August 6, 2012glhaldeman By glhaldeman

Beware of Malicious Olympic 2012 Android Apps

By Joe McManus

There are too many events happening at one time during the Olympics, which might tempt you to install an app for that. But be careful of what you install. Not all apps are what they appear to be. As an example let’s look at the app called “London Olympics Widget”.

More details:

It appears intended to show the user aggregated 2012 Olympics news. What it really does however is harvest your contact list, device id(IMEI), and reads your SMS messages.

How does it do this? It installs with the following permissions (among others):

android.permission.READ_CONTACTS

android.permission.READ_SMS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_LOCATION

The package name is ‘com.games.London.Olympics.widget’.  This app has a digital certificate claiming it was developed in New Delhi, India.

Obviously an app for Olympic news does not need all of the above functionality to show you who won the last gold medal. Who could blame you for wanting to keep up on the Olympics? Just exercise caution when downloading apps for your Android Device. The official London 2012 mobile app can be downloaded from  the site: http://www.london2012.com/mobileapps_download.html

Although the Amazon Appstore for Android and Google Play sites do not screen every app in the store for malicious code they do remove apps that are reported to be malicious to them.

When installing apps look at who the author/author company is. If the author is listed, search the name and see if it is a reputable or related company. For instance if you look for the Spotify Android app, you will see on the Google Play page that Spotify LTD release the app and is noted as a  top developer.

Employ the practice of least privilege, if an app that changes your background wallpaper wants access to your contact list, Twitter and Facebook account you should probably reconsider its use.

Still curious about how to decide what a trustworthy app is? Webroot covers this in detail in the article “7 Common Mobile Security Questions Answered.”

Webroot SecureAnywhere users are proactively protected from this threat.

Share Button

18 Responses to Beware of Malicious Olympic 2012 Android Apps

  1. Pingback: More Android malware FUD is the only thing that is sprouting

  2. Pingback: More Android malware FUD is the only thing that is sprouting | Stop Spam Tips

  3. Pingback: India Based Android App For Olympics Caught Spying By Webroot | HAXITY

  4. Pingback: Olympics-related malware goes on a global phishing trip

  5. Pingback: Olympics-related malware goes on a global phishing trip | Every Single HOUR!

  6. Pingback: Olympics-related malware goes on a global phishing trip | WestPenn Journal

  7. Pingback: Olympics-related malware goes on a global phishing trip » Progress Tech Solution

  8. Pingback: This and that | Ripple's Web » Olympics-related malware goes on a global phishing trip

  9. Pingback: Olympics-related malware goes on a global phishing trip | Today Security Reviews

  10. Pingback: World Trends » Olympics-related malware goes on a global phishing trip

  11. Pingback: Olympics-related malware goes on a global phishing trip | Stop Spam Tips

  12. Pingback: Olympics-related malware goes on a global phishing trip | THENYTECH

  13. Pingback: Olympicsrelated malware goes on a global phishing trip | HaLaPicHaLaPic

  14. Pingback: More on Olympics malware | Stop Spam Tips

  15. Pingback: More on Olympics malware

  16. Pingback: More on Olympics malware » HD Network Technology Blog

  17. Pingback: More on Olympics malware - Independent Newspaper Articles

  18. Pingback: Information Security Biweekly » 网络信息安全杂谈48期

Leave a Reply

Your email address will not be published. Required fields are marked *