Phishing Android apps explain our maxed-out credit cards
By Chris Ziegler 
posted January 11th 2010 2:07PM
posted January 11th 2010 2:07PM
There's no such thing as a perfect mobile app store strategy -- you're either too draconian, too arbitrary, or too loose in your policies, and as far as we can tell, there's no way to find a balance that isn't going to trigger an alarm here and there or get a few people worked into a lather. If you're too loose, for instance, you're liable end up with the occasional bout of malware, which is exactly what appears to have gone down recently in the Android Market with a few fake banking apps published by a bandit going as "Droid09." As you might imagine, the apps end up doing little more than stealing your information and ending your day in tears; the apps have since been pulled, but that's probably little consolation for those already affected. The moral of the story? Be vigilant, keep a close eye on those system permissions the Market warns you about as you install new apps, report sketchy ones, and -- as always -- use a hearty dose of common sense.
@fatslug that's a very nice anecdotal tale.
Now, given that the App Store has at least ~500% more apps than Market and iPhones have an 18% world share vs Android's 3% world share, there should've been far more cases of dishonest apps (maybe like yours?) or theft apps like this Android one. But there really are none because Apple enforces stricter controls. In contrast, the "open and free" Android Market some people laud is just that, open with few to no security control policies so anyone can drop an bank app and claim it is from any bank. Google won't even bother checking.
Looks like now the problems from lack of controls are beginning to show themselves.
@HighestRanked
These fatslug loser in his attempt to discredit all things Apple is quite laughable, what a moron.
You mean that app that asked for all my bank account numbers, my social security number, and all my pin numbers wasn't really Financial planning made easy?
@Edobe
It was, but the target market for the app was the app's author only.
This is very bad press for Android's already shoddy market.
I can say this because I have a HTC Magic.
@AltDimension : its only bad press for Android *users*.
Better advice: Don't give your banking information to any app not published by your bank.
@MarcusMaximus
Better Yet read the review on the app even if it looks like its legit?
@MarcusMaximus
Don't use apps for banking, period. The more things you use the more can go wrong.
@Endadget
Seriously!
Maybe it's a generational thing, but I'll never trust using an app to do banking.
It took me two years to trust my banks website, and even then I still am a bit paranoid.
@LAY This is what happens when things are "open" and free (of security check and control policies) a.k.a. app approval process. Anyone can come in, upload an app and claim they're from bank X.
@MarcusMaximus
That is quite reasonable advice. Problem in the Android market is how easy it is to lie about who you are as a publisher.
Android would have looked better with a Dick Turpin style gun and that facemask!
Common sense can take you so far in life.
Why would anybody trust a 3rd party with financial information is beyond stupidity.
I dont mind apps that you manually type expenses without providing sensitive info. Maybe the idiots I mean the effected deserve it. Lesson learned.
I got a good idea (as an android owner myself) don't be a idiot and install software you don't know if legit. If my bank plans on having an android app, you bet your butt Ill be sure to get it from them and not some random app.
And hey, if your phone gets stolen, they can always check the app for your details aswell.
I knew this would happen...
Long liveth the Apple AppStore...
@NeoSeer Apple was right.
@NeoSeer
Yeah tell me how many banking scam apps you see on the app store, so much for open heaven Android.
And all you people bitch about Apple's App Screening Process! This is what happens when you let people do anything they want!
@Jaylittles531 according to these people, Android is safer because Android Market is open so it lets anyone upload any app without a prior security screening approval process. LIke, you know, making sure a bank's app is really coming from that bank.
So, what is a 'legitimate' banking app? I'm guessing there isn't one. That would make banning them and cluing-in users somewhat easier.
If we can find any 'legitimate' banking apps I'm going to go out on a limb and say those should be banned, too. And any banks involved should feel the full wrath of The Rock Obama.
Legit bank app is offered between the bank and a service provider such as a telco that are or use authorized 3rd party. Not just a random app provider.
There is no sense of security in general in the mobile net world. so there is nothing like a truly authorized app. Worries me that iPhone has minimal security measures.
The comments section of this article sure has a lot fewer posts then usual. Everyone on vacation?
Here's a crazy thought, how about you don't install an app from some random developer to access your bank account or credit cards. That just screams bad idea. Personally I don't even like accessing online banking sites from my mobile, but if the need arises I got through the banks site directly.
