By According to Symantec, a game called Tap Snake – a snake clone that I was unable to find in the Android market – poses as an innocent game, but beneath its slinky apple-eating core is a trojan that tracks your GPS coordinates (along with the dates and times you were at those locations) and can transmit them to another device that has an app called GPS Spy installed – currently $4.99 in the Android market.
The funny thing here is that Symantec admits there are other apps that knowingly report to GPS Spy in the Android market (and that similar apps like this exist in the iOS app stores), but this particular application is considered a trojan by their security team due to the fact that it hides this functionality. How does it work? The person who knows how to “unlock” this functionality would “register” the game on the actual device with an email address (for which to send the coordinates) and the “code” itself.
It sounds scary at first, but this would require the “hacker” (who wouldn’t need to do much outside of asking for your phone to “install a cool snake game he found”) actually have physical access to your device and enough time to install it. However you allow people (especially strangers) to use your device would ultimately determine how safe you are: I personally have an application locker installed to keep anyone without my unique password from accessing certain areas of my phone, including settings (enabling non-trusted apps), the file manager, and the Android market (as well as other sensitive areas such as call logs, text messages, and emails).
They’d be able to bypass all of that if you don’t lock your browser, though, but if someone you don’t trust is using your phone you’re more than likely already watching them to make sure they aren’t doing anything malicious. Enough about my security OCD, though, because Google’s considering this a non-issue by downplaying it as a “true” trojan. Symantec is right in asking users to take caution due to the app’s failure to report its hidden features, but as Google states, the permissions granted to an app are clearly stated before you go through with hitting that install button.
As I write this report, the app is no longer in the Android market (at least for my device), but if you’re feeling unsafe, be sure to uninstall it from your device and be more careful with what you download from now on.
[Via ComputerWorld]
I’ve noticed a large amount of apps having the permission to track my fine (GPS) location, even though they don’t need it. The worst part is that I installed them..
Its actually called Snake and its by Kwanovations. Check out the security. “Full internet access. Coarse (network-based) location”
*snore*
More FUD fear-mongering by antivirus companies looking to get in on the next big area of devices.
Someone wake me up when we have a fully fledged, self-replicating virus that doesn’t require my permission to install, exploits some unknown security hole to subversively install itself, accesses my contacts, and emails itself to all of my friends and acquaintances.
This is very snakey!!!
Who the f cares? U people ain’t important enough to b tracked…u think ur Jason Bourne. Or something?
Sounds like it oculd be used to track your phone should someone steal it…
Hey Quentyn, how about name dropping on the app you use to do all that locking-down that you mentioned for those of us who just got their first android phone this August…. (please)
What is the name of that application locker?? That sounds like it could come in handy..
Hey guys,
—
The app is called App Protector by Capp Plus. Try out the trial (App Protector Trial by Carrot Apps, not Lite. Same developer, but Trial is the one you want as it’s maintained alongside the full version.): it’s good for 7 days of full use with $1.99 to use it thereafter. I highly recommend this app as it’s never failed me.
Yeah I agree with Neoterix. The entire industry is built on scare scaremongering. To be honest, I haven’t had any protection not even as much as a firewall on my pc for a year and a half and NOTHING HAS HAPPENED. Even if I did have a virus, it isn’t affecting my everyday life so I don’t care :D
Thanks Quentyn, looks like it’s time to feed my paranoia! woo hoo!
*runs off to find app protector*
Antivirus companies see a profit here. Somehow I feel this has something to do with McAfee acquiring tenCube (makers of WaveSecure)
I was reading this article about trojans and viruses on android phones.. kinda explains what exactly is going on with them. Might help those worried bout getting a virus on your phone.
http://www.totallydroid.com/index.php?totally_droid=android_security