"Malicious" Android app ousts pirates, steals data

It's not every day pirates get called out for breaking the laws, but a new Android application does just that.

CNET reports that a "malicious" Android application, that appears to be a "free" version of an application that exists in the Marketplace is doing the rounds on peer to peer and file sharing sites today, according to Symantec. The application is called "Walk and Text" and allows users to see what's in front of them while texting by using the camera to create a transparent background as they text. 

Symantec reports that the application displays a message to tell the user that the application has been "compromised" or "cracked" and in the meantime gathers the phones username, phone number and unique identifier, and sends it to a remote server. In addition to this, it sends a text message to every contact of the victim's phone reading, spelling errors and all;

"Hey, just downloaded a pirated App off the Internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck.Don't steal like I did!"

Finally, the software says to the user;

"We really hope you learned something from this. Check your phone bill;) Oh and don't forget to buy the App from the Market." It includes buttons for buying the app or exiting.

Apparently, the version number is labeled as 1.3.7, which is a build that doesn't exist yet. Perhaps the developer intentionally put this around the web to stop cracking? More information about the application can be found over on the Symantec blog.

Report a problem with article
Previous Story

Microsoft rejects WP7 Twitter app for "Graphic Content" [Update]

Next Story

Microsoft to file EU antitrust complaint against Google

81 Comments

Commenting is disabled on this article.

I'm not an apple fan but the iPad definitely is better than any of the android tablets.

As for this story, if this app was labeled as free, then where do they get the idea the person is a pirate?

jd100 said,
if this app was labeled as free

It wasn't free in the Market.
On P2P it might have been labeled as anything they wanted. Just because you might be able to find a "free Office2010" on a P2P network doesn't mean that Office2010 is free, nor does it mean that "free Office2010" is actually Office2010.

I mean, common sense 101. It's sometimes amazing how some people can fall for stuff on internet that they wouldn't fall for in real life.

This is why its spurred action. Regular corps cannot do this, as their company would go directly to bad PR and that is a instant neg effect. But, this guy [or if the actual dev didnt make it then the creator] doesnt care as hes not a 'corporation'. He technically 'can' get away with it, he wont have much bad PR.

Its simply a great message telling all the idiots what the computer programs you illegally get, wish they could do. This 'little' program was a test, im almost sure you will see alot more of this in the future. Dont use P2P or other illegal means, and YOU WILL BE FINE.

theslam08 said,
This is why its spurred action. Regular corps cannot do this, as their company would go directly to bad PR and that is a instant neg effect. But, this guy [or if the actual dev didnt make it then the creator] doesnt care as hes not a 'corporation'. He technically 'can' get away with it, he wont have much bad PR.

Its simply a great message telling all the idiots what the computer programs you illegally get, wish they could do. This 'little' program was a test, im almost sure you will see alot more of this in the future. Dont use P2P or other illegal means, and YOU WILL BE FINE.

No, you won't.
Don't be an OK OK OK OK DOES IT WORK!? idiot with ANY application for android be it in the marketplace or not (swype)

for example:
http://www.androidmarketplace.org/?p=29517

and there will be more. Android has NO regulation on its APK files. You will NOT BE FINE if you blindly download and run programs from the marketplace. You may be a bit safer, but obviously allowing any APK to install and finding them on random websites is the best way to whore your phone out.

Ruciz said,

No, you won't.
Don't be an OK OK OK OK DOES IT WORK!? idiot with ANY application for android be it in the marketplace or not (swype)

for example:
http://www.androidmarketplace.org/?p=29517

and there will be more. Android has NO regulation on its APK files. You will NOT BE FINE if you blindly download and run programs from the marketplace. You may be a bit safer, but obviously allowing any APK to install and finding them on random websites is the best way to whore your phone out.

This.

Always do a little research on an app before you install it. How many people have used it? What rating does it have? How many bad reviews are there? What do the bad reviews say?

If more than 50,000 have downloaded the app, you would expect to see quite a few reviews if it does anything strange!

I don't agree with downloading cracked apps, but the developer should be charged with any cost the users gets from his app sending out text messages. Thats the malicious part, even if the app is cracked the developer is sending out messages that could be a cost the the user of the handheld witout their permission. Pay the dollar or pay more in texting if you don't have a plan I guess.

