Google's failure to defend against malicious apps 'irresponsible'

With the threats to Android users from malicious applications increasing, Google has been labelled 'irresponsible' for failing to install adequate safeguards in its Android Market app store.

Security firm Bitdefender said the amount of malicious apps has risen 900 per cent since January earlier this year. The problem has even forced the UK premium phone regulator to get involved.

Over the last few months, Phonepayplus has closed down a number of rogue services offering malicious Android apps. One was for a free 'battery saver' app that accessed the phone's text message function. The app was then able to automatically send and receive texts that subscribed consumers to a premium-rate subscription service without their knowledge.

While many of these rogue apps come from unofficial websites, many, like the app Phonepayplus discovered, can be found in the official Android Market.

In March 2011, Google had to pull 58 malicious applications from the Android Market, but only after they had been installed on about 260,000 devices.

Catalin Cosoi, of Bitdefender's online threats lab, warned some applications will continue to abuse the lax security:

"Unlike Apple, which imposes strict safety checks for their applications, Google welcomes any third-party developer and their applications," he told us.

He also warned that there are also a number of apps on the Android Market that contain permissions they don't need and which could be putting user security at risk.

A flashlight/torch application that is still available on the Android Market asks for full internet access and access to the phone number, serial number and details of any numbers dialled on the phone.

Vicente Diaz, senior security researcher at Kaspersky, said he believed the reason security is so lax is because Google wanted to increase app market share.

"I believe maybe it was for getting market share. They need to offer nice figures, to say that now we have more applications than Apple. Still, I believe that they should be doing some checks.

"There are some applications that should never have reached the Market. In this marketplace, implicitly you believe that everything there is not malicious.

"In fact 99 per cent of people will have no idea what you are talking about when you ask for access to internal storage for your application so in this case Google is being irresponsible," he told us.

Mr Cosoi said people need to be more aware of what they download and said:"We recommend that users avoid applications that ask for more permissions than they would normally require."

We put a number of questions to Google but the company refused to comment.