Printed from http://www.electronista.com

Hijacked Android apps rack up high SMS bills, underline risk

updated 11:15 am EST, Tue March 1, 2011

Trojan Android apps send premium SMS

Risks of the current Android ecosystem were underscored late Monday with a warning from Symantec about a new trojan. Known as Android.Pjapps, the rogue code has been installed in bootlegged Android apps and adds a secret backdoor that the malware writers can use to send text messages to a premium service, giving a profit to the hijacker at the user's expense. The app also has to collect vital device info, such as its IMEI number, to keep the hack working.

Among the examples of apps pirated so far include Steamy Window (legitimate copy). The hacked app does send notifications that it collects text messaging and personal info but is otherwise superficially identical to the app from the official store.

Google has control over what can appear in Android Market, but the discovery for Symantec underscored the risks of outside apps. It urged users to download only from "regulated Android marketplaces" and to turn off one of Google's key selling points, the toggle to allow non-Market apps.

While Apple has been criticized for using its App Store-only approach in a way that limits flexibility and potentially blocks competition, the company also hasn't had to contend with maliciously altered apps or other significant app-based threats. Most risks on iOS so far have come to jailbroken devices; while they have more freedom, the nature of a jailbreak also gives complete root-level access and opens the device to more risk than if Apple had enabled the feature itself.

Steamy Window



By Electronista Staff
toggle

Comments

  1. msuper69

    Professional Poster

    Joined: Jan 2000

    -1

    MS Windows redux.

    your comment

  1. DerekMorr

    Fresh-Faced Recruit

    Joined: Mar 2010

    -2

    Hmm

    As opposed to iOS smurf games, which also run up high bills?

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -1

    wow...

    Users installed pirated software that still specifically tells them it will use SMS and gather personal info, they still install it, then are shocked to find it has some trojan inside.

    Yep, that's definitely a sign of a bad OS. How dare they tell you what they will do and then do it. And you'd think that Android would require all pirated programs to be digitally signed to prove they haven't been tampered with.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    -2

    however

    If this had been said about an iPhone app, it would be labeled as FUD. Or posters would just say "That's what you get for jailbreaking your device!" or "If you're going to download apps from unknown sources, you get what you deserve!" or any of a thousand other things to indicate its the user's fault. But for android, it's an OS issue or something.

  1. macnixer

    Fresh-Faced Recruit

    Joined: Mar 2006

    +1

    however not

    @testudo:

    On the iOS you have to jailbreak a phone to run apps outside of Apple's App Store and Apple does not endorse this. HOWEVER with Android, Google permits and endorses (provides the capability) installing apps outside of Android Marketplace. Essentially you have the option. This is not an user fault. For non-tech users like my other half, a market is market. As long as you can get to it, you can get stuff from there. It is we geeks who try to check. So in my opinion, iOS is protective and Android sucks.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Adesso Xtream S3B Bluetooth speaker

Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News