back to article Malicious apps infiltrate Google's Android Market

Google security crews have tossed at least a dozen smartphone games out of the Android Market after discovering they contained secret code that caused owners to accrue expensive charges for text messages sent to premium numbers. The malicious apps, uploaded to the Google-hosted service by a developer named Logastrod, …


This topic is closed for new posts.
  1. Armando 123

    Does anyone else remember

    in the early days of Apple's app store, Apple pulled an app from the market and disabled it? There was much hue and cry about Apple overstepping their bounds, but Apple said the mechanism was put in place originally with the idea of stopping malicious code that made it through. It made sense then, and it does now, as well. I wonder if the diverse Android marketplace might have just shown a flaw. (Not that I'm saying Apple's approach is perfect, of course.)

    1. Dr. Vesselin Bontchev

      Of flaws and men

      In that particular aspect, Google is even more invasive that Apple, as far as I know. It can not only delete from your phone an app that you have installed from the official Android Market, but it can also force the installation on your phone of an app residing on this Market without your consent. Thank goodness, the removal works only for apps from the official Android Market - not just for anything that you have installed on your phone.

      As far as we know, Apple at least can't force-feed you apps. Of course, maybe they can and we just don't know it yet...

      Of course, there is a bright side to the force-feeding, too. One of the security companies, Lookout, has a product, called Plan B, which makes use of this "feature". Suppose you've lost your Android phone without taking any measures to protect it - like installing some security software on it. Then you can force-feed it Lookout's Plan B (all you need is the Gmail credentials for accessing the Android Market with that particular phone) and then lock it, locate it, wipe it, etc.

      Correspondingly, the dark side is that if a malicious app makes it into the Android Market, anybody who can steal your Gmail credentials for your phone can force this malicious app to be installed on your phone without your consent.

    2. M Gale

      So google have found a malicious app and... deleted it? While the article doesn't make it clear, I assume this also means it's been remotely nuked by Google's equally notorious kill switch. The only difference I see here is that Google have brought the Mighty Foot down on some malware, whereas Apple are likely to ban you for far more petty means even if they don't outright kill all trace of your app.

      People do need to stop requesting silly permissions to throw birds at pigs or unravel a loo roll though.

  2. Anonymous Coward
    Anonymous Coward


    For all the bitching and kvetching about iOS's "Walled Garden" app store, I've yet to see the iOS version of this article.

    1. EyeCU

      Here you go

      And that was in the app store for 2 months

    2. Craigness


      Why are the itards so often anonymous, and why are they so often ignorant?

      1. Doogie1

        You've really got a problem with them being anonymous haven't you. What are you planning on doing, asking one of them out?

        1. Craigness

          No and no.

        2. Anonymous Coward


          ...he thinks that he is in the same league as Prince, Elvis and madonna in that he is not annoymous by using a mono-name

          Here he is in action.

          1. Craigness

            Can anyone answer the question I originally posted?

            Please learn the difference between anonymous and pseudonymous. There is one, which is why you recognise me. It's also why Barry Shitpeas gets trolled by editorial staff while the anonymous itards do not. But why is anonymity so common among itards and not among other groups?

            Prince, Madonna and Elvis all used their given names.

            1. Anonymous Coward
              Anonymous Coward

              Right. I totally accept the reasoning *why* you think AC posts are, well, cowardly, however the ivory tower from which you castigate these cowards is shakey, to the extent that you don't really have a moral high ground at all. Their points are no less valid and certainly no more idiotic than those that use pseudonyms. We see utterly ridiculous posts made by people that use their given names daily and as many by those who hide be^h^h^h^h^h^h^h use pseudonyms (more on Barry in a bit). You still hide behind a veil of pseudonymity to get away with being a bit of a dick about things without any real fear of being called out on it in "real life". I doubt you'd have the brass cojones to speak to anyone out there the way that you do here, but that's a whole other thing.

              The editors here make it very clear that it's their house and their rules and if *they* want to troll and ridicule you, then they will. Pisses me off too sometimes, but it's the reason that you and I come back everyday. Frankly, if you don't like it, you know what to do.

