Hasta La Gadget!

Researchers spotted a number of malicious applications on the Android Market. Photo: Jim Merithew/Wired.com

Google recently removed at least 10 applications from the Android Market, all of which contained malicious code disguised as add-ons to one of the most popular apps of all time.

Each of the removed apps posed as a cheat or an add-on to Angry Birds, the much-lauded mobile application created by Finnish game development studio Rovio.

A number of the apps in question contained a spyware program called Plankton, which connects to a remote server and uploads phone information like the IMEI number, browser bookmarks and browsing history.

“Market descriptions for these apps included the statement ‘brought to you free sponsored by Choopcheec Platform,’” Lookout Security spokesperson Alicia diVittorio told Wired.com in an interview. “[They include] a link to an EULA that does seem to accurately describe the behavior observed to date. We do not see these as desirable behaviors and classify it as Spyware.”

Xuxian Jiang, an assistant professor of computer science at North Carolina State University, initially discovered the malicious applications last week, and reported them to Google on June 5. Google suspended the questionable applications the same day, “pending further investigation.”

Jiang found malicious programs other than Plankton in his research. YZHCSMS, for example, is a Trojan horse virus that jacks up your phone bill by sending large amounts of SMS messages to premium numbers. Jiang says apps containing the virus were available on the Android Market for at least three months before Google pulled them.

Jiang found a similar application, DroidKungFu, circulating Chinese application markets before YZHCSMS made its way to the Android Market. “DroidKungFu can collect various information about the infected phone, including the IMEI number, phone model and Android OS version,” according to a Lookout Security blog post.

For many app developers, the Android Market offers a freedom not found in other application retail outlets. Unlike Apple’s strict application review process, apps submitted to the Android Market are published almost instantaneously. Many appreciate the freedom given to push programs out to the public at such a speed.

However, the Android Market’s app submission process comes at a cost. Google’s lack of vetting applications lends the Market to security vulnerabilities like these. Google mostly relies on a self-policing community — including researchers like Jiang — to spot offending apps, which means malware can sit in the market for months before someone spots it.

With a relatively open submission process like Android’s, this obviously isn’t Google’s first run-in with malicious app removals. Google pulled close to two dozen malware-infected applications in early March, but not before nearly 200,000 downloads occurred.

Going outside of the official Android Market for apps can be even riskier. Because users are able to download applications from alternative app markets (a feature unavailable to iPhone users), many have popped up over the past two years. Without Google’s moderation capabilities in these outside markets, users are more susceptible to downloading malicious apps. A Trojan with “botnet-like capabilities” popped up in early April, for example, highlighting the risk in going to alternative markets for applications.

Test driving an app isn’t entirely unheard of — Apple introduced its lackluster “Try Before You Buy” system last summer and the Android Market’s got a 15-minute return policy. Now T-Mobile’s teamed up with mobile gaming outfit WildTangent to bring a novel approach to looking under the hood of gaming apps: rentals. The partnership promises to bring 25 cent game rentals to your phone or tablet (considering you’re a T-Mo faithful rocking an Android device), giving you the opportunity to see what a particular game is working with before you commit. The new service also lets users play games for free with advertisements, and applies the cost of rentals to future purchases — rent-to-own style. So it won’t bring the same juvenile thrills as the arcade, but it will let you get your game on at 25 cents a pop. No word yet on when the service will go into effect, so don’t go breaking that piggy bank quite yet.

T-mobile, WildTangent to bring 25-cent game rentals to Android devices, harken back to arcade days originally appeared on Engadget on Thu, 09 Jun 2011 06:43:00 EDT. Please see our terms for use of feeds.

Permalink Electronista  |  WildTangent  | Email this | Comments

The iPad has yet to transform the publishing world as many expected it would, but some healthy competition from Android tablets should help to keep that process in motion. Zinio‘s reader app is now available on select Android 2.2, 2.3, and all 3.0 tablets, bringing Esquire, National Geographic, and 20,000 other magazine titles to the Motorola Xoom, Samsung Galaxy Tab 10.1, and a half dozen other devices. And, to kick off the launch, Zinio is picking up the tab on the most recent issues of 24 top magazines, as long as you download by June 15. Digital subscriptions are still often more expensive than their print counterparts, but at least Android tablet owners will have a safer place to hide their issues of Playboy.

Continue reading Zinio comes to Android tablets, gives you 24 magazine issues for free

Zinio comes to Android tablets, gives you 24 magazine issues for free originally appeared on Engadget on Tue, 31 May 2011 22:14:00 EDT. Please see our terms for use of feeds.

Permalink   |  Zinio  | Email this | Comments

We figured Apple’s firm response to Lodsys earlier this week regarding its claims against iOS devs would prompt the patent holder to move on to its next target, and sure enough, it looks as if said target has been selected. Unfortunately, a group of Android app devs have now found themselves in the Texas-based company’s crosshairs, which is citing the same patent infringement that Apple recently addressed, relating specifically to in-app upgrade purchases. As was the case with the last round of letters, Lodsys is demanding licensing fees from small, individual developers, who don’t have the resources to fight back. Lodsys appears to be maintaining its trend of ignoring media requests, so we’re keeping an eye on the patent troll’s blog to see if anyone comes up to the surface to defend this latest round of allegations. In the meantime, plugging your ears while humming and ignoring the mailman might not be such a bad idea… you know, if you do this kind of thing for a living.

Lodsys shifts in-app purchasing target to Android devs following Apple response originally appeared on Engadget on Sat, 28 May 2011 14:25:00 EDT. Please see our terms for use of feeds.

Permalink CNET  |  Google Groups  | Email this | Comments

Tired of content providers bossing you around, telling you what you can do with your own phone? Good, because Netflix is sick of telling you kids to keep off its lawn. Following a recent update, the outfit’s Android app now officially supports the LG Revolution, Motorola Droid, Casio G’zOne Commando C771, and any unsupported device that just happens to work on its own. In addition to adding official support for the aforementioned trio (and of course, some minor bug fixes), the stream king removed a device check that previously blocked unsupported handsets from attempting playback. Your mileage may vary, but the folks over at Droid Life are reporting success with both the Droid X and Droid X2, as well as the Xperia Play. That’s no guarantee for you and your unsupported device, but at least you have the freedom to fail. That’s nice, isn’t it?

Netflix updates Android app, expands device support originally appeared on Engadget on Thu, 26 May 2011 21:02:00 EDT. Please see our terms for use of feeds.

Permalink Android Central  |  Android Market  | Email this | Comments