back to article BadNews, fandroids: MILLIONS of Google Play downloads riddled with malware

At least two million Google Play downloads gave Android users an unwanted freebie in the form of BadNews, a piece of malware which masqueraded as a legitimate advertising network. The malware was integrated into 32 different apps in the Google Store, according to mobile security specialist Lookout. Those apps have been …

COMMENTS

This topic is closed for new posts.
  1. Stu
    Devil

    Android permissions design

    Always seemed to me the whole Android permissions system is very under-granularised.

    "Read Phone Status and Identity" presents the app with info such as whether somebody is on a call, but also their complete phone number and IMEI number. Combined with Internet Access permission, allows complete silent transmission of your phone number and name to black market phone number lists.

    "Make phone calls" An app can legitimately call a number for you. On the other hand it can do it without your permission to a premium rate number, completely automatically, say at 3am.

    "Read contact data" allows an app to show you your contacts for something within the app legitimately, or just allows more black market sellable names and phone numbers.

    The list goes on and on.

    If I was a really suspicious person I might think Google made them this under-granular on purpose. More and more apps are doing the whole "Read phone status & ID" thing by default now.

    1. John H Woods Silver badge

      Re: Android permissions design

      I agree. Best way to control the 'make phone calls' permission might be to pop a user prompt before every short-code SMS or non geographic number unless a specific permission is given in advance.

      I'm safe because I use PAYG - as soon as I top up 15 quid on Three I buy their 500min, 5000 text, AYCE data bundle, which uses the whole amount. The phone will then not make any calls to non-geo numbers, or send premium texts because "your account balance is too low" .

      But the telcos could help here by letting you set contractual terms such as requiring additional confirmation to control cost incurred, number of premium SMS that can be sent or number of mins of premium calls that can be made per month.

    2. Ru

      Re: Android permissions design

      I've always been disappointed that you can't drop demanding applications in a sort of sandbox... as it stands, when I see an application that has unreasonable demands given its purpose, all I can do is simply opt not to install it and find an alternative.

      I'd much rather put it in a nice padded room where it can be convinced that it really is reading my contacts list and erasing files from my operating system and perhaps most importantly feel that it really is sending premium rate text messages when in fact not one of these operations has a single side effect.

      It isn't much of a safety net, but it would help make the current android permissions system slightly less worthless.

      1. S4qFBxkFFg

        Re: Android permissions design

        I think there are apps that will do this (restrict permissions for other apps) - although I've not actually encountered one that would cause me to need something like that. The "opt not to install it and find an alternative" method works well enough.

        1. mickey mouse the fith

          Re: Android permissions design

          "I think there are apps that will do this (restrict permissions for other apps) - although I've not actually encountered one that would cause me to need something like that. The "opt not to install it and find an alternative" method works well enough."

          Lbe security master or pdroid let you select which permissions an app is allowed to access. They actually work a bit better than cyanogens block permission function or the permission denied app which usually result in a crash when an app tries to access a blocked permission (as the dev never bothered error checking for this, just assuming all permissions asked for would be available). Lbe and Pdroid can feed apps junk data as well as block outright. For example,they can feed apps randomly generated contact numbers or gps coordinates evertime they run, making any data they harvest absolutely useless. I use Lbe to restrict most permissions and avasts firewall to stop internet access. Combined with adaway to block all ad networks via the hosts file I think im quite safe from anything snooping or sending sneaky texts.

          I dont think i have ever seen an advert on my handset using the above combo. Tidy...

    3. Aoyagi Aichou

      Re: Android permissions design

      Look on the bright side - at least you can actually set the permissions. Can you do that in iOS? Oh yes, and you can't do that in WP8 either.

      1. Stu

        Re: Android permissions design

        Well isn't that just because Apple stop people from being able to fully utilise YOUR device that apps aren't allowed to access phone numbers, IMEI numbers, contact info, etc?

