IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Rogue apps sneak into Android Market

Malicious apps find their way onto Android's official market, but Google appears to have reacted fast.

Android

Over 50 malicious apps found their way onto the Android Market, but have now been removed, according to reports.

Reddit contributor Lompolo was first to notice the issue, when he found 21 Android legitimate apps had been repackaged with an exploit known as "rageagainstthecage" designed to gain root access to users' devices.

A report from Android Police indicated that between 50,000 and 200,000 versions of the malicious apps could have been downloaded before Google pulled the plug.

The apps were able to steal device details such as IMEI numbers and could even download more code and install extra malware designed to take even more data from users.

Various apps released under the developer names "Kingmall2010, "we20090202 and "Myournet" were affected. In a follow-up blog post, Android Police claim that the exploits used no longer work under Android 2.3. If true, this incident highlights one of the disadvantages of the delays Android users often face in getting the latest operating system updates.

Google have removed the apps and banned the rogue developer it believes to be responsible from Android Market, reports indicated. The tech giant has also ensured the apps were remotely removed from the affected handsets.

However, Rik Ferguson, senior security advisor at Trend Micro, said just taking the apps offline may not help those who downloaded the infected apps.

"Of course this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection," Ferguson said in a blog.

"So if you are one of the estimated 50,000 people who have downloaded these malicious apps it could be worth your while investigating the possibility of getting a replacement handset or reinstalling the operating system on the one you have if possible."

At the time of publication, Google had not responded to a request for comment on the situation.

There have been plenty of concerns over the security of the Android Marketplace, but before this there had not been any major issues.

Instead, most threats had been seen passing through third-party app stores.

As Android becomes more popular, however, the marketplace will become more of a target for cyber criminals.

Philip Dall, mobile security expert with internet security company BullGuard, said users should ensure where the app has come from in the first place.

"First and foremost, you should think twice before you download applications by finding out who uploaded it, check which rights and actions the app wishes to make use of, and consider whether this sounds right or not," Dall said.

"Secondly, you should install security software on your phone."

IT PRO recently warned about the potential security time bomb facing the plethora of app stores now open to consumers and businesses alike.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Apple executive rejoins Google over remote work policy
flexible working

Apple executive rejoins Google over remote work policy

18 May 2022
Here’s the first look at Google’s new Bay View campus
Business operations

Here’s the first look at Google’s new Bay View campus

17 May 2022
Google offers UK SMBs £87,000 scholarships to boost tech skills
Careers & training

Google offers UK SMBs £87,000 scholarships to boost tech skills

10 May 2022
Google Cloud confirms it is building a dedicated team to support Web3 developers
Cloud

Google Cloud confirms it is building a dedicated team to support Web3 developers

9 May 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022