Rogue Android banking applications
Following a couple of announcements made in December by the likes of Travis Credit Union and First Tech Credit Union, a big brouhaha was raised about some mobile banking applications for Android-based mobile devices that seem to have been developed with the intention of phishing account and login information.
F-Secure reports that it is still not known how the applications worked, since they can’t download it and test it. They speculate that since they were not developed by the financial institutions themselves, they could not do real online banking from the Android device. But, they could still steal login credentials after opening the web interface of the bank for the user.
At present, the applications can no longer be found at the Android Marketplace (they were removed by Google). The developer – going by the name 09Droid – cannot be reached because his contact information page is empty.
The financial institutions are advising people who have downloaded any of the applications to delete them and take the phone to their mobile provider to ensure it’s completely removed.
It was a just a matter of time when something like this would happen, since the application review process in the Android Marketplace is not as lengthy and as rigorous as in the AppStore.
Google hasn’t yet formally acknowledged the incident, but one can hope that the “kill switch” on the Android-based devices will be put to good use.