Angry Birds might have cost you hours of lost productivity, but downloading an avian add-on from the Android Marketplace could be infinitely more costly.
A couple of security researchers have found a bug in the Android operating system that allows apps to download onto your handset without requesting your permission, according to a report from Forbes. To illustrate the point, the researchers created an app masquerading as an Angry Birds add-on, and put it on the Android Marketplace.
The app claims to offer new Angry Birds levels, but instead, it stealthily downloads other apps behind your back, which can then access all your details. These ninja apps have the ability to track the phone, steal contact details and send expensive text messages.
In this case, the app isn't harmful -- though it has potential to be. Instead of sabotaging your handset, the spoof update downloads three other apps that have access to your private content, then shows a message warning the owner of the security breach.
This sort of attack certainly isn't new, but previous cases required the owner to grant permission for the app to access personal information. In this case, it sneaks by without asking you.
Luckily, this bug hasn't been seized upon by dirty criminal hackers. The experiment has garnered a good deal of attention, though. Rovio recently released a legitimate update to Angry Birds, offering new levels, bug fixes and QVGA graphics support. You can imagine how many people will search for the update, perhaps find this rogue app, and download it without checking it carefully.
It's natural for this sort of thing to happen on a system like Android, which doesn't have the same strict app store vetting process as Apple. It's a price you pay for the ability to completely customise your phone, and for an open app market that would never exist in a Steve Jobs world.
Image credit: Droid Life
Android App 
RSS Feeds 
iPhone App 
Newsletters 
Comments 6
Add your comment
anonymous 11 November, 2010 15:29
Would never happen on the apple store!
EvilJoe39 11 November, 2010 16:00
Unfortunately the Android Marketplace is perhaps a little too open. Apple have tried to open their app store up a bit (reducing their massive electrified fence by about a meter) so maybe Android's should be tightened a bit. How do the other three (Blackberry, Ovi and Win Phone 7) compare? I've tried Ovi a few times but have found the greatest security feature is to make everything hard to find and surrounded by dross that you quit the store with a sore head. :)
Dean Shepherd 12 November, 2010 10:19
"the spoof update downloads three other apps that have access to your private content, then shows a message warning the owner of the security breach."
I don't like this line...so even though its NOT harmful and its a spoof done by a 'security' company...it STILL has access to your private stuff anyway?
so there is STILL the potential for it to do the nasty...only now its more sneaky as it TELLS you its looking at you and that its not harmful etc....isn't that just a perfect way to cover their back even more? im suspicious of this to be fair.
bk93 13 November, 2010 22:13
This could never happen on the apple store!
misterk1973 15 November, 2010 12:15
No, but dodgy texts have been known to be able to hack into the iPhone so don't be too smug...
Anonymous 15 November, 2010 17:46
Dean i thik the point of the app is for you to be suspicious. There trying to point out a security flaw so people scrunitise what they download more carefully and so google address the flaw.
Displaying a message that the app you downloaded was fradulent and has taken advantage of a security flaw isn't very clever if you want the app to steal info for criminal purposes. They should of just not displayed anything then no one would of known and they could happily of collected all the info they wanted if that was the purpose of the app. Which of course it wasn't.