Let’s talk fake Android apps. They don’t always just lurk on shady underground forums—there are “unauthorized” apps on official marketplaces, too.
Fake apps aren’t always malware in the strictest sense. While some may have an Android Trojan that downloads additional apps or interferes with your device’s normal operation, others may be stealthily collecting your personal information and sending it to remote servers. Have you ever downloaded an app thinking it was one thing and then found out it was just an app pushing a ton of ads on to your device and changing around your home screen? This kind of bait-and-switch is getting increasingly common.
Unless you have a legitimate reason for doing so, you should not enable the ability to install apps from “unknown sources” on your Android device. Testing apps currently under development is a legitimate reason. “I want pirated content” is not. Always check who the developer is on the app. If you are looking at an app that claims to be a Disney game, the fact that the developer is not Disney should be a red flag.
Just last month, many users were tricked into downloading the fake BlackBerry Messenger for Android app from Google Play. The developer name was RIM—tricking all those users who didn’t know the company had official changed its name to BlackBerry.
Be careful when it comes to downloading apps. Don’t install apps on your device if you don’t know the source of the app. And regardless of your source—official marketplaces like Google Play and Amazon Appstore, or forums and Websites—verify the developer.
Magna Carta … Holy Grail (pirated)
Jay-Z released Magna Carta … Holy Grail exclusively for Samsung Galaxy users to promote his new album in advance of its release. Since the app lets users download the new album for free before its release date, people without Galaxy smartphones were thrilled when pirated copies popped up on various sites around the Web. Hope you didn’t download it, though.
It turns out the pirated copies were actual Android Trojans, according to McAfee Mobile Security. The app may look and function just like a legitimate app, it also sends information about the phone hardware to a remote server and downloads additional items on to the device. The only way a user would know the app was malicious was by the fact that the app’s wallpaper changed on July 4 to feature an image of President Barack Obama.
If you downloaded the app, remove it immediately, and don’t go looking for a pirated copy the next time another singer releases an app to promote a new album.
F-Secure flagged Android app Desert Strike on Google Play as potentially unwanted for this week’s list. The app uses several ad networks that are particularly aggressive, such as Leadbolt. The ad networks collect a lot of user data, including the phone’s manufacturer, model, and the version of Android operating system installed, carrier information, and the phone’s unique IMEI code. The app also sends the device’s geographic location using the GPS and network information.
The app displays notifications that can result in the user inadvertently signing up for a weekly paid service. It also displays ads for a “shady Antivirus Application” that incurs a weekly charge, according to Zimry Ong, senior malware analyst at F-Secure who analyzed the app.