to prevent the same tricksters operating again.
Android malware has risen by about 400% in the last few months and is starting to become a serious problem for the Google OS. Anti-virus software exists for Android, but these are often ineffective in identifying new cases.
Alongside fragmentation, malicious apps are one of the biggest problems facing Android. Microsoft has been keen to capitalize on this by offering victims of Android malware the chance to get a free Windows Phone. While Google has taken steps to minimize fragmentation with Ice Cream Sandwich, launched recently on the Galaxy Nexus, they have no plans to restrict apps or introduce a walled garden system like Apple.
While some of the recent RuFraud apps made their way into Android Market, most of them were obtained by unwitting users from unofficial websites and torrent downloads. In order to prevent such malicious apps from being installed on your phone you should always be skeptical of apps that are not obtained from Android Market.
If an app claims to be a free version of a popular premium app, check to see whether it has been produced by the same people – if not, this can be a clear giveaway that something is not right. Many of the recent RuFraud apps content clauses in their Terms of Service, granting the app permission to subscribe to premium rate SMS services. As the saying goes, “always read the smallprint”.