Google Removes Suspicious Mobile Apps from Android Market

Google has removed a series of suspicious mobile applications from the Android Market. Google says the applications were taken down for violating the site's use policy by using the names of banks without their permission.

Google has removed several banking applications from its Android Market mobile application store for violating Google's terms of use.

The presence of the applications in question, which according to those with direct knowledge of the situation did not misuse or steal user information, has nonetheless triggered concern among users. The applications were created by a developer known as 09Droid and used the names of various banks, including Chase, Sun Trust and Bank of America.

"The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission," a Google spokesperson told eWEEK. "If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."

First Tech Credit Union warned customers Dec. 22 that a "fraudster developed a rogue Android Smartphone app" that created a shell of mobile banking applications and tried to gain access to consumer information. A similar warning from BayPort Credit Union came the same day; BayPort Credit Union's mobile bank provider, MShift, notified Google of their concerns Dec. 15.

Google said its use policies have provisions designed to strike a balance between providing security and lowering barriers to developers making applications available to users. While applications are not reviewed before appearing on the Android Market, they are taken down if they violate the terms of use.

"For example, we have a policy against inappropriate content, which includes malware," the Google spokesperson said. "A developer must also abide by our Developer Distribution Agreement in order to upload an application to Android Market. We also may check applications for compliance with the Market Content Policies (in order to remove malware, porn, spam, or profanity)."

Mikko Hypp??énen, chief research officer at F-Secure, predicted that there will likely be more rogue applications on mobile devices.

"Some of them will try to target online banking, others will try to call premium-rate numbers or send text message spam and so [on]," he said in an e-mail to eWEEK. "Signing and certifying programs are in a key position on smartphone systems to prevent problems like this ... [although] we have seen the 'Signed by Symbian' certification process subverted a couple of times."