Given that collectively we are approaching 1 billion mobile apps on the market, it’s a surprise that you don’t hear about problems like this more often: Google (NSDQ: GOOG) has pulled 21 “counterfeit” apps from the Android Market that were given the name and appearance of popular Android apps, but actually contained malware that collected user information and potentially more. The news follows reports yesterday about Apple (NSDQ: AAPL) App Store users getting their accounts hacked, potentially through the use of iffy gift cards.
The news about the 21 apps was originally uncovered by an Android user called Lompolo on Reddit. The blog Android Police notes that Google pulled the 21 offending apps within five minutes of being notified aobut them, and is also pulling them remotely from users’ devices.
What was the issue? Apparently a publisher called Myournet posted 21 apps on Android, with some of them copying apps that are already popular downloads. The titles included Falling Down, Super Guitar Solo (pictured), Scientific Calculator and Photo Editor, as well as several titles with racier names to lure in the punters: collectively, Lompolo notes that the apps were downloaded between 50,000 and 200,000 times over the course of four days.
The apps were mocked up to look like their original counterparts, except that they also contained “‘rageagainstthecage’ root exploit” code to collect information such as device IMEIs, user IDs and country and language information. The code seems to be able to extract other details, although it’s not yet clear what.
The problem seems to be that while Google has pulled the apps, it may not be able to extract the code that would have gone onto the devices through those apps.
We have contacted Google to ask whether it has an official response to this story and will update the post as we learn more.
This is not the first instance of malware or hacking around apps — earlier this week we noticed reports of people complaining of unauthorised app purchases on their iTunes accounts — a problem thought to be connected to certain gift cards. As the app market matures, there will likely be more cases coming up like these. For what it’s worth, such cases do seem to be a vote in favor of smaller and more closed systems.