Thursday, December 15, 2011

Google Removes RuFraud Scam on Android Apps


If you’ve been experiencing problems with third-party software from your downloaded apps from the Android Market, it may be because of a fraudulent software that keeps tricking its users to send premium text messages. You’ll be pleased to know that Google has already been notified of this alert and has since removed 22 apps, including Sim City and Angry Birds.
Based on an earlier report by BBC, Lookout (a San Francisco based company for mobile security) has properly informed Google about the existing apps that were causing the unnecessary action. Upon discovery of the RuFraud scam, app users were tricked into downloading an app disguised as a game or program. Later on, they discovered that they actually gave permission to send out a text message—costing them $4.65. At least 14,000 of these apps have been downloaded, Lookout added; with most of its affected users located in Europe. Even though attacks of the same kind are not uncommon, they have increased over the last few months.
The RuFraud Scam was discovered to have originated from Russia.

Lack of an Approval Process

Unfortunately, this can only be expected from the lack of an approval process coming from the Android Market. Compared to the Apple App Store and the Windows Phone Marketplace, apps can easily be uploaded to the Android Market. However, Android developers are required to adhere to the terms and conditions stated in the Android Market Developer Distribution Agreement.
Looking back to a previous ZDNet Asia report, Google said it would automatically remove apps which violated their policies and agreement. This includes inappropriate content or malware. Moreover, the Android Market plans to block the abusive developers who repeatedly commit these violations.

Call to Action

In lieu of this, security experts suggested that Google to perform a scan on its Marketplace. Apart from detecting malware and malicious apps, they can better enforce the security of its valued Android users. Considering that this is a heavily used platform, Google really needs to listen to these suggestions.
Ever since March this year, Google has already removed over 50 fraudulent apps including theDroidDream malware—which prompted infected gadgets to send out delicate data to an external command server. In June, it stripped down several versions of the same malware.
“The flexibility of the Android Market is great, but that comes at a potential price to security,” “It will also become a potentially bigger problem in the future. Android’s market share is going up, and so is the number of malware-infected mobile software,” said David Emm, a security researcher at Kaspersky Labs.
Emm also warned that the currently existing vulnerabilities in Android apps have a possibility of turning into larger security breaches throughout the Google network. Since Gmail accounts of its users are attached to the Android Market, a more serious security problem can cause a bigger problem.
Having recently exceeding its 10 billion app downloads, Google has given its users access totop premium apps at 90% offered only for 10 days. Unfortunately, many of these downloads have also produced an error; to which Google has issued an apology just a few days ago.

[Source: BBC]