Malicious apps may be a more frequent occurrence for Google because of its use of open-source technology. For Apple, a recently discovered trojan app marks a first – the first time someone found malware in the Apple App Store since it launched five years ago. Last week a Russian app known as “Find and Call” found itself in the Google Play and Apple App Store.
Researchers at the Kaspersky Lab discovered the app actually worked as a trojan. When users downloaded the app, they needed to sign in with an email address and cell phone number. The app then asked users if they wanted to "find friends in a phone book." If agreed, the app uploaded the device's address book without telling users. It then took users’ contact lists and uploaded the information to a server. In turn, the app sent spam to SMS contacts. While developers are supposed to obtain permission when they use address book information, Find and Call made no mention of this in its end-license agreement.
Apple and Google removed the app last Thursday. However, it appears the application remained available for at least a week.
Concluding Thoughts
Find and Call should serve as a warning for those who download apps geared toward social networking to always read the fine print to see if apps pull source code from a user’s address book. If the information does not appear in an agreement, you do not trust what the agreement says or there are no validation checks, do not launch.
No comments:
Post a Comment