back to article Malware from Google Market menaces Android users

Google has yanked more than two-dozen mobile apps from its Android Market after security researchers reported they were laced with malicious code that transferred user data to servers controlled by attackers. As many as 120,000 Android users downloaded the trojans before they were detected, according to Tim Wyatt, a researcher …


This topic is closed for new posts.
  1. Turtle

    Thanks for another enjoyable article!

    Thank you for a very informative and entertaining article! I am looking forward to reading *many* more like it in the future!

    1. john loader

      But where's the program list

      Great for telling is some of the programs but a comprehensice list would be useful

  2. RTNavy
    Thumb Down

    Just Android Apps??

    In the past two months, many of my users are getting these same types of trojans just from clicking on the top responses to Google Searches let alone many of the banner ads right on the top of the Google page!

    Granted, I wish my users "supervisors" would actually discipline their employees for recreational web browsing on company computers, but that is another topic that doesn't involve the content that Google is providing to the world!

  3. Adrian Jones

    "Infected programs carried titles such as ... Floating Image Free ..."

    Not this one:

    I hope?

    1. Shambles

      Floating Image (free)

      I hope not too, as that app's been on my Droid since being recommended by El Reg on 5th April :(

  4. Anonymous Coward
    Thumb Down


    More malware?

    C'mon Google - can't let crap like this cripple Android take up (and it will, if it gets worse). Time to out think and out perform Apple.

  5. mraak

    Android == Windows

    iOS == Mac. If you want it cheaply and more open go for Android, if you want more expensive, closed, more polished and malware free, go for iPhone. Each to his own.

    1. pan2008


      You get the best of both worlds with Windows Phone 7. Each one to his/her own.

      1. Anonymous Coward
        Anonymous Coward


        How is having no decent communication apps, or a SSH client, the best of both worlds?

        I don't spend my day opening e-mailed spreadsheets or on my "social hub" which is just about what WP7 does well at.

        1. multipharious


          Are you actually using a WP7? I am currently using iPhone, Android, and WP7. Out of the three I far prefer the interface and experience of the WP7, the app store and hardware of the iPhone, and just about nothing about the Android experience...yet. I will give the Android a fair shake before writing it off. Perhaps having an App ask me for access to my Contacts sort of soured me early.

          As for SSH client? I personally do that where I can hammer a keyboard...and then no client is needed, just the ability to type quickly...which with mini touch keyboards is not it. Are you logging in to see if a process is finished or actually doing terminal work?

          A friend of mine blasted away iOS and is running uPhone. Maybe you ought to check it out.

        2. pan2008

          have you used WP7?

          Check simpleSSH Lite if you want your ssh client for WP7. Maybe it's not the best yet but works. I am not sure what you mean by decent communication apps, like messenger and the rest? There are a few. Then with mango it goes to a completely different level.

  6. Anonymous Coward

    What botnet? We don't have a botnet.

    How does IMEI + IMSI + handset details = "botnet"? Bit of a jump there don't you think?

  7. Arctic fox

    I think that Google could make a contribution here by......

    .........refusing or restricting apps (free or paid for) that demand permissions that are totally unnecessary for the function that they allegedly perform. For example, why do so many wallpaper apps or ringtones need/demand permissions that mean they in practice would own your phone's arse? Those types of apps do not need administrator and/or communications permissions. Devs submitting apps that make such demands where there is no obvious functional need for the app to have that degree of system access should, at the very least, be facing some very blunt questions from Mountain View.

    1. Craigness

      An example...

      ...a dice rolling app which needed to be able to make phone calls and send MMS (potentially using premium rate services in both cases).

      This one was on HTC's recommended apps list.

  8. Craigness

    Google needs to sort out the permissions

    What does an Android developer do if they want their app to behave nicely when a phonecall is received whilst the app is running? Judging by the permissions required by many in the Market I think their only option is to


    Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like."

    I have no way of knowing if an app will ever read the serial number or use its permission to determine who I call and who calls me! Wouldn't it have been better to design the OS so that apps could register to be alerted when the phone rings, rather than having to listen for it themselves? That way they would not need to request any unnecessary privileges.

    1. Anonymous Coward
      Anonymous Coward

      you win

      sensible post of the week

    2. StevenN

      You have the best insite here.

      Having lots of option for telling the user what "features" are used when there is little knowledge on the end user side of what each option really means. This is a perfect case where less really is more. Google needs to look at what features they "warn" about and limit it to 2-3 options. No more.

This topic is closed for new posts.

Other stories you might like