              On to out mutual friend Barrington. He gets trolled because he is a ridiculous fandroid. So ridiculous in fact that even the frutiest of Apple fanbois looks rational next to him. End of. Take his post in this very thread. If an AC had posted what he had posted about Apple, the abuse from the super-team-fandroids would have been monstrous. I know that you feel aggrieved on his behalf (statutory "diddums"), but he gives as good as he gets. I often read his musings with wonderment; surely they are a joke? Surely those with a preference for Android find them embarrassing? I know some of the pro-iOS stuff makes me wince from time to time.

              Lastly, this isn't really a 'war' and picking which vacuous corporate entity you support does not give you an 'identity' and if it does you've got bigger problems, it makes you look like a chump. It's perfectly acceptable to like a device that someone else doesn't especially if choice is one o the virtues of your favoured ecosystem. Calling them names because you disapprove makes you a c**t [self edited - not a fan of that word, but it's entirely apt in this situation]. Simple as that really. As does being a prissy language pedant.

        3. The Fuzzy Wotnot


          Joke or not, how old are you? Does your Mum know you've been using her PC?

          1. Doogie1


            @The Fuzzy Wotnot Why do you want to know how old I am? Are you it wouldn't be so funny the second time.

      2. Anonymous Coward
        Anonymous Coward

        Ignorant? That's rich!

        Not this again Craigness. If it's not this, it's erroneously chiding people for using apostrophes. Spend a little less time here whining about anonymity (If you going to do that at least have the bollocks to use your given name - as explained to you before a pseudonym is at least as anonymous), and a bit more time actually proffering cogent counterpoints without resorting to language pedancey, especially when you have a propensity for getting it wrong.

        1. sabroni Silver badge

          a pseudonym is at least as anonymous?

          If there was only one person allowed to post on here anonymously that would be true. But it's not, Anonymous coward refers to loads of people, Craigness refers to one user. You might not be able to point them out in the street, but you can easily see all the posts by that user. So quite different to posting anonymously...

        2. Loyal Commenter Silver badge


          "as explained to you before a pseudonym is at least as anonymous"

          Sorry to have to be a pedant here, but this statement is incorrect. In using a pseudonym, the use can be associated with all of the posts that they have made. By posting anonymously, they cannot, as they cannot (except presumably by the mods) be distinguished from other ACs.

          I think that Craigness has a point, posts made as AC do tend to have a higher chance of being inaccurate, wrong, or just plain trolls. In this case, a Jobsian fanatic claiming that such a thing would never happen with the glorious iProducts, when in fact it already has.

  3. Ilgaz

    antivirus vendors

    remember they said antivirus not needed and their developers are selling snake oil.

    Android needs even an heuristic antivirus/ application firewall. Of course, if operating system vendor calls them thieves, they won't get the necessary core functions to implement it in a practical manner.

    By the way, not saying Apple way is good. Nobody really knows what kind of junk happening there.

    1. eulampios

      treat users as dumb sheep, give them AV

      Antivirus is a lame means against the threats that exist for Android. AV is necessary when your OS is DESIGNED so it is capable to surprise a user (educated/experienced or not) with many unexpected ambushes. AV is poor substitute for the sophisticated permissions model. Even iOS (being a derivative of a *BSD system plus something else) lacks that rigour and sophistication.

      For those 10 thousand smarty-pants it's been a nice lesson learned: "take your time to study what this apps is capable of doing". When you download a Windows app from the Internet, where do you examine its permissions?

      And freedom is better than jail.

      1. Ilgaz

        Browse android app store

        Their permissions model, derived from j2me is not granular enough. All apps require same permissions and there's absurd levels of needless permissions asked. Users are trained to say yes. So far only white hats found and used exploits but there is no guarantee for future.

        1. eulampios

          Their (as any other one) permissions model was derived from the Unix' original one.

          >>is not granular enough.

          Nothing is perfect, however it is much better than an AV.

          >>Users are trained to say yes.

          They should be trained to think, examining permissions is not a rocket (not a rootkit either) science, much lesser headache than the AV business. Do not get surprised to get hundred-dollar bills for someone's txt messages or long distance ph. calls, if you allowed some "crazy birds" game to access corresponding permissions.

          >>So far only white hats found and used exploits but there is no guarantee for future.

          There is a guarantee that no Windows stupidity can occur, when millions of desktops and servers get infected within days (if Google does not reinvent the RPC marvel in the future)

          1. Anonymous Coward
            Anonymous Coward

            I totally agree with user stupidy.

