Posted in Shoddy Security

Google inadvertently distributing malware to its own users through “Google Play” Store

The Monster of Mountain View has been caught with its pants down again:

Google has been caught hosting more than a dozen malicious titles in its official Android app market. Some had been downloaded tens of thousands of times and turn smartphones into zombies that await commands from their attacker overlords, security researchers said.

A stash of 17 malicious apps remained freely available in the Google Play store, according to a blog post published Thursday by researchers from antivirus provider Trend Micro. Six of those titles contained a highly stealthy code dubbed Plankton, which causes Android-based phones to connect to command and control servers and wait for commands. At least 10 Plankton-based apps found last year in the Android market collected users’ browsing history, bookmarks, and device information and sent them to servers under the control of the attackers.

Isn’t one of the major justifications for walled garden-style app stores like “Google Play” to protect users? To prevent people from downloading malicious software? (Yes, that was a rhetorical question).

There’s no question app stores have been successful in allowing companies like Apple and Google to wield a huge degree of control over the user experience on their mobile platforms. But while that control may be good for the corporate bottom line (it keeps people locked in), it’s bad for user freedom, privacy, and security, as this report makes clear.