        I don't remember ever seeing an iPhone app being able to dial numbers for you, but then I haven't owned an iPhone in years.

      2. I ain't Spartacus Gold badge

        Re: Android permissions design

        Windows Phone lets you set permissions. The app store has a little blurb on each app saying what permissions it wants (next to a link to an explanation of what those permissions are). They're no more granular than Android ones from memory.

        Apps then have to ask for permission to do certain stuff when you launch them, like phone home with data or use location services.

        As I recall iOS only has pop-ups for allowing access to your addressbook and location services. Although it may also have the same for accessing the phone function, I don't recall ever using an app that required this.

        1. Aoyagi Aichou

          Re: Android permissions design

          @I ain't Spartacus: As far as I know, the only thing WP8 "apps" ask about is use of locations. Everything else I have tried (and I've just tried installing Facebook "app" just for the sake of it) is merely information basis. Information, that's hardly satisfying. And even after I download the "app", there is no way to change the permissions as far as I know.

          As far as iOS goes, I was really guessing. It was a question after all.

          1. I ain't Spartacus Gold badge

            Re: Android permissions design

            Aoyagi Aichou,

            Unless Android has changed recently, then it and WinPho are very similar. Both list the permissions required at the bottom of the app's description page on Play Store or Marketplace. You then install them. Unless you root Android you don't get to pick and mix with permissions either.

            iOS allows a bit less leeway for apps. But leaves the user a lot more in the dark as to what's going on.

            1. Si 1

              Re: Android permissions design

              Aoyagi Aichou,

              iOS let's you block (or allow) apps access to location services (GPS), contacts, calendars, reminders, photos, Bluetooth sharing and Twitter/Facebook. There's no permission for calls or SMS as I believe those just aren't allowed at all.

              While it's de rigueur to criticise iOS around here, I think the permissions model is actually pretty good.

              1. .stu

                Re: Android permissions design

                This post on mse forum says different...

                http://forums.moneysavingexpert.com/showthread.php?t=4563409

                1. mickey mouse the fith

                  Re: Android permissions design

                  "This post on mse forum says different...

                  http://forums.moneysavingexpert.com/showthread.php?t=4563409"

                  I notice Apple still havnt taken it down, despite the complaints and the fact all the top reviews state its laced with malware.

                  Just goes to show that no os is really immune to user installed malware.

                  Putting ads that dial premium rate numbers in a kids app is a stroke of genius on the app writers part though, I imagine he/she has made a lot of dosh from idiot parents not checking things before giving their brat the phone since it was added.

            2. Aoyagi Aichou
              Unhappy

              Re: Android permissions design

              Ah, thanks for enlightening me. I admit I merely heard that Android has some proper rights management, but I guess those were all rooted. Oh well, then there is probably no modern smartphone I would like...and what's worse, I'm a tiny minority.

    4. Dan 55 Silver badge

      Re: Android permissions design

      There are a whole series of basic things that could be done to sort out security...

      - Instead of allowing apps to call a number directly, Android should bring up the dialler and pre-fill the number but let the user call or cancel.

      - Instead of allowing apps to send messages, Android should bring up the message editor and fill it in (read only if need be if it's got data which can't be edited), but let the user send or cancel.

      - Instead of allowing apps to read contact data, Android should bring up the contacts manager and allow the user to choose one or cancel.

      - Pop up a modal dialog with a 'remember the answer to this question' tickbox if an app wants to request the IMEI or similar data.

      Simple things like this where the OS is in the middle preventing the app getting at the data would also mean that a whole load of permissions for legit apps could be knocked on the head and it'd be much easier to spot malware because it'd still ask for everything.

      Also the play store needs to clearly show how the developer earns money from the app: open source, free, pay once, in-app purchases, ad-supported, combination, etc...

      If Google haven't done them by now they're probably not going to get round to doing them in the future either.

      1. JEDIDIAH
        Linux

        Re: Android permissions design

        > - Instead of allowing apps to send messages,

        You cripple the device so it can't do much of anything.

