Legitimate apps modified to serve ads and offered on Android Market
Posted on 22 November 2011.
When there's easy money to be had, crooks usually don't care who will end up losing it - and cyber crooks are no exception to that rule.

Here's a quite recent example: Kaspersky Lab expert Tim Armstrong has discovered that an Android app developer has effectively used the source code of a legitimate app made by another developer, added to it a Pay-Per-Install library and has been spotted offering it on the Android Market.

The original app is named ElectricSleep and aims to improve the quality of the users' sleep by waking them during a light phase of their sleep cycle. Unfortunately, the stealing developer decided to keep that name, creating confusion and making the theft easier to spot by the original developer.

The only effective difference one can initially spot between the two apps is that the legitimate one does not ask for permission to access the users' network-based and GPS location.

An in depth analysis revealed that the aforementioned Pay-Per-Install library is part of a software development kit of AirPush - a company that specializes in pushing ads to end users through apps:


So what's in it for the stealing developer? According to the company site, he (or she) gets from $6 to $40 for every 1,000 users who see a particular ad.

"While these Pay-Per-Install services are not illegal, they can be intrusive, and stealing apps just to add on advertising code is definitely in violation of the Android developer License agreement," points out Armstrong, and adds that while the stolen and modified ElectricSleep app has been removed from the Android Market, the stealing developer still retains his account and will surely continue with these dirty tricks.

As always, users are advised to closely check the permissions asked by each app they plan to install and be critical in their final decision.






Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Dec 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //