Product Reviews
Take Action

Save Net Neutrality

Preserve an open internet where you can access websites without barriers. Make your voice heard by standing up for net neutrality.
Take Action
Why Do We Have Campaigns?
We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

Malware pulled from Google's Android Market

Consumer Reports News: March 03, 2011 11:56 AM

Google has pulled more than 50 apps from its Android Market after learning from Android enthusiast site Android Police that they contained dangerous malware called DroidDream. The malware steals info from your phone, including your mobile provider and user ID. But it also has the ability to download other code, and it's not clear at this point what that code might be capable of doing.

Phones running Android 2.3 are immune. Unfortunately, most phones use earlier versions of the Android operating system and are vulnerable to this malware attack. Some models might ultimately be upgraded to version 2.3, but the rollout of those upgrades is determined by Google and the carriers on a model-by-model basis.

More than 50,000 Android phone users downloaded the apps, which come from three publishers: Myournet, KingMall2010, and we20090202. They range from a chess game to a guitar-playing app to several pornography apps. Many, like the guitar app, imitate legitimate apps from other publishers that aren't dangerous. Mobile-security company Lookout published a complete list of all the affected apps. 

If you've downloaded any of the apps on the list, you might want to try to clean your device up with a copy of Lookout, a free security app whose publisher that says it's already updated its software to protect users from DroidDream. (Consumer Reports hasn't tested this app).

We've already advised against downloading apps from unofficial third-party markets, but there's more you can do. Check the permissions an app lists before you install it (although in this case, the apps apparently went beyond what the stated permissions allowed); download only apps that have been downloaded by large numbers of other users (again, not foolproof here because it seems many users were duped by these apps); and read user reviews before installing an app.

What makes Google's Android Market appealing is its open nature, providing more variety to users and making it easy for developers to make new products available. But that openness also leads to vulnerability. Apple, on the other hand, has been criticized for following a "walled garden" model with its app store, but the advantage of its more restricted approach is better security. Google might need to find a middle ground where it provides better vetting before allowing apps to be posted on its market.

—Donna Tapellini

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more