        That's the real problem with modern security issues. Everything is about trojans placed in software that's supposed to be legitimate but really isn't. A lot of this is driven by various forms of the cheapskate mentality that prevents both Free Software and Shareware from flourishing.

        You might want to send messages.

        Although ultimately end users should be able to revoke any permission after installation. We should never be in a position to be held hostage to developers that want the moon and the stars in terms of system permissions.

        I should be able to do something like I do with noscript. ANY app is banned from sending text messages unless I say otherwise. Doesn't matter what it asked for during installation.

        1. El Andy

          Re: Android permissions design

          @JEDIDIAH: "I should be able to do something like I do with noscript. ANY app is banned from sending text messages unless I say otherwise. Doesn't matter what it asked for during installation"

          The problem with that is, whilst it sounds great in theory, it just doesn't work in practice. It means app developers have to test every single possible combination of permissions and work out how to alter functionality appropriately depending upon what random subset of permissions they are granted. The really good developers might be able to do this, but it costs a lot in testing and development time and most people will never bother about it. Meanwhile the other developers will simply let their app crash in every case where the permissions are altered (or in the malware case just pester the user to re-enable the permission until they do so).

          It's much better to encourage users not to install apps that have overly demanding permission requirements, because that encourages developers to reduce the requests to the minimum possible. There is, perhaps, scope for allowing a developer to specify a subset of "optional" permissions that are only necessary to support some extra functionality, but since the only devs that would use that are in the "good guys" category, it's debatable whether the added complexity for end users is really worth the effort,

    5. Anonymous Coward
      Anonymous Coward

      Old news

      But so true, fcuk Android developers for fcukng up Android.... It was good while it lasted.

      1. Anonymous Coward
        FAIL

        Re: Old news

        Because not only does Android warn you that applications want to send SMS on install (protection 1), all applications are sandboxed from each other (protection 2), Android also disallows untrusted non-Google Play installs by default -so no other nasties can be silently slipped in (protection 3), each app has it's own user account (protection 4), and finally, you can't send SMS to a unknown number without getting a warning (protection 5)

        http://img21.imageshack.us/img21/7624/screenshot2013042312200.png

        So unless you intentionally disable all the above, this story it total and utter nonsense..

    6. eulampios

      Re: Android permissions design

      That is why you shouldn't install them. Interesting to hear this critique of Google for not implementing some extension of their permission API. It might be fair, however, Google had done this, while MS had failed to generate any idea in this area for over 20 years.

  2. Crisp
    Trollface

    A Linux based OS with malware?

    Where's Eadon when you need him?

    1. NinjasFTW

      Re: A Linux based OS with malware?

      gaah, i don't wont to hear a whooosh but as I read it the malware wasn't in the app itself. I simply provides an advertising window within the app. Now this advertising window will then point at a nasty piece of code that the user will have to click on and install (assuming that they have third party package install allowed).

      Not really anything to do with Linux.... ;)

      1. Anonymous Coward
        Anonymous Coward

        Re: A Linux based OS with malware?

        But Linux doesn't need any malware protection, Eadon keeps saying it's indestructible and only WINDOZE needs A/V

        FAIL!

      2. sabroni Silver badge

        Re: Not really anything to do with Linux....?

        Hmm, and by extending that argument a lot of windows malware is nothing to do with windows. Hey, it's not my fault you run as admin all the time....

        It sounds like what you really meant was "la la la, can't hear you!!!"

        1. NinjasFTW
          FAIL

          Re: Not really anything to do with Linux....?

          well a lot of it isn't. If a box pops up and asks if you want to install dodgy-package.msi and you click yes then it has nothing to do with Windows and more to do with the user.

          Historically windows had so many infection vectors that could be exploited without any user interaction however that is, I believe, largely a thing of the past.

          I have not said nor inferred otherwise so perhaps you perhaps you could actually think about what your saying before you hit the submit button in future?

