Google won't kill 'malicious' Android apps

By

Apps dubbed malicious by Symantec did not violate terms of service.

Google will not remove 13 Android applications dubbed malcious by security firm Symantec.

Google won't kill 'malicious' Android apps
Flickr

The applications included action, adventure and puzzle games that had data stealing capabilities, according to Symantec.

The security company said the apps included the software development kit (SDK) dubbed Appherhand that installed a search bar on the user's phone and allowed the distributors to change the user's home page and add and remove bookmarks and shortcuts.

Symantec security response director Kevin Haley said questioned the legitimacy of Apperhand.

"I'm not sure why you would need to pull someone's bookmarks," Haley told SCMagazine.com."I'm not aware of the benefit."

The apps contained a trojan dubbed by Symantec as Counterclank and have been downloaded between one and five million times, Haley said.

Apperhand was similar to an SDK  present in other apps that appeared recently in the Android Market.

They carried malicious code dubbed Plankton which provided distributors with remote access to a users' device.

Google temporarily suspended the apps but later found they were not harmful.

"You should be aware what you're getting into when you download these apps, and if you don't want them taking these actions on your phone, then I think you should remove them," Haley said.

Google would not remove the apps stating they did not violate its terms of service, Symantec said.

Lookout Mobile Security said it does not consider the applications malware but "an aggressive form of [an] ad network" which "should be taken seriously".

As the mobile device space continues to mature, security companies and platform providers will be forced to sort out applications worth flagging.

Haley likened this to the early days of the PC industry when spyware programs routinely were considered innocuous.

"Maybe we don't have all the nomenclature set yet in the Android or malware space."

"We're building consensus on what these things ought to be called."

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
advertisingandroidgooglemalwaremobilesecuritysymantec

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?