It has been reported that android developers new to Google’s phone platform could have publication of their apps delayed for days as more rigorous checks are done on coders.Google said it was stepping up checks on app-makers it had not seen before to thwart “bad faith” developers. These malicious developers often create new accounts to avoid Google’s checks, it said. Others hijack existing accounts to exploit the good reputation which established developers have accrued.
Kristy Edwards, Director, Security Intelligence Product Management at Lookout:
“Trusted app stores like Google Play need to take numerous precautions to keep out malicious apps. Lookout experiences Google’s methodical approach first hand every time we send them notifications about apps we have discovered with malicious code embedded and are available in the Play store. Our experience is that Google carefully reviews each and every takedown request, with their security specialists evaluating whether the app should be removed from the store. We find that Google does not take this responsibility lightly. The same sentiment is reflected in their blog, and we expect Google’s actions announced in the blog to have a positive impact on keeping out those bad faith developers.
How big is the problem? For context, Lookout has seen over 610,000 new, malicious Android apps since the first of this year, the large majority of which are from outside of the Play store. That is, we have found an average of 38,000 new Android malware apps every week this year, which shows how prevalent malware is in the ecosystem, outside of Play. When we look at who is making bad apps, we look at app metadata for information about its developer.
We find that malware authors often change their account information to conceal their identities. One way to conceal identity is to change the “signer key” that uniquely identifies a particular app developer. Reputable app makers like Lookout, Skype or WhatsApp almost never change their signer keys. On the other hand, we found that the DressCode malware authors used 707 different signer keys for about 10,000 apps with DressCode malware embedded as one way to evade detection. Lookout has used the same developer key for our Lookout Personal for Android product for over nine years.”