            After all you check your tyres each morning for wear and damage and ensure all your lights are wokking (of course you have spare for all at hand don't you)?. You check your oil levels and tyre pressure once a week. You routinely check your battery and screen wash levels. What about the state of your brakes, or are you waiting for the little light to come on, telling you you've left ti to late?

            And of course, if you don't grease the moving parts, check you spark gaps (bet you don't even know what your gap is supposed to be), change your filters (air and fuel), exhaust for leakage, belts for tightness, well then you're just being silly and should be allowed near a car until you learn this very basic things.

            Ask yourself this?

            How many people have been killed as a DIRECT result of failing to maintaintheir PC / Phone? Yet people drive there cars every days presuming that little warining light will work, or the tyre won't blow out at 70mph.

            You see, we all take things for granted, just maybe we have our priorites a little wrong perhaps?

            1. eulampios

              too much ado about driving

              Do not exaggerate. You do need to check the brake before driving. Usually, an attempt to stop will let you know if the brakes are OK. Before hitting the road for a long drive you might also need to check some fluids, if you do not want to get stuck in the middle of nowhere waiting for an expensive road assistance. Nothing to say about regular oil changes/checks. Nothing additional is necessary. You might have a mechanic do it for you if you want. In any case, just a little brain activity is needed.

              Yet, better ride a bike! :)

    2. Craigness

      Not a virus

      Here's how it works...

      The market page says "this app can send premium rate SMS messages, do you want to install?"

      The users installed.

      The TOS said "this app is going to send premium rate SMS messages, do you want to continue?"

      The users continued.

      The apps described here are not viruses, so anti-virus would not help, so it's not required, which is what the devs said. And since the apps are only doing what it says on the tin, I'd be wary of the lawyers if I were to call them malicious.

      1. Markl2011

        " I'd be wary of the lawyers if I were to call them malicious."

        Well my dictionary defines malicious as " motivated by wrongful,vicious,or mischievous purposes" and since they were copying over peoples work I'd call that malicious.

      2. DZ-Jay

        Re: Not a virus

        Actually, on the tin italso says "Angry Birds," and Assassin's Creed," etc., so I don't think these are by legitimate at all.


      3. Dr. Vesselin Bontchev

        AV and malicious apps

        While the apps in question are indeed not viruses (they are Trojans at best; no viruses for the Android exist yet, while at least two viruses exist for - jailbroken - iPhones), the existing anti-virus programs for Android do detect malware (including Trojans) - not only viruses. In particular, some anti-virus programs detected these particular apps long before Google got wise any removed them.

        So, having a good anti-virus on your phone isn't a bad idea, after all. Emphasis on "good", though. Most of those out there suck.

  4. Anonymous Coward
    Anonymous Coward

    Cue the blue face paint now


  5. Anonymous Coward


    in me says that was orchestrated by the sellers of Android security products, in an aim to prove one IS needed.

    Thats how low they sink...

    1. Anonymous Coward
      Anonymous Coward


      Yes, Barry, we know - there is nothing wrong with Android at all, it's perfect, totally secure, totally usable and impervious to attack. Whereas the others are all rubbish.

      1. Craigness
        Thumb Up


        It's rare for an AC to speak the truth around here. Usually it's only the itards who feel the need to hide.

        1. GitMeMyShootinIrons

          That's because...

          Itards (as you put it) are scared of android-wielding psychopaths. They're a scary bunch, you know ;-)

          Would that make them iphonophobes?

          Push Androids choice and open architecture then slag off anyone who chooses something not Android. That makes sense....

  6. sqlrob
    Big Brother

    How do you tell from non-malicious?

    Official EA games, like Tetris, require permissions to make a call and do SMS.

    How did they tell from permissions alone?

    1. Anonymous Coward
      Anonymous Coward

      "Official EA games, like Tetris, require permissions to make a call and do SMS."

      Errr... no... they don't.

      Quick look at the permissions required for Tetris, Sims, Need For Speed, Bejeweled 2, Worms and FIFA 2010 all show no requirement for make calls or send SMS.

      1. sqlrob

        When EA first released it's free copy of Tetris back in August it sure as heck did.

        1. DZ-Jay

          Dude, that wasn't EA. You may want to scan for malware... Just saying.

