Say what you will about how Apple’s policies prevent some pretty awesome software from making it into the official App Store, at least you don’t find a lot of malicious software in iTunes. The Android Market, on the other hand is a much more open place, allowing just about anyone to upload an app in a matter of seconds — even if the app is spammy, a ripoff of some other developers’ work, or contains malicious code that can damage your device or steal your private data.
Yesterday reddit users lompolo noticed that an Android developer had ripped off 21 popular free apps, inserted a root exploit into the apps, and uploaded them to the Android Market where they were downloaded between 50,000 and 200,000 times by users who were probably looking for the real apps.
Android Police examined the apps and noticed that the apps not only root a phone after installed, but they also grab information from your phone including product ID, region, and user ID. The apps can also then download even more code to your phone, which could cause some serious problems.
After Android Police notified Google about the problem, all 21 apps were removed and the developer account was killed. But if you downloaded any of the 21 apps from the list, you may want to remove them as quickly as possible and look for any other apps that may have been installed without your knowledge.
Does this mean that Google’s idea for a free and open market is a bad idea? Not necessarily. After all, there have been thousands of malicious apps targeting Windows and other desktop operating systems for years. Users just need to learn how to avoid these apps.
If anything, this incident is making the case that antivirus/antimalware software may be just as important on Android phones and tablets as it is on Windows computers. While I’m sure that’s something that will make Mac and iOS user laugh, it’s just the price to pay for being able to download and install virtually any app you like — something that Apple makes it difficult for iPhone users to do without jailbreaking their devices.
Mobile security service Lookout has already announced that it has blocked the apps in question. McAfee, Norton and AVG introduced mobile security apps for Android last year. And security firm Kaspersky recently launched a mobile security app for Android.