Latest Android Malware scare might be premature

[still1]

I just want to put this in here so that everyone know that the latest malware scare is nothing to worry about.

These reports are from Lookout Mobile security

The folks at Symantec have tipped everyone off about a new piece of

Android Malware, callingAndroid.Counterclank "a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device." They note that starting one of the apps "infected" with the apperhand SDK package will show a second service running, and often places a search icon on the home screen. They have verified this is in 13 applications on the Android Market and are calling it "the highest distribution of any malware identified so far this year." Some reports on the internet claim it may have affected 5 million users. That's 5,000,000 -- a huge and scary number. And it makes for a great headline.

But it looks like Symantec might have jumped the gun a bit.

Lookout, a competitor in the Android security field, says that the applications are not malware, and the apperhand package actually is a legitimate, but aggressive, advertisement component. It's part of an advertising software development kit that's a modified version of the"ChoopCheec" platform? or ?Plankton? SDK that was the focus of some privacy concerns in June 2011. This newer version is cleaner, but it still has capabilities common to many ad networks. Writes Lookout:

• It is capable of identifying the user uniquely by their IMEI number, for instance. But unlike some networks, this SDK forward-hashes the IMEI before sending to its server. They?re identifying your device, but they are obfuscating the raw data. (That's a good thing.)
  
• The SDK has the capability to deliver ?Push Notification? ads to the user. We?re not huge fans of push notifications, but we also don?t consider push notification advertising to be malware.
  
• The SDK drops a search icon onto the desktop. Again, we consider bad form, though we don?t consider this a smoking gun for malware provided the content that is delivered is safe. In this case, it is simply a link to a search engine.
  
• The SDK also has the capability to push bookmarks to the browser. In our opinion, this is crosses a line; although we do not believe this is cause to classify the SDK as malware.
  

We're not sure exactly how far is too far, but if the applications are using practices found in "many" other ad networks, we agree with Lookouts points listed here and have to call this one a non-issue when talking about malware. On the issue of privacy and wanton sharing of user data, we're not loving it, but it's not malware.

http://www.androidcentral.com/android-malware-scare-may-have-been-premature

[techbeck]

You mean Symantec was wrong??? :|

[javagreen]

You mean Symantec was wrong??? :|

As usual :p

[evo_spook]

Head in sand time.

[techbeck]

Head in sand time.

Its called sarcasm...

And until either Symantec or Lookout can prove their claims on whether what was found is malware or not...its just one companies opinion over another.

[evo_spook]

Its called sarcasm...

And until either Symantec or Lookout can prove their claims on whether what was found is malware or not...its just one companies opinion over another.

Whether they find something or not, I think its time Google stepped up and sorted the market out, I want the confidence that its safe. I can understand caution if I'm going to a wares site and downloading apps, but I shouldn't have to have that worry if I'm downloading from the official site.