Google moves to delete 'RuFraud' scam Android apps

Android smart phone Google's Android platform is used on a large number of smartphones and tablet devices

Related Stories

Google has removed 22 applications from its Android Market after they were discovered to contain fraudulent software.

Apps posing as popular third-party software such as Angry Birds tricked users into sending premium text messages.

Unlike some other app services, Android Market apps are not vetted prior to being added to the store.

Google has said it swiftly removes apps that violate its security policies.

Lookout, a mobile security company based in San Francisco, believes the fraud attempt originated from Russia.

After notifying Google of the 22 affected apps, Lookout said it then identified five more apps running the so-called "RuFraud" scam.

The scam would make a user believe they were about to download a game or program, but instead they were giving the phone "permission" to send a text message costing about £3.

Google has confirmed to the BBC that the additional apps have now been removed.

Lookout believes that there have been at least 14,000 downloads of apps containing RuFraud. Users across Europe were affected, including the UK.

The company said attacks of this nature have risen in the past few months.

More effort

Google has come under fire in the past for not doing enough to remove substandard or dangerous apps posing as popular software.

Rival stores, such as those from Microsoft and Apple, require all apps to go through a vetting process before being added.

Alternative app stores for Android have been created by companies such as Amazon, offering additional curation and more vigorous checks.

Imposters

Mobile Security company Lookout identified several counterfeit versions of popular software containing the RuFraud scam. They included fake versions of:

  • Angry Birds
  • Cut the Rope
  • Twilight (wallpaper)
  • Tetris
  • Need for Speed
  • Sim City
  • Puss in Boots

David Emm, a security researcher for Kaspersky, said Google needed to put in more effort to filter out harmful applications in their store.

"The flexibility of the Android Market is great, but that comes at a potential price to security.

"It will become a potentially bigger problem in the future. Android's market share is going up, and so is the number of malware-infected mobile software."

Mr Emm said Google might need third-party help to add screening functions for applications being added to the store.

"I think it's a question of using existing desktop technologies and transferring them to mobile," he said.

He worries that existing vulnerabilities in Android applications leaves the door open for wider breaches on Google's network.

"The concern is that your Android Market account is attached to your Gmail account - which means if my Market account is hacked, it adds another security problem."

Glass houses

Meanwhile Microsoft, whose Windows Phone is an Android competitor, has launched a competition offering a free smartphone to disgruntled Android users who tell their story.

A screenshot from Twitter showing Android complaints Microsoft egged on users to share their "Droidrage" - annoyance at Android smartphones

Ben Rudolf, Microsoft's "Windows Phone evangelist", tweeted: "If you have #droidrage from Android malware, share your story with me and you could win a #windowsphone!"

The marketing ploy was dismissed by Graham Cluley, author of Sophos' Naked Security blog.

"Microsoft would be wise not to look too smug at the current focus on Android malware issue though - and using the issue as a promotion for Windows Phone 7 may be shortsighted," he wrote.

"Let's not forget, people who live in glass houses shouldn't throw stones."

Naked Security later reported on an apparent vulnerability which allowed a Windows Phone's messaging function to be disabled by simply receiving a text.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.