I bet most of the people who are happy about this wouldn't be happy if Microsoft did something similar...

FUD

why any user would download and install a shady application that does not even exist in the marketplace and it also a lousy one?.

Sound more likely as "give us your money... for protection".

I would imagine as per every single install on an android device that the functions and permissions the application requires is clearly shown prior to installation. So more a case of the phone user not paying attention.

ManMountain said,
I would imagine as per every single install on an android device that the functions and permissions the application requires is clearly shown prior to installation. So more a case of the phone user not paying attention.

Considering it's an app that sends text messages, (Probably am like the 15th person pointing this out) it NEEDS access to your texting services and contact list. As such, the app requesting those specific permissions is completely normal otherwise it wouldn't function as intended, no?

nub said,
I'm more concerned the app was able to even allowed access to that kind of info.

It's an SMS app (well, the real version of it is, anyway). It can't work if it can't access your contacts list or the messaging subsystem of the OS, so anyone installing the real one would need to grant the same permisisons as this "fake" verison.

ArmedMonkey said,
Sounds like the creator should get sued.

Why? They did the same thing that shareware software authors have been doing for years (hell, probably a decade or more now), just in a more creative way.

DiamondFootprint said,
Only on Android

You say that like it's a bad thing.

Freedom is a good thing, you just have to watch out for the malicious software that's out there like you most likely already do on your PC/whatever desktop OS you run.

Hardcore Til I Die said,

You say that like it's a bad thing.

Freedom is a good thing, you just have to watch out for the malicious software that's out there like you most likely already do on your PC/whatever desktop OS you run.

Don't need to on a iPhone/WP7/WebOS phone.

DiamondFootprint said,

Don't need to on a iPhone/WP7/WebOS phone.

Yeah and you can't do half of the stuff you can do on Android on those phones either. I'm not impressed.

Funny, yes.

Buuut, I don't think those of us on large txt plans would care

Also, really, the price shouldn't come into it, $1 or $100 dollars. Just becuase you have a nice phone does not mean you have money to burn

Like me (not a pirate) but after spending $1000 on a Galaxy S as well as the mobile data and the txts and the calls us students don't have a whole heap of money left over.

Still, i don't think piracy is good as such

Auzeras said,
Like me (not a pirate) but after spending $1000 on a Galaxy S as well as the mobile data and the txts and the calls us students don't have a whole heap of money left over.

Then perhaps you should have considered getting a cheaper phone and/or plan, to leave some money for other things. Your comment reminds me of the people who buy an expensive car and then complain that they don't have the money for insurance or gas.

roadwarrior said,

Then perhaps you should have considered getting a cheaper phone and/or plan, to leave some money for other things. Your comment reminds me of the people who buy an expensive car and then complain that they don't have the money for insurance or gas.

Lol, agreed. I mean really... I'm not a student, I have a full-time job and I don't think tossing $1000 for a phone that I'll replace in a couple of years anyway is a good investment.

I can understand where some people are coming from here: ultimately it is a malicious app. However, what some people seem to be missing is that the only way you can get this app is by downloading it from somewhere other than the marketplace, and at the end of the day you're trying to get hold of the application for free rather than paying $1 for it.

Basically, this is just like pirating any software on the PC. You're trying to do something illegal, so you can't whine if the application doesn't do what you were expecting.

A lot of people also seem to think that the creator of this app is the same developer that created the real app that costs $1. There is no evidence of that at this time. This could be any developer who just decided to use the cover of the official app due to it's popularity.

Two wrongs don't make a right. Clearly it is unethical to both illegally download the application, and distribute what amounts to phone malware. Very interesting story though.

king_of_hearts said,
Two wrongs don't make a right. Clearly it is unethical to both illegally download the application, and distribute what amounts to phone malware. Very interesting story though.

Since when it is illigal to use P2P to download free applications ?

AKLP said,

Since its not a free app

It is a free app if it is made by the dev itself (instead of hacked by a 3rd party). It's not the same as the one avalaible on the market place. Different version number and obviously different app.

