Google has pulled another batch of malicious apps from the Android Market, this time for secretly sending out text messages that result in hidden charges for users.
Lookout, a maker of mobile security apps, noticed the malicious Android apps, masquerading as horoscope apps, wallpapers and downloaders for popular games such as Angry Birds and Cut the Rope. Users who downloaded the apps were asked to agree to terms of service, which state that the app may send text messages resulting in premium charges. These terms of service were buried from the user, and there was no way to decline them without exiting the app.
Security firms have warned of these so-called SMS toll fraud apps or SMS trojans before, but their appearance in the Android Market is a new development. Fortunately for U.S. users, the premium short codes used by the latest batch of apps are gated from North American users.
Users were susceptible in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia, Great Britain, Italy, Israel, France and Germany.
Google removed 22 apps in total, according to Lookout. The purge is similar in scope to the removal of 21 malicious apps in March, after those apps were caught stealing sensitive user data.
As with other discoveries of malicious software in the Android Market, the latest batch is a cause for concern, but not alarm. Of course, firms like Lookout would prefer that Android users install anti-virus software on their phones, but users can also stay safe by paying attention to what they’re downloading. That means reading user reviews and scrutinizing the permissions required by each app prior to installation. A game like Angry Birds, for instance, shouldn’t need permission to send text messages, and it should have thousands and thousands of mostly positive reviews.
My colleague J.R. Raphael put it eloquently last March: “Threats are everywhere. The answer isn’t locking down the world; it’s taking basic precautions.”