Symantec's trojan warning criticised as scaremongering
Symantec's classification of thirteen apps as malware has been criticised by Android security specialist Lookout who says that they are not malware but rather the integration of an aggressive ad network which "should be taken seriously". Lookout, like Symantec, also provides anti-virus software for Android.
Symantec had identified 13 apps which included the advertising module of the Apperhand network and classified it as malignant, warning that it had already infected up to five million Android devices. Apperhand sends a hash of the device's IMEI to a server in order to uniquely identify the user and then configures the device to receive advertising via push messages. It also adds a shortcut to the launcher for Apperhand's search engine and there are reports that it also changes the browser's default search engine and home page settings.
These activities though, says Lookout, do not justify it being called malware – Lookout defines malware as software that "is designed to engage in malicious behavior on a device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud".
Although installation of the apps requires the granting of a wide range of permissions and in some cases the addition of the search engine is noted in the apps' descriptions in the market, there is no doubt that many users do not question the permissions they are granting to an app on the fly. This means their decision to install is not an unambiguous grant of permission to take or modify their device's settings.
Meanwhile, Google has removed some of the apps that Symantec classified as malware from the Google market. But the intrusive advertising does not seem to be the reason for the removal. It is believed that the removed apps had been using copyrighted names on copies of familiar games to attract users. Other games with the Apperhand code, such as the apps from Ogre Games, are still available in the Android Market.
(djwm)