Android malware?
No such thing.
Police in the Chiba Prefectural zone of Japan have arrested nine people suspected of making nearly $4m by distributing malware that harvested mobile user's contact information and using it for a fake dating website. The arrests came after a joint operation between the police and Symantec, and the security company reports that …
This post has been deleted by its author
From the description, I'm pretty sure that I've been receiving that spam--but to the best of my knowledge I've never installed such a poison app. How did they get my email address?
At this point, I'm not even certain they haven't somehow registered me on such a website, though I certainly wouldn't have done it on my own, given the limited state of my Japanese... I haven't noticed any suspicious credit card charges, but maybe I haven't been looking carefully enough.
Do you suppose the google would help by warning all of the people who downloaded the dodgy apps? Don't hold your breath waiting for the google to become less EVIL. Another positive thing the google could do would be to add a 'financial model' tab to their app website. In this case, the warning would have been something to the effect "The creator of this app claims an advertising-based financial model, but the creator is not using Google's advertising system and has not received any advertising-related revenue from Google."
Still, in terms of supporting spammers and scammers, I think Yahoo is #1. Hmm... Returning to the original question, maybe that's how the scammer got my email address without actually getting me to install anything on my phone?
Actually called the Japanese police to see if they were going to publish a list of the dangerous apps so I could check against the Japanese apps I've downloaded. Absolutely no clue that I could detect. Either there is a clue somewhere else, or someone delivered the gang on a platter.
"From the description, I'm pretty sure that I've been receiving that spam--but to the best of my knowledge I've never installed such a poison app. How did they get my email address?"
One or more of the apps was installed by someone else, who has you in their contact details? The article says "the malware harvested the email addresses of its victims" but reading on it's clear what they mean is it harvested email addresses of contacts. For example, they "harvested 37 million email addresses from around 810,000 Android devices" - so either each phone user had 45 email addresses of their own stored in the phone, or that's contact email addresses.
Which means this paragraph from the article is a bit silly:
"From the looks of some of the applications the malware distributors were pushing, they will have scooped the dumbest of users, so the email lists would have been perfect for psychics and pitchers of other such wondrous illogicalities."
Just because the owners of the phones who installed the apps are dumb, it doesn't necessarily follow that their 45 (on average) contacts with email addresses are.