Google Removes 22 Dangerous Apps from Android Market

Over the past week Google has removed 22 malicious apps from its official Android Marketplace again highlighting the weakness of Google’s (almost non-existant) approval process. The malicious apps were spotted by the mobile security company Lookout who then notified Google. In response Google removed the apps.

The apps all used the RuFraud malware to send SMS messages to premium rate numbers. The apps didn’t affect users in the USA, but it did target users in Great Britain, Italy, Israel, France, and Germany as well as Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine and Estonia.
The initial batch of apps that Google posted in the Android Market place appeared as horoscope apps with an unclear ToS pointing out the charges. Once the app started, tapping on “Continue” meant the user accepted the terms.
Next come apps designed to capture a wider audience: 3 wallpaper apps for popular movies (including Twilight), and 3 apps claiming to be downloaders for popular games such as Angry Birds and Cut the Rope.
The final wave of apps again masqueraded as free versions of popular games. In total 22 apps appeared in the Android Market and were downloaded over 14,000 times. Do the maths. That is a very quick way to make some money and Google helped by not having a decent app review process.

Tags: antivirus google hacking security