Google’s security team removed at least a dozen games for smartphones with Android Market, after it was discovered that they contained a secret code, for which the owners of phones had to pay dearly for text messages that were sent to premium numbers.
Malicious applications that are uploaded to the Google service developer Logastrod, disguised themselves as such popular games as Angry Birds, Assassin’s Creed Revelations and NEED FOR SPEED. The developer is believed to have cloned a game, including graphics and descriptions, and added them to malicious code that forced the device to send and receive secret messages.
By that time, as Google has removed the game (after more than 24 hours after their appearance), they, according to a Sophos, published in the blog on Monday, downloaded over 10 000 people.
“We have repeatedly stated that the requirements to be met by the developers to publish applications on Android Market, too soft,” – wrote a blogger from Sophos Svaytser Vanya. “The price to become a designer, is banned and then be much less than what you can earn on the publication of malicious applications. Attacks on the Android Market continue until until the tightened requirements for developers.”
It is fair to note that users who installed counterfeit games have seen warnings that an application can “edit SMS or MMS, SMS, or read MMS, receive SMS”. For games also attached conditions of service in which users are warned that their decision will be subscribed to a premium service, for which he had to pay 4.5 euros.
The fact that Google has hosted malicious applications more than one day, and admitted that they downloaded over 10 000 users, is a clear proof that such protection is not enough to protect the Android Market. Google steadfastly refuses to verify the application in its shop for malicious code that can track keystrokes on your phone or a cause of high costs.
Google has long warned members about the need to carefully read the information on screen resolution of each application before installation. And at least one of Google employees already attacked with criticism of the company that provides anti-virus software for devices with Android, calling them “charlatans” who play with the fears of users.
Given the number of applications that require access to data about the location, functions, messages and other sensitive resources, Google has yet to educate their users how to distinguish legitimate requests from unlawful. Approach Google, which offers customers use the services at your own risk, means that users will have to make sure that they are not cheated in the official shop of the company.