          1. ed2020
            FAIL

            Re: Not really anything to do with Linux....?

            @NinjasFTW: implied, not inferred.

    2. RyokuMas

      Re: A Linux based OS with malware?

      As Eadon has pointed out on numerous occasions, viruses != malware.

      Any system can be infected with malware, for reasons located between the chair and the keyboard.

      Whether or not Linux is as impenetrable as some would claim... well, I have yet to be convinced. The only totally secure system is one that has no external access at all - anything else can be broken into with enough time and effort.

      1. Ivan Headache
        Happy

        Any system can be infected with malware, for reasons located between the chair and the keyboard.

        So as long as I stand up i should be OK

  3. DS 1

    Come on El Reg

    Don't install software that looks dodgy? What kind of useless advisory is that? Install some security software. Well, yes, Quite. However, most malware is walking straight past.

    Android is a whole heap of fun, but its not a place to do business or put personal stuff aboard - but hey, everyone is doing it right!

    Android aside, the security landscape is pretty horrible and growing worse. I think most people and orgs are in the state of 'overwhelmed' and its being taken advantage of all across the board. Not fun...

    1. NinjasFTW
      Thumb Down

      Re: Come on El Reg

      Android is a whole heap of fun, but its not a place to do business or put personal stuff aboard - but hey, everyone is doing it right!

      There is all kinds of wrong with that statement. If you don't install random packages from dodgy warez sites and keep any sensitive details encrypted then you will be as safe as you ever can be with anything online.

      If you want to have it made a little easier for you then you can go the walled garden Apple approach. If you want some flexibility/customization/usefulness then you go for Android.

      1. Anonymous Coward
        Anonymous Coward

        Re: Come on El Reg

        "If you want some flexibility/customization/usefulness then you go for Android."

        Overreach.

        Replace "some" with "greater" then yes to the first two, but then you were hoping to sneak an extra point on the end there there which demonstrates more than a soupçon of partisanship. You would be hard pressed to identify a single "useful" activity you can do on an Android phone you can't do on an iPhone that isn't some marginal edge case related to doing things exactly how you want to do them as a techie and that isn't if wholly marginal relevance to the average user.

        Unless oif course you are talking about anti-malware apps, which really do have something useful to do on an Android phone.

        1. Richard 12 Silver badge

          Re: Come on El Reg

          Two clocks on the home and lock screen.

        2. Snake Silver badge
          Stop

          Re: Come on El Reg

          Your limited viewpoint is only due to you believing that, personally, you have the power to decide the definition of "useful activity".

          That is not your definition to decide. That definition is for each individual user to decide, and since Apple has a LARGE number of things that they will not allow to happen on an iPhone, for example

          http://www.zdnet.com/blog/burnette/apples-new-iphone-restrictions-and-the-5-stages-of-grief/1904

          your reply is a complete and utter FAIL.

          1. SuccessCase

            Re: Come on El Reg

            "Your limited viewpoint is only due to you believing that, personally, you have the power to decide the definition of "useful activity"."

            Er, yes I'm accustomed to speaking from my own viewpoint, as at one level or other everyone who has said anything ever in the history of the human race does the same. None of us are God.

            And if I don't have the power to decide what constitutes "useful activity" from my own viewpoint, then I'm certain you don't. So I suggest rather than the sociopathic attempt to control my thoughts and language, you focus more on giving a clear reply on your own terms.

            I note you didn't actually attempt to answer the question I raised. I suspect because you know the answer will sound as weak as your current reply and thereby illustrate even more clearly the point I raised.

    2. Anonymous Coward
      Anonymous Coward

      Re: Come on El Reg

      "Android is a whole heap of fun, but its not a place to do business or put personal stuff aboard..."

      Then what's it for? Just for carrying around, to show that you can't afford an iPhone?

