New Android malware is stored in stolen apps, steals user data upon installationAlex Wagner - Senior News Editor
We've heard of a couple of bits of Android malware in the past, but this latest bit of bad software could be the worst one to date. Reddit user lompolo recently spotted a publisher (found here) that took 21 popular free apps, stuck exploits in them, and then reposted the software in the Android Market for unsuspecting users to install. The re-upped apps, which garnered anywhere between 50,000 and 250,000 downloads in only four days, contained the "rageagainstthecage" exploit. Once installed, the app would gain root access and would reportedly gather information on the user, like IMEI, IMSI, product ID, model, and partner. The worst part, though, is that the offending apps also have the ability to download even more code. According to Android Police, Google has already been alerted and are in the process of yanking the apps from the Market and from user's devices.
Android's openness is one of the best aspects of the platform and can really let developers innovate and bring all kinds of exciting software into the Market. As this news goes to show, though, sometimes that openness isn't always great for Android and its users. The good news is that Google acted swiftly before things really got out of hand. Still, perhaps this is a good opportunity to read Taylor's tips to keep your Android device secure?
Via Android Police, Reddit