If this new version is made by the dev then it's a free app distributed via p2p and the dev might very well be sued.

LaP said,

It is a free app if it is made by the dev itself (instead of hacked by a 3rd party). It's not the same as the one avalaible on the market place. Different version number and obviously different app.

If this new version is made by the dev then it's a free app distributed via p2p and the dev might very well be sued.

Yes, it's a free app that sends and annoying SMS to all your contacts and mocks you Don't like it? Then don't install it.

You have to go well out of your way to download and install this app on your phone, and apparently it even greets you with some sort of "cracking the application" dialog. Someone stupid enough to not realize that they were trying to install an illegal app (which just happened to not be what they thought it was) also wouldn't know how to do that.

soldier1st said,
is this supposed to be some kind of funny joke?the creator should be held accountable for his garbage.

Is it a joke to use P2P for 'free' stuff? WHEN CLEARLY ITS A $1 DOLLAR APP! I applaud. Maybe it 'will' teach people who use P2P. COMPUTER viruses too. And now your phone. Nice .

IF the developer uploaded this version to a distribution system where there is clearly no cost, anyone who did download and use it would likely win a lawsuit over the use of the sms message and costs therein. There is no piracy if the dev uploaded it himself. It's much like the MPAA/RIAA uploading files and then suing people for downloading them. It's not piracy if the rightsholder is the uploader.
Even more compelling is that it's not the same version, in fact it's 'newer' than, the one that is on the marketplace. I hope it was the dev and someone does sue because his little stunt here will probably cost him his business, between legal fees and the likely victory of any potential plaintiffs.

lostmongoose said,
IF the developer uploaded this version to a distribution system where there is clearly no cost, anyone who did download and use it would likely win a lawsuit over the use of the sms message and costs therein. There is no piracy if the dev uploaded it himself. It's much like the MPAA/RIAA uploading files and then suing people for downloading them. It's not piracy if the rightsholder is the uploader.
Even more compelling is that it's not the same version, in fact it's 'newer' than, the one that is on the marketplace. I hope it was the dev and someone does sue because his little stunt here will probably cost him his business, between legal fees and the likely victory of any potential plaintiffs.

With the incredible lack of ability to get ANY evidence about who shared what when (IP addresses mean nothing!) You can't do jack when you attempt to steal somebody's work. You tried to cheat and infringe on copyrights. You got burned. You lose.

Trying to take this to court would be ridiculous. If you're the kind of person who tries to download a cracked version of "Walk & Text", chances are it isn't the only illegitimate app you downloaded. Let the feds get a hold of your phone, not to mention your computer and other devices, and we'll see who pays for what.

Although a lot of people who do this are idiots anyways... Maybe some of 'em deserve to find out what happens when you try to get a free ride on the backs of others' hard work.

cyberdrone2000 said,

With the incredible lack of ability to get ANY evidence about who shared what when (IP addresses mean nothing!) You can't do jack when you attempt to steal somebody's work. You tried to cheat and infringe on copyrights. You got burned. You lose.

Trying to take this to court would be ridiculous. If you're the kind of person who tries to download a cracked version of "Walk & Text", chances are it isn't the only illegitimate app you downloaded. Let the feds get a hold of your phone, not to mention your computer and other devices, and we'll see who pays for what.

Although a lot of people who do this are idiots anyways... Maybe some of 'em deserve to find out what happens when you try to get a free ride on the backs of others' hard work.

You forget the data gets sent to a server. If they trace the account owning the server the company is due to be sued.

Why are you idiots applauding this? Basically the creator of the app is taking people's information without consent and utilizing the user's resources over a dollar app which is suppose to be "free". So what's up with the dollar if it's FREE? The creator needs to be held accountable for his crapware.

Turion said,
Why are you idiots applauding this? Basically the creator of the app is taking people's information without consent and utilizing the user's resources over a dollar app which is suppose to be "free". So what's up with the dollar if it's FREE? The creator needs to be held accountable for his crapware.
I think you just missed the article entirely. The app isn't free. It costs $1. The version that displays the message and sends the texts is distributed only via P2P channels, pretending to be a free/cracked version of the legit app.