      1. Snake Silver badge
        Flame

        Re: Come on El Reg

        "Then what's it for? Just for carrying around, to show that you can't afford an iPhone?"

        But why would I WANT an iPhone? To only show that I simply MUST follow a trend, to show that in order to be 'accepted' I will be judged by a DEVICE that I use? To use a locked-up, walled-off, nanny-stated interface to the real world, where Big Brother Corporation has the nerve to tell me what I can and cannot do with my own device? To have to go to the effort of "jailbreaking" my own, personal device - when jailbreaking is even available, as every time Big Brother Corporation does a firmware update they strengthen their hold on your personal thoughts by intentionally nullifying the jailbreak options you have applied - just to get around BBC's thoughthold on me?

        If I want to watch porn on my device that is MY choice, not theirs. If they have a problem with an adult making adult choices for themselves, sell and market the device only to children and have the parents sign a permission form that gives Apple ("BBC") the right to censor the device content for "the good of the child". IN THE MEANTIME, I simply refuse to revoke my own freedom of will to a company simply to own their petty little device so as to feel like I belong with the REST of the blind sheep who have all *already* forfeited a portion of their adult choice simply to own said petty little device.

        The free market is a form of willful, voluntary voting. Apparently, a large number of people throughout the world have voted for the idea that "Yes, we are willing to give up certain self-evident adult decision processes for the advantage of paying you to own your product". And then, a lot of these same people bitch and moan when they even *think* that the government may be considering the exact same thing.

        What does this tell you? Sheep stupidity for profit = 'OK by me! Sign me up, the bauble is worth more than the absolute ability to exercise the choice of free will!" Remove bauble from benefit vs cost ration = "No! Never! I will never give up my rights and free will!"

        Loki from The Avengers (Avengers Assemble!) had it right - humans ARE sheep looking to be blindly led.

  4. Bill the Sys Admin
    Mushroom

    Unacceptable for this to happen clearly....but has anybody looked at the apps that are infected with this? The BBC named a few and its just complete trash. Confused at how stupid some people could be.

  5. Smallbrainfield
    Meh

    You have to admire the cheek of them naming their

    fake advertising network BadNews.

    1. Anonymous Coward
      Anonymous Coward

      They didn't

      That's just the name that the anti-malware firm that spotted it has assigned to the family.

      1. Smallbrainfield
        Coat

        Re: They didn't

        Ah right. As you were then.

  6. JimmyPage Silver badge
    Flame

    Don't need to download dodgy apps

    Wifes WildfireS came preloaded with a Facebook app, which you can't remove, nor stop running (she hasn't got a Facebook account).

    When you try and access settings, it lists all the permissions it has "Access my call data", "Access my contacts" etc etc (pretty much all from what I can see) with no option to deselect them.

    1. Steve Davies 3 Silver badge
      Paris Hilton

      Re: Don't need to download dodgy apps

      The same applied to my now bricked (when I tried to put cyanogen on it) HTC Sensation.

      I guess there is some form of 'Communication Breakdown' ?

      Paris because when she cries 'the levee breaks'

      (yes I am old enough to have seen LZ. The last time was at Ally Pally.)

      1. Toothpick
        Happy

        Re: Don't need to download dodgy apps

        I guess there is some form of 'Communication Breakdown' ?

        Were you not Dazed and Confused also? ;)

    2. Bill the Sys Admin
      Alert

      Re: Don't need to download dodgy apps

      Ridiculous. My next device will be a nexus, cant be arsed with all the preloaded crap they throw at you. My Samsung SIII updated the other day to find the Facebook app installed again after i had removed it! So angry.

    3. Andy Nugent

      Re: Don't need to download dodgy apps

      Not sure which version of Android it was introduced in, but you can "disable" pre-installed apps. It's in the app manager where you'd normally un-install 3rd party apps.

      1. JimmyPage Silver badge
        Unhappy

        @Andy

        Not on that phone, you can't :(

        Anyway - why "disable" ? She doesn't want the bloody thing at all - especially as it sits there taking up precious storage space on the phone (*not* the SD card).

