The Inquirer-Home
Software > Applications

Fraud hits the Android apps market

Not the apps you are looking for
By Dave Neal
Tue Jan 12 2010, 14:30

INSECURITY OUTFITS are warning that not all of the apps on the Android marketplace are what they seem.

Warnings have been issued about a number of banking apps that apparently are more about getting their hands on your money than helping you manage it.

Over at F-Secure, Mikko Hypponen, chief research officer, has taken a look at a few of the apps in question, most of which appear to be the work of one developer, O9Droid.

"These applications were being sold, but it's still unclear what exactly they did. We haven't been able to secure a copy for ourselves yet, so we don't know either", he wrote. "Since the applications were not developed or authorised by the banks themselves, they could not do real online banking from the Android device. Apparently they only opened the web interface of the online bank for the user. On the other hand, they could have stolen user credentials".

Anyway, this might all be irrelevant now since Droid09 apparently has either moved on or changed his user name. As Mik the Hyp explains, "We can't ask these questions from Mr 09Droid himself, as he is nowhere to be found. His applications have been removed from the market, and his contact information points to an empty Blogspot page."

Some banks have already sent out warnings to their customers, which explain that some apps on the market might be used for phishing attacks. In the US the First Tech Credit Union has posted a warning on its site about the issue, saying "If you did download the Droid09 app, please remove it from your phone and take it to your mobile provider to ensure it's completely removed". It adds, "As a reminder, we don't currently have an app for the Android phone."

Meanwhile, F-Secure has listed the names of all banks that might have been affected and the apps that have since been removed.

All of which would make Apple's lengthy and tedious approval system for its App Store seem a lot less bothersome, if it weren't also arbitrary and managed for Apple's benefit rather than that of its users. µ

Share this:

< Previous article| Next article >
Comments
Changed name

"this might all be irrelevant now since Droid09 apparently has either moved on or changed his user name"

He changes his name within the scope of this article! ;o)

posted by : billybob thornton, 13 January 2010 Complain about this comment
This isn't so much a reason to champion locked-down app stores...

...as it is a reason to once again try educating people that accessing sensitive personal information via a third-party website or application is A TOTALLY DUMB THING TO DO.

posted by : ChrisC, 13 January 2010 Complain about this comment
And for folks whining about Apples control of their App store

As much as people like to blast Apple's control over their Apps store.... you at least don't get this crap.

Maybe overprice, maybe over-restrictive, but at least it's a controlled environment with accountability.

posted by : hmmmm, 12 January 2010 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up Existing user
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: