INSECURITY OUTFITS are warning that not all of the apps on the Android marketplace are what they seem.
Warnings have been issued about a number of banking apps that apparently are more about getting their hands on your money than helping you manage it.
Over at F-Secure, Mikko Hypponen, chief research officer, has taken a look at a few of the apps in question, most of which appear to be the work of one developer, O9Droid.
"These applications were being sold, but it's still unclear what exactly they did. We haven't been able to secure a copy for ourselves yet, so we don't know either", he wrote. "Since the applications were not developed or authorised by the banks themselves, they could not do real online banking from the Android device. Apparently they only opened the web interface of the online bank for the user. On the other hand, they could have stolen user credentials".
Anyway, this might all be irrelevant now since Droid09 apparently has either moved on or changed his user name. As Mik the Hyp explains, "We can't ask these questions from Mr 09Droid himself, as he is nowhere to be found. His applications have been removed from the market, and his contact information points to an empty Blogspot page."
Some banks have already sent out warnings to their customers, which explain that some apps on the market might be used for phishing attacks. In the US the First Tech Credit Union has posted a warning on its site about the issue, saying "If you did download the Droid09 app, please remove it from your phone and take it to your mobile provider to ensure it's completely removed". It adds, "As a reminder, we don't currently have an app for the Android phone."
Meanwhile, F-Secure has listed the names of all banks that might have been affected and the apps that have since been removed.
All of which would make Apple's lengthy and tedious approval system for its App Store seem a lot less bothersome, if it weren't also arbitrary and managed for Apple's benefit rather than that of its users. µ
Fox? Roadrunner more like
Sharkstooth CPU promises some bite
But there's no Play Store access or Google services
Less than sound proposition