      2. Dan 55 Silver badge
        Devil

        Re: Don't need to download dodgy apps

        Not available on all apps though. Oddly enough one app it's not available on is the backup service which uploads your app data as soon as you log into a Google account.

  7. Anonymous Coward
    Anonymous Coward

    untrusted source. .

    .isn't the ability to install from untrusted sources turned off by default?

    1. Anonymous Coward
      Anonymous Coward

      Re: untrusted source. .

      Such as the Amazon App store?

      Translate:

      Only allow Google Play or allow everyone.

      1. Vic

        Re: untrusted source. .

        > Only allow Google Play or allow everyone.

        That's what the switch does, yes, but it isn't a one-time setting.

        You can turn on "untrusted sources", install your app, then turn it off again.

        Vic.

  8. hplasm
    FAIL

    Mods are touchy today!

    Must be the bad headline writing.

    REG FAIL

    1. diodesign (Written by Reg staff) Silver badge

      Re: Mods are touchy today!

      Nah, just people who can't bring themselves to use the corrections button.

      C.

      1. Vic

        Re: Mods are touchy today!

        > people who can't bring themselves to use the corrections button.

        That's because the corrections "button" is actually just a mailto: link.

        Give us a form and it will be used more productively...

        Vic.

  9. Yag
    Devil

    "...slipped by Google's automated detection..."

    Yes, they're very very sorry that this was "slipped" by their automated detection.

    The best course of action would be for apps makers to rely on widely recognised advertising network, like... mmmh... Google AdWords?

    Do no evil (but let others' evil "slip" if it's financially interesting)

  10. Irongut

    What kind of idiot

    What kind of idiot installs an update for an app via an advert in another app rather than through the standard update mechanism in the app store?

    Oh yeah the users I have to support probably.

    1. Dan 55 Silver badge
      Devil

      Re: What kind of idiot

      What kind of OS would let a signed app change itself then happily execute it the next time round?

      If the Play Store (amongst others) takes care of updating, the OS can safely assume that any changes to the app package are malicious because the app has been compromised. The OS should refuse to execute it.

  11. MissingSecurity
    WTF?

    I may be missing something here...

    but this sound like "legitimate" apps that use dodgy ad services. Does Google provide the ad company or does app company (provided the app publisher is not a front for the ad male-ware)? While it not all together surprising, it seems in the interest of getting some "dedicated" Android fans riled up, in actuality this a question of either Google's lack of proper checks, or Shitty Developers being Shitty. Not so much a platform security issue per say, more of a social engineering commonality.

  12. ukgnome

    Fear not Fandroids - Eastern Europe is not the world

    I have looked at the 32 apps that have been removed,

    20 are purely in Russian, so most of us won't see them. And the other 12 don't exactly butter my bread, with such classics as "star knife, find number, stupid birds, savage knife".

    I would been keen to know if any apps that I see from my play store is malware ridden. Still, this is probably not a huge issue compared to numbers of downloads globally.

  13. Anonymous Coward
    Windows

    Windows security rules apply.

    Treat as hostile until proven otherwise.

  14. Avatar of They
    Stop

    Every app' seems to want to make calls or SMS now.

    The latest facebook update has started saying it needs access for making calls, so pretty much anything can happen if you don't read exactly what you install.

    And the logic of "say yes when installed and whatever happens after that is your fault" seems to be the way of Android.

  15. Lallabalalla
    Trollface

    No no you're all wrong

    These apps are GOOD, because they are Android they are "open" and "open" is GOOD. "Not open" is BAD. These are OPEN so it's ALL GOOD.

    1. Anonymous Coward
      Anonymous Coward

      Re: No no you're all wrong

      None of these apps are open source, they're all proprietary. If they were open source there wouldn't be an issue.