          1. Anonymous Coward

            Actually I can back him up on that

            As I bitched about it at the time:


            Screenshot of the permissions for TETRIS FREE on release in there.

        2. Anonymous Coward
          Anonymous Coward


          I think we've found one of the ill fated 10,000!

  7. Jolyon Smith

    It's not malicious. Hell, it's not even sneaky

    Masquerading as entertainment in order to extract a buck from a stupid punter... there IS one born every minute. PT Barnum would be proud.

    If the reporting is accurate:

    - The apps had terms of service that were clear in what you were getting.

    - The apps notified you of the services they were going to access when you installed them.

    - The apps didn't do the consumer or their devices any harm and didn't do anything that they hadn't been clear that they were going to do.

    The only reason to pull these apps was copyright violations of the games that the apps disguised themselves as. But taking advantage of naive and stupid customers ? That's the commercial basis for consumerism without which many more people would be out of work.

  8. borkbork

    What they need to do.... instead of just displaying the permissions requested by the app, allow the user to say yay or nay to each one. If App A wants to read my contacts, sms, and location, I may want to say no to all but location. If it breaks the app then so be it, I probaby didn't want it anyway.

    That gives me an idea, maybe what's needed is a modified client that can provide bogus data for the apps that want access to sensitive areas, so no app breakage but no unwanted 'functionality' either...

    1. eulampios

      Would be more complicated and unrealistic.

    2. Dr. Vesselin Bontchev


      You are very right about the first part - it is a big problem that the Android security paradigm does not allow the user to choose which of the requested privileges to grant to the app. (And be later able to grant or revoke any other privileges.)

      Sadly, you are wrong about the second part - it is not practical to implement this without a complete re-design of Android.

      1. Anonymous Coward

        A redesign of all the apps as well. I think it would risk introducing a lot more apps that give an unsatisfactory user experience (due to permission failures).

      2. Field Marshal Von Krakenfart

        Why Not??

        Why is it not possible to build a firewall app?????

        Is there something specific in android that prevents a zone alarm type app from working.

        Very suspicious, google creates OS where you can't block access to the ad-server, it's enough to make you want to like a life of seclusion in the walled garden!

        1. Anonymous Coward

          It is possible

          Just a couple of examples - Droidwall is a good firewall, adaway and adaware and two ad blockers. So, please check before spewing FUD, some attempts are too easy to unmask.

    3. Anonymous Coward
      Anonymous Coward

      You can already do this

      You can do much of this permission control either with LBE security guard (available in the marked) or by flashing a MIUI ROM. For the latest one, the superuser app controls all these permissions.

  9. Markl2011

    There's something wrong here

    ...either with the article or Android.

    If the applications only asked for permission to “edit SMS or MMS, read SMS or MMS, receive SMS” how was it able to send sms? That requires the "SEND SMS" permission.

    1. Markl2011

      Replying to my own post it seems from the article on Sophos that the applications requested permission to send SMS, so nothing wrong with the Android permission system.

  10. Tony W

    A high proportion of legitimate apps demand permissions that look very scary. If you're going to make use of the facilities of a smartphone, you have to allow apps that actually do something, and often that has the potential to cost money or compromise privacy. I do look carefully at permissions, and reviews, but often it's far from obvious why certain permissions are required. So far I haven't been stung, but after the first app that I download that picks my pocket, I will very seriously consider ditching my Android for an iPhone. And a lot of others will do likewise.

    As for the people who think that being crooked is just legitimate business, they will squeal loud enough when they meet someone cleverer than they are who thinks the same thing.

    1. Craigness

      ipad pick a pocket

      When you get your pocket picked for £1300 by a free child's ipad game, you can come right back to the light side.

      1. Sean Baggaley 1

        Seriously? The "Tap Zoo" thing?

        FYI: the same apps are also available for... Android.

        In the Android Market.

        That "problem" you've reported boils down to illiteracy on the part of the parent. To quote the second offing line in the Apple App Store description:

        "PLEASE NOTE: this game lets you purchase items within the game for real money. Please disable in-app-purchases on your device if you do not want this feature to be accessible."

        This is following the typical "freemium" app model made popular by Facebook. You'll find many apps on that platform also offer this "feature".

        This is hardly in the same league as *pirating* someone else's game and *injecting it with malicious code*, then *selling* your malware as if it were the original game, is it?

