Fake Android "Security" App Tip of the Fraud Iceberg

The Android Police did a good job recently laying bare the latest scandal of fraudulent apps and malware infecting the Droid universe.

Though it was caught fairly quickly, the recent fake Virus Shield app rocketed to #1 on the App Store with over 10,000 downloads in a week – at $3.99 each – before it was determined that it offered no security features whatsoever.   Sadly, it also had an impressive 4.7-star rating.  The app description says that it “Prevents harmful apps from being installed on your device,” “scans apps, settings, files, and media in real time,” and “protects your personal information.” Oh, and it has a low impact on battery life, and has “No, ZERO pesky advertisements!” 

It shouldn’t have much impact on your battery, since it did absolutely nothing other than to change an “X” image to a “check” image after a single tap, fooling the user into thinking it has activated and is now protecting them.  It was also breathtaking in it’s boldness of charging $3.99 for a useless app.  The story moved swifty, as a follow up article by The Guardian shows the developer saying the app was “uploaded in error, with the security code missing.”   It remains to be seen if a true, functioning version of the app will be forthcoming or if this was an attempt at outright fraud.  In the meantime, Google has frozen the $90,000 in funds in this app’s developer account and anyone who downloaded the app can request a refund.

So while this story has, if not a happy at least not an UNnhappy ending, it is just the latest example of bad apps infiltrating the Google world, and they seem to be on the rise.   According to a recent report issued by Trend Micro,  high-risk, malicious app rates on the Google Android operating system rose to 718,000 at the end of the second quarter in comparison to 509,000 in the first quarter of this year.  Now keep in mind that this covers global use, not just US, but it still illustrates a high profile problem.  Securing your network gets harder when your employees bring in BYOD devices potentially loaded with a variety of unapproved apps.

The majority of malware discovered was packaged as fake, spoof or trojan-laden versions of popular applications. Almost half — 44 percent — were designed to subscribe unwitting downloaders to expensive services, and 24 percent were created to steal data. Adware-laden applications came in third at 17 percent.

JD Sherry, vice president of technology and solutions at Trend Micro said: “Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective timeframe. In some cases, users will never get patches as vendors leave their customers at risk of attack. Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly.

At the rate this malware is accelerating — almost exponentially — we appear to be reaching a critical mass. To fight this, Android users need to take great care when using their devices and take the simple, but effective, step of adding security software to all mobile devices.”

What that means is that CIOs, IT and Telecom managers need to tighten up security, to make up for the fact that your employees may not.