  16. Peter 48

    the sky is falling

    So basically a bunch of mediocre, mostly Russian, dodgy apps and poor rip-off copies potentially contain malware. What a surprise. Next thing you'll be telling me that the bloke down in the market called dodgy dave is not selling legit DVDs.

    1. GitMeMyShootinIrons

      Re: the sky is falling

      ...all through the legitimate Google market place. Very good. Sounds like the policing of what is peddled in the store is a bit lax, bordering on negligent.

      I could accept this on some back-street site, but Google? Really? A tad disappointing. 'Do no evil' may be their mantra, but 'ignore evil' appears to be reality.

      I have Apple and Android devices. I have more faith in the former, which is a pity, because the better hardware is often the latter.

    2. Spiff66
      Meh

      Re: the sky is falling

      Actually whats being said is that if you have an open store where anything goes then you're going to end up being shafted by someone who wants all your data. So we keep getting told how great android is and how like its free and open and thats soooo fantastic, till you get your data slurped and then well you know maybe theres a reason for some comapnies who think that owning the platform all the way isn't always a bad thing. It's your choice pal, you can go take your chances with the dodgy daves and get yourself a bargain or you can go to the highstreet and buy something thats genuine and pretty much zero risk.

  17. Boris the Cockroach Silver badge
    Pirate

    If

    Any apps I get ask for phone/contact permissions, then its time for the uninstall button.

    PS can someone give me a legit reason why a guitar tuner app needs your phone number and contact list anyway?

  18. JeffyPooh

    Time for a monthly security scan on reboot, a la Windows Update?

    It's a Wild West out there. Hopefully the Sheriff keeps order.

  19. Maurice Tate

    Gee, it wouldn't perchance be Lookout doing this, in order to justify their existence, would it?

  20. uphoriak
    Thumb Down

    @stu - an app from within the iPhone can make calls..

    That moneysavingexpert thead you linked above Stu happens to be from my missus, heh.

    Bearing in mind the obvious "don't let your toddler play with phones" mantra - blame her, not me! - I started a more technical thread over on Macrumors (http://forums.macrumors.com/showthread.php?t=1573698) as we've found a popular flash card app for toddlers has rolled out an update that includes a cartoon picture that automatically dials premium rate lines. We've caught it quickly and only sacrificed £40, and have got Apple on the case. I emailed El Reg about it just last night.

  21. Anonymous Coward
    Anonymous Coward

    Junkstore

    Google is letting Android down with the state of Google Play. It is very hard to identify good applications unless you invest a lot of time investigating alternatives outside of google-play before you install anything. Very few consumers will bother. The signal to noise ratio among apps is appalling. App-rating doesn't work. Malware is flourishing. It isn't even possible to determine if an app is available in the language configured in the OS prior to installation. As a developer I would be ashamed to be responsible for such a mess.

  22. This post has been deleted by its author

  23. Anonymous Coward
    Anonymous Coward

    iFanboi article?

    I think the article purposely ignored a few major points:

    1) I didn't see any mention that the apps effected were almost all Russian - how many people reading this English article will have come across them?

    2) 32 effected apps.... How many on the Google Play store now? I think that percentage is pretty low.

    3) Similarly - 2m downloads... But how many downloads are done DAILY on Google Play? I suspect it's a pretty big number there these days too.

    It's still an article-worthy topic, but making out like it's a big deal and a threat to all Android users is just silly.

  24. Down not across

    Bad News

    Vim is angry ..just just popped into my head. Always amusing.

  25. A J Stiles

    Seen this .....

    Recently a friend of a friend was telling me about a "scales" app for Android. Now, I know for a fact that there isn't a weight sensor behind the glass of most smartphones, so this has got to be bogus. (And it is: whatever you place on the phone, it shows the same weight which you entered during calibration). I didn't keep it installed for long after downloading it.

    I checked out another one, and the permissions it was requesting scared the backside off me.

This topic is closed for new posts.

Other stories you might like