        Yes, the malware does request SMS access permissions, but most users have long since been trained to just click through these. (Especially on Android, where the permissions system comes across like the old Windows Vista implementation of its "User Access Control" feature. You'd think Google would have learned from that, but clearly not.)

        As for the point that the game does state that it could charge upwards of $4.50 for SMS messages, perhaps someone could point out exactly *where* this was stated. Was it at the bottom of a 5000-word EULA full of legalese and deliberate obfuscation, perhaps?

        Users are not "stupid". Many will be ignorant—nobody can possibly know everything there is to know about every subject today—and that should be your *basic assumption* about your end users. Most people not only do not know how computers work, but they really could not care less. How many of you know how the railway tunnels your metro trains run through were built? How many of you know whether the trains use two-phase or three-phase electricity? No? And yet you'll happily use that technology without giving it a second thought.

        Until the IT industry grows the fuck up and realises that its problems are its own damned fault, we will constantly repeat history.

        Curation is not inherently wrong or evil. All museums are curated, as are all galleries, libraries, gated communities, apartment blocks with concierges, hotels, and more. Go ahead: try shoplifting in a shopping mall and see how far you get before the mall's own security services catch you. That's curation, that is. In real life. And nobody seems to mind.

        The bazaar, so beloved of "Free Software" advocates, is also beloved of petty criminals, shysters, conmen and more. Now, I could spend my shopping hours being very carefully paranoid, wasting my time haggling over the price of goods and taking forever to get anything useful done. Personally, I'd rather not go through all that. I like convenience and curated shopping environments—be they real or virtual—suit me far better.

        I fully appreciate that there are many who do enjoy that bazaar approach. I just don't happen to be one of them. And neither do Apple's customers.

        The thing is: *I'm* not the one constantly shouting from the rooftops that every shopping mall and high street be turned into a bazaar. Zealots like you and others here, on the other hand, are. And it's getting fucking old.

      2. Giles Jones Gold badge

        That's in-app purchases. They're not automatic, you request them. In-app purchases can be disabled.

        That kids parents made the mistake of associating their credit or debit card with their iTunes account instead of using top up vouchers.

      3. mrweekender

        Light side my arse...

        Excerpt from the WHOLE article - lets not cherry pick now eh?

        Fortunately, Apple is willing to refund the bill, despite the fact that the App Store carries a warning at the top of the page for Tap Zoo stating that it allows ‘in-app’ purchases and that users can disable the feature if they wish.

        An Apple spokesman said: “We are proud to have industry-leading parental controls.

        “In addition to a password being required to buy an app on the App Store a re-entry of your password is now required when making an in-app purchase.”

  11. Charles 9

    If Google won't do it...

    ...then perhaps someone else should step in to perform the job. Review and vet the various Android apps and then provide Market links for people who actually want to download them. Provide an app people can easily use to access these reviews. People concerned about the quality of their apps can then use this as a buffer against malware and other bad code while those who are willing to take the risk could go straight to the Android Market itself.

    1. Dr. Vesselin Bontchev

      Not practical

      Sadly, that's not practical. There are thousands of new apps or updates of old apps uploaded every day. It is not humanly possible to examine carefully each one of them before allowing them to the Market. This is precisely why Google doesn't want to do it.

      Some anti-virus companies routinely download apps from there (and from many alternate markets) and scan them for malware, but since the scanning is pretty much automated, it is not guaranteed to detect everything.

      In fact, even manual examination won't detect everything, as Charlie Miller demonstrated by getting his malicious app into Apple's walled garden...

    2. Anonymous Coward
      Thumb Up

      Some chaps have tried this

  12. Dana W

    Nibble, nibble.

    Funny, nobody seems to be stealing APPLES from my walled garden.

    "posted from my iPhone 4s"

    1. Craigness

      Nothing stolen from me

      and I don't have to live in a prison.

      1. Maliciously Crafted Packet

        I prefer the term...

        luxurious gated community. Also comes with a chauffeur driven limo who goes by the name of Safari, just in case you feel the need to take a spin outside now and again.

        But each to their own eh.

        1. Anonymous Coward
          Anonymous Coward


          Comparing Safari to a limo!

