by Matt Liebowitz
A fresh new batch of fake and dangerous apps has found its way into the official Android Market, and downloading any of them could put your smartphone, and your personal information, in jeopardy.
Spotted by the security watchdogs at Android Police, the suspicious apps include phony versions of “Jetpack Joyride,” “Madden NFL 12,” “Batman Arkham City Lockdown,” “Angry Chicken” and nearly a dozen others.
Also found lurking the Android Market is a phony version of the Pinterest app, the popular new online pinboard. The bogus Pinterest app, from the ironically named developer “Official Android App,” installs other apps without the user’s permission.
A glance at the user reviews for “Jetpack Joyride” tells the true tale of the game’s intentions.
“Will not let me enter my email address to download the full version! What a load of rubbish,” wrote a user named Bethanie on Feb. 5.
“The app won’t open until I fill out 50 surveys and submit all [my] personal info for telemarketing, and email blitzing … Just want to play the game and it still won’t open,” user Jon wrote.
The app developer behind the offensive apps is Rovio Mobile LTD, an obvious name choice designed to play off the legitimacy of Rovio Entertainment LTD, the developer of Angry Birds. Jetpack Joyride’s actual developer is Halfbrick.
Daniel, a user who reviewed the phony game today (Feb. 6), summed it up best: “Asking for info is unnecessary. I downloaded this app to play not to get spammed.”
Daniel’s frustration is especially prescient coming on the heels of Google’s recent unveiling of “Bouncer,” a service built to automatically scan the Android Market for potentially dangerous apps. In the announcement on Feb. 2, Android’s vice president of engineering, Hiroshi Lockheimer, said Google reported a 40 percent decrease in “the number of potentially malicious downloads” in the Android Market between the first and second halves of 2011.
So why do apps like these keep showing up and taking users for a ride? According to Dmitri Bestuzhev, security expert at Kaspersky Lab, there is only so much Bouncer can do to keep apps from making their way past Android’s mobile security defenses.
Put more simply: the bad guys are omnipotent, and always one step ahead.
If an app developer is “already known and trusted by Google, that developer account will be a prime target for cybercriminals,” Bestuzhev wrote in a Kaspersky Lab blog. Bestuzhev said he also expects rogue app makers to begin developing harmful apps that work differently in specific parts of the world. Developers, he said, will design apps that execute malicious commands only if they detect, for example, a Latin American carrier. Otherwise, they’ll remain dormant, and go undetected by Bouncer.