Hijacked Android apps rack up high SMS bills, underline risk

Trojan Android apps send premium SMS

Risks of the current Android ecosystem were underscored late Monday with a warning from Symantec about a new trojan. Known as Android.Pjapps, the rogue code has been installed in bootlegged Android apps and adds a secret backdoor that the malware writers can use to send text messages to a premium service, giving a profit to the hijacker at the user's expense. The app also has to collect vital device info, such as its IMEI number, to keep the hack working.

Among the examples of apps pirated so far include Steamy Window (legitimate copy). The hacked app does send notifications that it collects text messaging and personal info but is otherwise superficially identical to the app from the official store.

Google has control over what can appear in Android Market, but the discovery for Symantec underscored the risks of outside apps. It urged users to download only from "regulated Android marketplaces" and to turn off one of Google's key selling points, the toggle to allow non-Market apps.

While Apple has been criticized for using its App Store-only approach in a way that limits flexibility and potentially blocks competition, the company also hasn't had to contend with maliciously altered apps or other significant app-based threats. Most risks on iOS so far have come to jailbroken devices; while they have more freedom, the nature of a jailbreak also gives complete root-level access and opens the device to more risk than if Apple had enabled the feature itself.

Steamy Window

  1. msuper69 03/01, 01:10pm

    your comment

  1. DerekMorr 03/01, 02:44pm

    As opposed to iOS smurf games, which also run up high bills?

  1. testudo 03/01, 03:29pm

    Users installed pirated software that still specifically tells them it will use SMS and gather personal info, they still install it, then are shocked to find it has some trojan inside.

    Yep, that's definitely a sign of a bad OS. How dare they tell you what they will do and then do it. And you'd think that Android would require all pirated programs to be digitally signed to prove they haven't been tampered with.

  1. testudo 03/01, 03:30pm

    If this had been said about an iPhone app, it would be labeled as FUD. Or posters would just say "That's what you get for jailbreaking your device!" or "If you're going to download apps from unknown sources, you get what you deserve!" or any of a thousand other things to indicate its the user's fault. But for android, it's an OS issue or something.

  1. macnixer 03/01, 08:05pm


    On the iOS you have to jailbreak a phone to run apps outside of Apple's App Store and Apple does not endorse this. HOWEVER with Android, Google permits and endorses (provides the capability) installing apps outside of Android Marketplace. Essentially you have the option. This is not an user fault. For non-tech users like my other half, a market is market. As long as you can get to it, you can get stuff from there. It is we geeks who try to check. So in my opinion, iOS is protective and Android sucks.

Login Here

Not a member of the MacNN forums? Register now for free.