          A closer comparison would be to an old clapped out Lada with a wheel missing

  13. technocrat


    I agree with borkbork, instead of a one size fits all attitude to permissions that we have now, allow individual permissions instead of a yeah or neigh way we have now which means you can either install or not install regardless if you only disagree with a single permission.

    There are apps and games from legitimate sources that I sometimes think why the hell are they really needing permissions for this and have to agree if I want to use it even if it is only 1 of 5 permissions I dont agree with.

    It does need a revamp for more control from the user.

  14. John F***ing Stepp

    The attacks on the Android Market will continue. . .

    Or until moral improves.

    Which ever comes first.

  15. P. Lee

    More general controls needed

    When you make a bluetooth connection or turn on the GPS the phone asks you if that is what you want to do. As google navigation does.

    How about catagorising applications? If an application which wasn't marked as an SMS application wants to send an SMS, the phone displays a pop-up which says "application wants to send an SMS to telephone number 12345678. Agree/Cancel/Delete App?"

    Then make sure applications can't be in two catagories - it can't be a game and an SMS application. Also put in a little item in "task manager" which shows unexpected things, such as games which have the capability to make phone calls. Also, perhaps have clear markers on "apps which can cost you money", in task manager.

    Google is quite good at managing large data volumes, they could keep a list of premium numbers and flag when a premium number is dialled for any reason. The phone could drop you back to the SMS or phone screen for premium number access, regardless of the application being used.

    In fact, the phone could drop you back to the phone or sms screen for any telco-costing operation. You wouldn't even need to track premium numbers then.

    1. Swedish Chef

      Already available unofficially

      CyanogenMod 7 lets you modify the permissions of installed apps. Just tap on a permission in the list to grant or revoke it.

      If you don't want to re-flash your phone, there's an app called LBE Privacy Guard that offers the same functionality but will also let you set it up so it asks you for permission every time it detects a potentially unwanted action. This works really well. Requires a rooted phone though.

    2. Anonymous Coward

      The permissions are requested from and granted by the user at install time. No need to introduce more UI irritations - that will just impact legitimate use.


  16. Dr. Vesselin Bontchev

    Lagostrod is not the only one

    Apparently, another (or maybe the same?) publisher of dodgy scamware apps is "Miriada Production", see this:

    I have yet to get a sample of the scamware, but I suspect very much that it is related to a set of scamware apps used on a group of Russian sites. They all carry a bunch of supposedly free apps, but when you try to get one of them, you essentially get a downloader, which warns you in very vague terms that it is going to send a premium SMS (it doesn't tell you how much exactly it is going to cost and it sends 3 of them) and then proceeds to download the real app that you wanted.

    Those Russian apps use server-side polymorphism, though - something which, I suspect, is not possible for malware uploaded to the official Market. The code of the apps (the classes.dex file inside the APK package) is modified by hand almost every day and the data inside the APK package is modified automatically for every download.

  17. kring

    Google should take a bit more control over the Marketplace, a walled garden the Apple App Store may be, but I do feel a lot more confident they vet the software beforehand.

    Google need to nut up and take some responsibility.

  18. PaulR79

    User intelligence tested

    As awful as it is with apps like this getting around it's an approach I'd prefer to the Apple approach of telling me what I can download. Permissions are listed for all apps but as a few people have said they're not always clear on why those are needed. As a suggestion for Google I'd require all app developers to make available, either in the app description, a page online or on request, a full list of permissions with reasons why they're needed.

  19. LarsG


    They will begin to check all apps in the market place, maybe not as walled as Apple, but check they will because it is inevitable.

    It will all be about trust. If you lose your trust in Android you won't stay.

  20. Anonymous Coward
    Anonymous Coward

    Permissions - Could be better

    I'd like to see the app giving justification for the permissions they need so if you see "SEND SMS" you can tap it and the developer must justify that permission. There are a number of legitimate apps coming through with "read sensitive system logs" which frankly, see next point..

    I'd also like to see deny permissions though so if I don't want that app to see my messages, I can deny it completely.

    There is an app for rooted users to deny certain permissions for certain apps if you want that level of control. Search the market for "Permissions Denied"

    1. Anonymous Coward

      RE: Permissions - Could be better

      I half agree. Justification of permissions is a must. There's no reason that any developer should be asking for a permission without being able to explain it (whether that explanation is a lie is another matter altogether ...).

