Android Market apps need to be scanned for malicious content in order to protect Android users from downloading apps that look fine but are in fact malicious and harmful. A few days back, Google had removed almost two dozen apps that were infected by malicious software capable of stealing data and rooting devices. Most of these were disguised as legitimate apps and they were removed after they were found to contain malware. The malware under question was named DroidDream and used two exploits to steal information such as model and phoneID and to plant a back door on the phone that could be used for dropping further malware on the device.
The chief technology officer at Veracode, Chris Wysopal, said that at a bare minimum, they have to perform signature based scanning for identified malware, and that DroidDream is now a malware kit and it would be an easy for users to make differences of it and insert it into new software.
However, traditional signature based antivirus applications aren’t good at detecting a brand new malware or recent malware, which has been tailored sufficient to survive the antivirus programs. According to Wysopal, to identify and catch something like DroidDream, behavioral-based antivirus scanning needs to be used as well. He said that downloading and installing extra software on the device outside of the app store is the kind of behavior that needs to be scanned for. Kevin Mahaffey, chief technology officer at Lookout, that offers safety facilities and software for Android, Windows and Blackberry, said that major amount if not all of the 55 or so apps that were taken out from the Android marketplace were revised versions of rightful apps. He further said what that means is even additional careful Android users could have been more easily duped into downloading one of these apps. He said that it is not obvious whether DroidDream in fact downloaded any software on devices that installed any of the malicious apps.
According to him, it is still a mystery as to who is behind the malicious apps, but the possibility of his location in China is high as the malware was also found on alternative Android marketplaces that target Chinese users. According to Lookout, the number of apps in the Android Market is growing and this could be due to the fact that the operating system is open source and therefore attracts a large number of developers.