Wednesday, May 16, 2012

PSA: No, This Is Not MSN 2012, Angry Birds 2, Or Modern Warfare 3 For Android - What You Can Do If You See Malware In The Market

In my continuous hunt for new apps, I sometimes run into such obvious malware/crapware that it causes an immediate virtual gag reflex. Sometimes, however, this malware is cleverly disguised and to an unsuspecting user it may seem legitimate.

Here, have a look at what I found today:

image

If you briefly scanned this page, you may have missed the fact that the publisher's name is MicrosDft Corporation (in all caps), or that it's requesting a permission to directly dial phone numbers without your intervention, or that the website in the listing is msM.com.

Thankfully, the amount of 1-star user reviews is now starting to look alarming, but that wouldn't have been the case if you saw it right as it came out. What's even more worrisome is 10,000+ downloads and the amount of 5-star ratings, all of them undoubtedly either fake or created by unsuspecting victims.

So remember - always pay close attention to the details, do your due diligence, and be suspicious - otherwise you may end up giving away your personal information straight to rogue databases or find a few hundred dollars worth of premium calls on your next phone bill.

So, what can you do when you spot a shady app like that?

We'll try to bring Google's and the public's attention, and the app should get removed shortly after. Tweet at us, email us, send us a pigeon (email usually works best though).

Flag the app as harmful by pulling up the on-device Market and marking it as inappropriate (the Market then asks for a more detailed reason). Why Google doesn't build this functionality into the web Market is beyond me.

Note: The "Harmful to phone or data" option only shows up if you install the app first.

image SC20111105-152135 SC20111105-152203

You can report apps on the web via this form buried somewhere deep inside Market support pages. Be prepared to fill out a bunch of info the Market should already know about you - come on, Google, do you really want to discourage your users like this?

Thanks to John Cassero for this tip!

image

Unfortunately (in this case), in order to leave a 1-star review, you need to actually install the app, quickly leave the review without starting it, and then quickly uninstall it. Do so if you feel especially adventurous today - your brethren will be forever grateful, but note that very theoretically the app could get triggered by something and run in the background after installation, so know the risks and be quick.

Note: Be sure you're leaving a 1-star review for an app you truly think is malicious. Don't hit an innocent dev by accident.

This PSA is brought to you by your local Android PD. Stay alert, folks.

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...