      The denial's a tougher one. Two aspects of this would punish developers:

      - A lot more work needs to go into managing each feature of your app as you don't know up front that you have permission to do something that you explicitly request in the manifest.

      - This could potentially kill all free ad-supported apps if everyone blocked network access.

      A compromise would be to allow developers to have two levels of permission request - mandatory and optional. Where something can be safely disabled, allow it to be done by the user. Where it's an integral part of the app, make it mandatory. If you don't want to grant the permission, don't install the app. Simples. Having the optional permissions then controlled at the OS level gives you the additional peace of mind if you don't trust an in-app "don't send this data" option.

      1. sabroni Silver badge

        rubbish engineers

        >>- A lot more work needs to go into managing each feature of your app as you don't know up front that you have permission to do something that you explicitly request in the manifest.<<

        It's basic coding. You're supposed to have a mechanism to handle when things go wrong so your app doesn't crash. A permission exception is only one of many things that can go wrong when code is running. What is it with Android developers and the idea that handling security exceptions is really difficult? Is android so badly designed that security exceptions can't be trapped properly?

        1. Anonymous Coward

          RE: rubbish engineers

          You're missing the point. This isn't about basic exception handling. This would mean you'd have to consider the functionality you've built your app around to be optional somehow. It's a change to design. The whole point of having a standard platform and then a permission set requested at runtime is to guarantee that functionality is available to you. Besides, there should not be a security exception as you have actively asked for that access using the mechanism provided to do so.

          Also, I'd like to direct you to the below excerpt from the android documentation on the subject. What is it with people commenting on android development without actually reading the documentation?

          Often times a permission failure will result in a SecurityException being thrown back to the application. However, this is not guaranteed to occur everywhere. For example, the sendBroadcast(Intent) method checks permissions as data is being delivered to each receiver, after the method call has returned, so you will not receive an exception if there are permission failures. In almost all cases, however, a permission failure will be printed to the system log.

        2. Anonymous Coward
          Anonymous Coward

          Just to add a quick example to illustrate the point - do you really expect an app whose entire functionality is based around taking pictures with the camera, which has:

          a) explicitly requested the camera permissions

          b) excluded itself from devices without cameras

          to be checking for permission exceptions when using the camera? That's not good practice, that's redundant code.

          1. sabroni Silver badge

            @Oli Wright

            I see your argument, but it's based on what I consider to be flawed design. Android assumes I know exactly what permissions I want an app to have at install time, and that choice will never change. Also, if I don't like one of the permissions then the only option I have is to not install the app.

            There's a mobile operating system I use that asks for permission at run time, when the function is invoked. It makes perfect sense, I've just clicked the "show map" button, the app requests "App wants to use your location. Deny, Allow once, Allow always." This gives the permission context and allows me to make an informed choice.

            I understand that Android apps avoid this kind of "nag" message, but to me it's not nagging, it's asking a sensible question at the appropriate time...

      2. Charles 9

        The devs won't allow it.

        Remember, developers are vying for control just as the users are. They'll simply ignore optional permissions, make ALL their permissions mandatory, and if you or Google don't like that, then they could just decide to pledge allegiance to Apple and leave you high and dry. It and Admob are probably also why users can't control permissions--otherwise, devs wouldn't make apps for Android.

  21. Anonymous Coward
    Anonymous Coward

    10,000 victims...

    ...who's next purchase should be one of those mobile contract allowance checkers!

    When you see your allowance dwindling very rapidly over a few hours, you'll know you got suckered!

  22. rurwin

    Don't make it hard to be a developer

    I really hope that Google do not take the option espoused in this article. In order to make it not pay, they would have to charge maybe €50,000 to get access to the Google Market. That would effectively stop a huge number of one-man publishers and leave the field clear for the huge corporations.

    Think about this guy:

    On the other hand I have been astonished myself at the huge number of permissions some apps demand, and I have refused to install several on that basis, even though I was fairly sure they were kosher. It doesn't help that even the best behaved free apps have to have Internet permission in order to download adverts. Maybe it would be possible to split access to Google Adverts from the general Internet Access permission.

  23. poohbear

    fine-grained permissions

    @technocrat: there are apps on Market which allow you to selectively toggle individual permissions for apps. However it becomes a mission to manage as your number of apps increase and they keep updating themselves, often requiring NEW permissions which they did not have before (Angry Birds: guilty!).