@KAL326 what do you mean? you get the app or not?
Ouch, I'm not sure if this was one of the apps, but I recently saw a Wells Fargo app on the market. I thought to myself, "FINALLY". I think it may have been droid09. Anyhoo, I read some of the comments and it seemed to only be a port of the mobile website anyway, so I figured it'd be worthless. On top of that, it clearly looked like it was made by a third party and not Wells Fargo themselves.
Common sense folks, if someone else made an app that handles YOUR personal data (finances, etc), then don't freakin' risk it. If you're REALLY that anxious, call up the bank and ask them if they have an app for android.
@sidepart why are we crushing driods to death when everyone else including iphone is allowing mpayment apps. Yeah, the wells fargo mobile is available even on the iphone and the app asks you to access a/c and make payments, manage the a/c et cetera. It is quite liberating yet a nonsensical when I read - 'your security is our priority' by using medieval SSL that companies bragged about a decade ago.
Rashmi Khosa
I enjoy instantly depositing checks (and having the funds instantly accessible) to my checking account almost daily using my iPhone. USAA banking rules.
I believe they're working on an app for Android and Blackberry as well. I can't imagine using a banking app from some random open source publisher.
@ebgolfin
Apparently my bank was one of those that had to deal with fake apps on the Android Marketplace. At least Google is doing some kind of marketplace management because just letting it run rampant is definitely not the answer.
https://www.usaa.com/inet/ent_blogs/Blogs?action=blogpost&blogkey=newsroom&postkey=usaa_thwarts_mobile_app_fraud
That Android is a spy!
The most easily exploited feature of any networked device is a user that assumes all things are secure. It does not matter whether you are on MAC or PC, iphone or Android, the first and last line of defense is being a savvy customer of software.
If you're dumb enough to use a "Banking" program on your cell phone not directly associated with your bank you're not just not smart, you're right there at stupid.
This goes deep into the common sense pool.....get a clue people.
i saw those apps appear on the market and thought what kind of F**ktard is gonna fall for them
i can believe people still fall for this s**t
unless its been officially released by your bank dont touch it fools
If you use ANY program or 3rd party method to submit or manage banking or credit info and NOT the official creditors website or system then you are an IDIOT and are asking to have all your money stolen!
It's that simple.
@cbstryker that's the thing. If Google had stricter security controls they would not allow any one to post a bank app on Marketplace without Google making sure it is the bank itself and not thieves. But Google doesn't approve apps, Marketplace is open and free (of controls) so according to some people, it is safer.
@HighestRanked
"If Google had stricter security controls they would not allow any one to post a bank app on Marketplace" why would you want to use an app to check your bank anyways? That's what banks have websites for.
"But Google doesn't approve apps" that's kinda the whole point.
"Marketplace is open and free (of controls) so according to some people, it is safer." I've never heard anyone say that and that doesn't even make sense.
I think I said it just fine in my initial comment.
Check out Sexy Asian Women, why does it need access to your "Phone Calls: read phone state and identity"?
Even Hello Kitty seems to want to examine your phone calls, check out Hello Kitty Wallpapers.
> a few fake banking apps published by a bandit going as "Droid09."
'Bandit' seems too soft a term to label this guy with.
'COCKHEAD' seems far more fitting.
You're right. Stupid people should stick to the iPhone. If you download an app that asked you for your banking information, passwords and personal info... you really deserve to be nannied. Stick to 1 button. Wouldn't wanna blow your mind or anything.
As an Android user, I don't mind recommending the iPhone for my less techie friends. I don't have any problems recommending a Mac to them either. These are the same associates that somehow end up getting viruses and magically delete their entire photo collection when trying to sync to some cloud app.
I like the fact Android is open, but it's not for everyone. As usual, the biggest issue with computers & devices of any OS and system are the end users.
If you need mommy to look over you and protect you from yourself get the iPhone. If you're able to make rational decisions and can cope with an interface that gives you many options get Android/ WinMo and every other damn mobile OS.
I'll bet most of the actual techy iPhone users wouldn't have an issue using an Android handset and vice versa. It's not really about the OS being open. It's about the average user not being savvy enough to handle their own data.