Turion said,
Why are you idiots applauding this? Basically the creator of the app is taking people's information without consent and utilizing the user's resources over a dollar app which is suppose to be "free". So what's up with the dollar if it's FREE? The creator needs to be held accountable for his crapware.

^Like.

kizzaaa said,

^Like.

Seriously? READ THE DAMN ARTICLE! It's like 3 paragraphs and CLEARLY STATES that people who are getting this message tried to download an app from a peer-to-peer network, and got a little more than they bargained for. I'm all for opposing opinions and all that, and I'd welcome some informed debate, but for God's sake, try to learn a bit about exactly what happened here before you go spouting nonsense and calling people idiots.

cyberdrone2000 said,
I think you just missed the article entirely. The app isn't free. It costs $1. The version that displays the message and sends the texts is distributed only via P2P channels, pretending to be a free/cracked version of the legit app.

If it clearly states it's cracked/unlegit in the P2P listing then I say fair enough, but if somebody found it on a P2P network and it just used the app's normal name then that is completely unfair. Not everything on a P2P network is illegal so the user could've thought it was legit.

Also, what if somebody re-shares it with a normal sounding name? This is why something like this is kinda irresponsible. The creator of the malware assumes that whoever downloads the cracked version of the app is trying to steal it, but you cannot be 100% sure about that. There's nothing stopping me from renaming it "Walk and Text free version" ...

Hardcore Til I Die said,

Not everything on a P2P network is illegal so the user could've thought it was legit.

Oh that line cracks me up EVERYTIME I see it!

Ently said,

Oh that line cracks me up EVERYTIME I see it!

Linux distros and WoW updates are all distributed via P2P and torrents.

RangerLG said,

Linux distros and WoW updates are all distributed via P2P and torrents.


Yes, but we're talking about an app for a cell phone. They are ALL illegal on p2p networks, because free stuff you can just get from the marketplace.

RangerLG said,

Linux distros and WoW updates are all distributed via P2P and torrents.

WoW updates are done through a separate program to general torrents. If you are download linux distros then you don't generally get them from "thepiratebay.org" or some crap like "freeandroidapps.com". Seriously.

Minimoose said,
If you are download linux distros then you don't generally get them from "thepiratebay.org" or some crap like "freeandroidapps.com". Seriously.

It's not so much about where it's from, just the method to do it.. some people like to chime in on the "torrents are evil" bandwagon without having a clue, but seem to totally forget that hey, you can download illegally via http, ftp, email, nntp, irc and the like too, but they never mention anything about that.

alexalex said,
Will Google again, break into Android devices , to delete this app ?

Why would Google do anything? The guy knew the risks when he downloaded a warez app instead of buying it from the Android market.

what do they mean by check your phone bill? is the next bill is going to be $1000 paid to some hidden account in some crooked country?
to me it sounds like thieves trying to look like good guys who are really ripping people off.
I hope whoever was stupid enough to use this useless pos app and got burned has enough money to find these people and make an example of them.
sorry but malware like this really makes me mad.

The point is it was downloaded not via the Market Place so its a pirated app. I think the bill part refers to the point that it sends a single SMS to all your contacts.

hahaha, good stuff. Its not like mobile apps are expensive like the others. If you cannot afford 1 - 5 bucks every now and then, you shouldnt have a smart phone.

techbeck said,
hahaha, good stuff. Its not like mobile apps are expensive like the others. If you cannot afford 1 - 5 bucks every now and then, you shouldnt have a smart phone.

DAMMIT. Your QR code gets me EVERY. FREAKING. TIME.

boo_star said,
This is why you buy an iPhone (awaiting the inevitable flood of tears from Android sympathisers.)

Chances are it could happen to an iPhone user as well. The app featured in this article is not available using standard channels (i.e. Android Market) and was downloaded from a warez site (if that's what they're still called).

Regular Android users would not be exposed to this kind of malicious code.

With that said, I'm very careful with the Apps I install and always check the permissions they request.

boo_star said,
This is why you buy an iPhone (awaiting the inevitable flood of tears from Android sympathisers.)

