December 30, 2010 at 11:47 am

Android App Malware Highlights One Big Advantage of Apple’s ‘Closed’ Approach

Google Android users can install apps from any Android app store on the planet — but with that freedom comes the danger of installing something that could allow a remote server to take control of your phone or tablet.

Seemingly-legitimate apps on several Chinese websites have been tampered with, in an attack  described as “the most sophisticated Android malware… seen to date” by Lookout Mobile Security, which first reported the malicious app. Dubbed “Geinimi,” the attack uses the Trojan Horse approach of hiding within something the user thinks they want to install:

Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone… Geinimi could be packaged into applications for Android phones in other geographic regions.

(To be clear, Lookout notes that this issue does not affect Android apps available in the official Android Marketplace — more on that below.)

The malicious software hides inside hacked versions of what appear to be somewhat popular Android apps, including Baseball Superstars 2010, City Defense, Monkey Jump 2, President vs. Aliens and Sex Positions. Once the unwitting user installs the compromised version of the app, it collects their location and the unique identifier number of their phone and attempts to deliver that information to a remote server every five minutes.

That’s bad enough, and Lookout says it caught these malware-infected apps in the act.

But in addition, this malware can then prompt the user to install another app, which could contain a more dangerous payload. According to Lookout’s analysis, the attack is sophisticated enough to create a wireless botnet, somewhat like the ones that wage massive attacks on websites after taking over large numbers of desktop computers.

Apple has drawn no small amount of fire from open computing advocates due to the closed nature of its iTunes App Store, which commands a hefty percentage of app developer revenue in return for vetting the vast volume of apps submitted for inclusion in the store, so that consumers feel they can trust the apps with their personal information (and even there, lawsuits are being filed).

However, Apple’s oft-criticized policy of filtering every app through a lengthy iTunes approval process before it can be installed on an (unjailbroken) iPhone could pay off in the long run. Much of the fun of owning a phone that can install apps is the feeling that you can install whatever you want, and delete it if you don’t like it — and in order to do that, you have to feel that those apps are safe, especially before you install them on something that knows where you are. Google, which is already said to be readying a web-based version of the official Android Marketplace, could be forced to follow Apple’s lead if such attacks grow more commonplace.

(Once again, this issue does not appear to affect apps available in the official Android Marketplace.)

Photo courtesy of Flickr/laihiu