Android.Counterclank, a newly discovered Android malware, could have infected 1 to 5 million devices through a dozen or so apps downloaded from the official Android Market, according to the security firm Symantec.
So far, Symantec had identified 13 apps carrying the malicious code, mostly disguised as game titles and adult apps. Like most Android malware, these titles demand an unreasonably extensive list of permissions, including access to location information.
Among the capabilities of Android.Counterclank:
- Copy opt out details
- Copy push notifications
- Copy shortcuts
- Identify the last executed command
- Modify the browser’s home page
- Steal build information (for example: brand, device, manufacturer, model, OS, etc.)
As the dominant mobile platform, Android inevitably became the number one target for developers with malicious intent. The fact that Google isn’t vetting apps before publishing them serves only as an incentive to these not-so-nice people.
Amazon’s Appstore for Android takes a more Apple-esque approach. In an interview with Android Police, Aaron Rubenson, the head of Amazon’s Appstore for Android, said the company conducts rigorous tests on submitted apps.
Google’s Failure is Amazon’s Success
Although this isn’t the first instance malware has been found in the Android Market, Google still doesn’t pre-screen apps. Although the company is able to remove malicious apps remotely from infected devices, there’s no guarantee it could do so before any damage is done.
The official Android Market is Google’s key to maintain control over the platform. OEM partners are forced to play by Google’s rules in order to gain access to Google branded products–such as Gmail, YouTube, Google Maps–and most importantly, not to mention the Market itself.
It makes me think Amazon has beaten Google at its own game. And that’s just the beginning. As the number of malware-infested apps grows in the Android Market, its appeal among users, developers and manufacturers is sure to diminish.