Microsoft may like playing fun at the growing Android malware problem, but you’d have a hard time convincing most regular users that it’s an issue. That’s mostly down to admirable vigilance on Google’s part in keeping the Market clean of malware and Trojans, as evidenced by their latest sweep, wherein no less than 22 fake apps were removed at once. AndroidGuys reports that all of them came from a single source, labelled as ReFraud, and were disguised as various popular but not overly obvious apps, like wallpapers and simple games.
SMS fraud apps work on a pretty simply principle: once installed, they send surreptitious text messages to a paid toll number owned by the fraudsters. The apps charge a few dollars to the user’s wireless bill and collect small amounts from a wide array of victims, almost literally nickel and diming their way into larceny charges. It’s a popular pastime among digital thieves, and security researcher Symantec says it’s one of the fastest-growing segments of mobile malware among all phones. The 22 apps in question today were identified by Lookout Security, who notified Google of their presence. Google promptly gave the apps and their unscrupulous developers the boot.
Despite the Android Market’s rather in-your-face presentation of app permissions, many users still ignore them when trying out new apps. The events of this story prove that you should always take a hard look at app permissions, especially when installing from a small or unknown developer. There’s no reason for a wallpaper app or game to have access to the SMS abilities. If you’re unsure, check the latest reviews in the Market – eagle-eyed Android enthusiasts often report shifty apps for the benefit of their fellow users.