backtop


Print 19 comment(s) - last by djc208.. on Jan 13 at 4:55 PM

Google finds that some are abusive of its app store permissiveness

With a few scant exceptions like unauthorized tethering apps, Google has been rather permissive in what it allows on its Android Market -- its counter to the iTunes App Store.  Whereas approval through Apple can be filled with months of rejections and delays for some unlucky developers, Google has tried harder to make the process of publishing an app as straight forward as possible.

Some malicious parties, though, have tried to take advantage of the company's permissive nature.  On December 22, First Tech Credit Union wrote that a "fraudster developed a rogue Android Smartphone app" that spoofs users with a fake bank interface, trying to get users to fill in their account information.  That day BayPort Credit Union's mobile bank provider, MShift, announced similar concerns, stating that it had contacted Google on the December 15 about another rogue app.

It turns out that the developer -- 09Droid -- actually had a plethora of fake bank apps available on the Android Market, including apps posing as Chase, Sun Trust and Bank of America.  Google has at last removed those apps from the market, explaining that they clearly violate its terms of use.

Writes a Google spokesperson, "The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."

They add, "For example, we have a policy against inappropriate content, which includes malware. A developer must also abide by our Developer Distribution Agreement in order to upload an application to Android Market. We also may check applications for compliance with the Market Content Policies (in order to remove malware, porn, spam, or profanity)."

While the Android Market clearly has rules, it is an interesting question whether Google's permissiveness is the reason rogue apps like this have been able to slip through to a greater degree than competitor Apple.  Despite an enormous volume of apps, few, if any, rogue apps have made it to Apple's iTunes App store thus far.

Regardless of the answer to that question, Mikko Hyppönen, chief research officer at F-Secure, says rogue applications are a sign of smart phone attack attempts to come.  He also points out that smart phone manufacturer Symbian's app approval process has also been subverted.  He writes, "Some of them will try to target online banking, others will try to call premium-rate numbers or send text message spam and so [on]. Signing and certifying programs are in a key position on smartphone systems to prevent problems like this ... [although] we have seen the 'Signed by Symbian' certification process subverted a couple of times."



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Bank apps?
By xmichaelx on 1/13/2010 3:47:10 PM , Rating: 2
Frankly, you'd have to be an idiot to buy or use these apps. People must be buying these to help them finance a Nigerian prince in need.




"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki