Here we go again: security issues with certain Android apps has forced Google to pull 21 applications from the Android Market. The apps that were affected were free and have been downloaded about 50,000 times.
Time and again I’ve said that the downside of being so open and having little regulation in the Android Market is the security of certain apps. Last year, Google killed or pulled apps from the market for security reasons on two or more occasions.
The apps are particularly insidious because they look just like knockoff versions of already popular apps. For example, there’s an app called simply “Chess.” The user would download what he’d assume to be a chess game, only to be presented with a very different sort of app.
These apps are all pirated versions of popular games and utilities — an expeditious solution for busy hackers.
The crazy thing is that these apps would root a user’s device, something that a user would actually have to take time to do if he or she wanted to gain that access to customize an Android device.
Once downloaded, the apps root the user’s device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID. Finally, the app acts as a wide-open backdoor for your device to quietly download more malicious code.
Folks can complain and whine about Apple’s walled garden all they like, but you never hear about issues like this in Apple’s tightly controlled eco-system. Eventually, Google will have to find a way to prevent these apps from entering the Android Market so it doesn’t have to pull them after they’ve been downloaded tens of thousands of times. I would be royally annoyed if I ended up downloading seemingly-harmless-but-actually-malicious apps.