    I agree that the permission categories as specified on market are way too broad. In truth, if a game needs to check my sms or call status, I want to know why. Else Android needs an option somewhere for things that "will not put phone into sleep mode'", so that it can be handled at an OS level rather than each app checking what else you are doing on the phone.

  24. Anonymous Coward

    Extreme desperation from Microsoft...

    Anyone else, you wouldn't believe it. Microsoft, you can totally believe it....

  25. fixit_f


    If it was sending SMS messages, would you be able to tell? Would you see them in your sent texts for example?

    1. Doogie1


      If the app didn't delete the message you would, but it's possible the application deletes the message from the sent box to disguise it's malicious intent.

  26. Anonymous Coward

    Google needs to educate, but not just users

    While I think the tone in some parts of this article is a bit off ("allowed" them to be downloaded - makes Google sound malicious), this paragraph here covers exactly where the problem lies:

    "With so many Android apps requiring access to geographic-location data, messaging functions, and other sensitive resources, Google has yet to educate users how to tell legitimate requests from illegitimate requests."

    I would extend this a bit though as it also needs to educate developers. It's hard to educate users when permissions become as much of a pain to check as a EULA. The problem isn't that the permission system is wrong, it's that developers ask for too many / the wrong permissions. As some chap mentioned earlier, when TETRIS FREE was first released it asked for all sorts of permissions (SMS included) that it DID NOT NEED (I'm basing that assertion on the fact they eventually removed said permissions - never did answer my question why they had them in the frist place). Google needs to put a few more warning signs in place between development and the market to stop developers and say "look, are you really sure you need these. really? really???? 'cos it's only going to piss off your users if you're wrong". Anyway, a bit more waffle along these lines at the link I posted under the TETRIS FREE comment.

    p.s. That Sophos blogger can f*ck right off with his exclusion approach. Blanket restriction is the lazy way out - how many times do devs suffer this sort of crap in corporate systems, preventing them doing their jobs.

    No android icon so this'll have to do ...

  27. toadwarrior

    Permissions fail

    So Google wants to take zero responsibility for anything. I'm not surprised given their customer support is generally poor. If they said they would scan the code then customer have something to come back to them on.

    While I do agree there were obviously customers who clearly did not read the permissions or terms I don't necessarily blame them. Just about everything seems to ask for more permissions then what it should really be using. So I'm not surprised if they've given on on caring and just click yes to everything especially when it's masquerading as a brand they trust and this is Google's fault. I shouldn't be allowed to upload an app that looks like it's someone else's.

    God forbid Google pay someone to review what is being submitted if only to check it's not someone pretending their app is a popular app. I like free and open systems (which is why I use Linux) but I don't like it when companies use free and open and geek-like attitudes as a way to ignore their responsibilities.

    A phone is something someone has to commit to through a pricey contract. It's not something cheap so it would be nice if they'd put some effort into policing their market.

    Apple doesn't have the perfect model but they've done better than Google and no matter what the fanboys think Google's model is all about doing it as cheap as possible not giving you freedom. If they could do Apples model for zero cost they would.

    1. Anonymous Coward
      Anonymous Coward


      'If they could do Apples model for zero cost they would.'

      But then we would move to another supplier. Just one of the many benefits of not letting one supplier dictate their terms to you. Regardless of Googles motivation it does allow an awful lot more freedom than anything dished out by Apple

  28. Wize


    "...users who installed the counterfeit games saw permission screens..."

    Some programs, eg Angry Birds, ask for permissions they don't need anyway. For example, they don't need to know my location.

    1. Anonymous Coward
      Anonymous Coward

      Probably requesting it for admob - although there it's actually optional for the developers to request the permission (by design). Still, no excuse for them not saying as much in their market description ...

  29. Ilgaz

    Does your operator have these?

    On my operators control panel you can disable international calls and sms/ premium sms. If EU does this mandatory,a lot of problems would be solved in core level.

  30. Why Not?

    API key?

    Don't you need an API key to develop, make the ones that support micropayments or SMS pay for the key and indemnify user & Google. Key could be layered 1 sms number £X, 10 £XX, unlimited £XXXXX. premium rate numbers registered with Google who take a percentage and have the ability to force refund.

    If the code is copied then that is covered by contract.

This topic is closed for new posts.

Other stories you might like