I'd like to think I have enough common sense not to need to be baby proofed by the os thanks.

kizzaaa said,

Chances are it could happen to an iPhone user as well. The app featured in this article is not available using standard channels (i.e. Android Market) and was downloaded from a warez site (if that's what they're still called).

Regular Android users would not be exposed to this kind of malicious code.

With that said, I'm very careful with the Apps I install and always check the permissions they request.

You base your theory on the assumption that Google scans for malware. I am sure they do scan for regular malware, but apps such as the one from a week or two ago that Google had to "remote kill" still do get on the Android Market and cause havoc.

Hardcore Til I Die said,
I'd like to think I have enough common sense not to need to be baby proofed by the os thanks.
You're the exception, not the rule. Most people don't have time or the mental peace to think about their personal hygiene. So the iPhone takes the cake.

boo_star said,
This is why you buy an iPhone (awaiting the inevitable flood of tears from Android sympathisers.)

You sir are the bane of Neowin. 2 seconds of actually reading the article would have explained that this was a pirated app through untrusted sources. The iPhone is unrelated in this discussion and your trolling has failed in a bad way.

Jebadiah said,
You're the exception, not the rule. Most people don't have time or the mental peace to think about their personal hygiene. So the iPhone takes the cake.

Not to be picky but that's purely your opinion and if you kept an eye on smartphone sales/market percentages then clearly the majority of consumers don't feel that the iPhone takes the cake. You place a vote with each dollar you spend and most are voting Android currently

Jebadiah said,
You're the exception, not the rule. Most people don't have time or the mental peace to think about their personal hygiene. So the iPhone takes the cake.

Those people will probably end up giving away their credit card info in some kind of phishing attack or some other kind of scam.

Creating an overbearing OS is never going to completely protect against digital attacks. Only education can do that; for the most part anyway. Obviously even the most educated user is still prone to attacks that use software exploits.

boo_star said,
This is why you buy an iPhone (awaiting the inevitable flood of tears from Android sympathisers.)

Good to know iPhone users are still as clueless as they've always been.

kizzaaa said,

With that said, I'm very careful with the Apps I install and always check the permissions they request.

Check the permissions would not have prevented anything in this case. Think about the app. It is to text and walk. In order to text, the app would have to have the permission to text so that common sense dictates that permission needs to be in this app. Any app that texts your friends but doesn't have permissions to your contact list would be considered missing a basic feature so that permission would also be required for this app. Those two permissions is all this app needs so even if you were careful, this trick would still catch you.

ILikeTobacco said,

Check the permissions would not have prevented anything in this case. Think about the app. It is to text and walk. In order to text, the app would have to have the permission to text so that common sense dictates that permission needs to be in this app. Any app that texts your friends but doesn't have permissions to your contact list would be considered missing a basic feature so that permission would also be required for this app. Those two permissions is all this app needs so even if you were careful, this trick would still catch you.

That's when you have to trust the judgement of others. I don't download apps with fewer than 50k downloads and then I read the reviews. With that many downloads there'd be at least a few saying its dodgy!

And I most definitely wouldn't download the app from a p2p network! That's just asking for trouble.

boo_star said,
This is why you buy an iPhone (awaiting the inevitable flood of tears from Android sympathisers.)

No, that is why you don't pirate apps from untrustworthy sources.

Hollow.Droid said,

You sir are the bane of Neowin. 2 seconds of actually reading the article would have explained that this was a pirated app through untrusted sources. The iPhone is unrelated in this discussion and your trolling has failed in a bad way.

Not to be picky but that's purely your opinion and if you kept an eye on smartphone sales/market percentages then clearly the majority of consumers don't feel that the iPhone takes the cake. You place a vote with each dollar you spend and most are voting Android currently


Just because Bush got the majority votes in 2008, doesn't mean he wasn't a crook. Like I said above:
Most people don't have time or the mental peace to think about their personal hygiene.
Hell most people don't even have a plan for their future. They get an iPhone look alike for cheap, they buy it.

Edited by Jebadiah, Apr 1 2011, 5:38am :

joker999 said,
Haha! Soon that app will be gone.

This version isn't on the marketplace though, so it's only pirates that get burned