With good always comes the bad, so is the case which is recently seen or observed by the downloading done outside the official Android market by Android. As the champions always have to face the trouble of backstabbing, here also the Android Market is facing it. The Android lovers have really made the OPEN market policy of Google when they are using their androids.
New Trojan was found recently as it has made its official appearance in the unofficial market for Android market. Well you must be very careful and really may need to think twice about how open they want the platform to be.
This Trojan is gifted to you when, Android Walkinwat, an app infected with this Trojan and appears to be a free is actually a pirated version of another app, “Walk and Text.” The real version is available for purchase in Google’s official Android Market for a low price ($1.54).
If you download this fake app (from unofficial markets for Android apps) and install it, it redirects you to the actual app on the Android marketplace — but in the background, it sends the following embarrassing SMS message to your entire phone book:
“Hey,just downloaded [sic] a pirated app off the internet, Walk and Text for Android. I am stupid and cheap, it costed only one buck. Don’t steal like I did!”
Flagrant spelling and grammatical errors aside, the text message serves as a reminder of the risks to those willing to go outside of the official Market for apps.
“Someone downloaded the app, inserted their malware, and uploaded it onto other non-official marketplaces,” Symantec mobile team product manager John Engels told in an interview.
Well as the safety lies in precaution so the more you go out of the league from the official market the more prone you are as things may seem what they are not as well as there is no guarantee for what you download.
Google maintains clear content policies on all apps that are uploaded to the official Android Market, and developers know well enough in advance what those policies are, and how not to break them. Whenever an app in clear violation of Google’s policies shows up in the Market — like, say, a piece of malware — Google’s Android engineers are often quick to quash it.
But if you are not one for pesky rules and regulations and want to see what the non-Google-sanctioned markets have to offer, all it takes to access them on an Android device is for you to uncheck a box on a settings page, allowing your phone to install apps from “unknown sources.”
To a certain degree, this isn’t a huge issue for the novice user. Many outside applications are hosted on file sharing websites that user like your grandmother probably aren’t frequenting. And unless they’ve tried to install these outside applications by sideloading them, they’ve probably never unchecked the unknown source’s permissions box to begin with.
The same goes for the Amazon’s App store because in order to install Amazon’s App Store on an Android device, you first must uncheck that permission box. While there may be no immediate risks associated with downloading apps from Amazon’s App Store, it opens the door for users to allow other unofficial — and therefore riskier — apps to be installed on their devices, from other sources.
Well the risks are more and have increased a little but it seems that finally we’ll have to face this problem of Trojans infecting the best also.
“As soon as you flips that switch and go away from the Android Market, which is the one place where most people go, then you are putting yourself at some risk,” security researcher Charlie Miller.
“The threat will persists so long as people continue to download pirated software from peer-to-peer networks,” Webroot threat research analysts Armando Orozco and Andrew Brandt.
They say sticking to the Android Market is your safest bet, but if you’re still compelled to go outside the official box for your apps, whether it be to Amazon’s App Store or another unofficial market, you should “scrutinize the permissions the App requests, and don’t install it if it wants access to certain functions (like the ability to send SMS messages) that the app shouldn’t need to access.”
But doesn’t staying within the confines of the Android Market defeat the purpose of choosing a platform with such an “open” philosophy? If you want a stricter, closed system with stringent regulation on its apps via a review process, you might as well buy an iPhone.
“Android users enabling sideloading doesn’t necessarily lead to piracy or installation of apps from unsafe sources,” says Alicia diVittorio, a spokewoman for Lookout Mobile Security. “In fact, it’s great to have another source for consumers to download apps from a reputable brand likes Amazon.”
Essentially, there is an inherent risk that comes with downloading apps for a device with an attitude of openness like the Android. Even the official Market is susceptible to infiltration by malware, as evidenced by the swath of malicious apps pulled from the store earlier this month.
But in a relatively free and open domain such as Android’s, the risk remains the price of admission.