A hacker was able to successfully post his phishing app to Google’s Android Market, according to a recent article on The Register:
The rogue Android application posed as a legitimate banking applet, but was actually designed to trick marks into handing over bank login details to fraudsters….
The malicious app was identified and Android users who downloaded this, or any other, app created by the now banned user known as “Droid09″ were notified and advised to delete the apps.
Tags: android, app, mobile-phishing, security
[...] major mobile device companies and shows that, while some are better than others (with Google at the bottom of the list), all could use major [...]
With Great Power comes great responsiblity. Educate your self, unless a banking app comes from the bank itself DONT USE IT.
Any one with half a brain could figure that out. and if not… please step away from the droid.
~K
Note that apps submitted for Windows Mobile have a relatively short turnaround time for MS signature, implying a perfunctory examination. The Apple App Store has over 140K apps for the iPhone. In both cases, it seems that unless something can be found by automated checks it will not be found.
Unless the automated testing is 100% effective, it seems reasonable to take steps to hold the malware submitter accountable, but it’s not clear how that can be done expeditiously without making the process highly burdensome therefore restricting consumer choice.
Maybe there is a business case for security accreditation of apps.
In the meantime, as Jeremy indicated a little common sense goes a long way.
[...] a hacker was recently able to post his phishing app–which attempted to trick users into submitting their banking details–to Google’s [...]