Google Play store suffers from malware
(MoneyWatch) Is there a risk of malware on mobile phones? In general, the answer has been "yes, but it's not a serious concern." As time goes on, though, the risk appears to be increasing.
Recently, for example, Symantec blogged about a worrisome trend in the Google Play store: A flood of scammy apps that are difficult for Google to detect, and therefore stay available for download for several days before being removed.
- Malware threats materializing on smartphones
- Cybercrime that starts with a phone call
- Simple ways to protect yourself from botnets
The apps in question are being churned out on a daily basis by a small number of malware producers, and as Symantec says, must be generating sufficient revenue for the production to continue. Indeed, the tally is over 1,200 apps in the last seven months.
What makes these apps tricky to detect is that there's nothing explicitly malicious in code; instead, they're making a play for user bank accounts via social engineering and simple links. Users who install the apps are taken to websites where they need to sign up and are charged large sums of money without warning (as much as $3,000/year) thanks to a carefully hidden license agreement.
Eventually, Google does remove these apps -- and indeed they responded to Symantec, which is doing its own testing of apps in the Google Play store -- but the nature of the apps means they can spend longer in the store, and are quickly replaced by new malware anyway.
Are you genuinely at risk due to apps on your smartphone? I'd say that the risk is still quite low. Read the entire Symantec post, for example, and you'll find that the apps behave in a very suspicious way to begin with; approach your online behavior with care, and you can avoid the effects of malware. And there have been no similar reports of this kind of malware on the iPhone, probably due to the much more rigorous app testing and approval system employed by Apple.
Photo courtesy of Flickr user Marsmettnn Tallahassee
