Android Market rules let SndApp trojan slip through

Bitdefender antimalware researchers Csaba-Zsolt Juhos and Vlad Ilie thoroughly documented SndApps as a trojan malware family – but Google doesn’t see it their way.

The first instance of a SndApps adware trojan was discovered and described by a NCSU team with  Assistant Professor Xuxian Jiang at the lead on July 4 this year and removed on July 17 by Google from the Android Market.

Yet, the applications have been returned and are still present in the Android Market, having underwent a few changes – such as the addition of “interesting” EULAs and encryption for the haul of data they make off with.

Apparently, that’s all it took for Google to re-instate them on the market.

This, for an app that takes the phone’s IMEI, the victim’s  phone number  and e-mail address,  the network operator name and country code, encrypts  the stolen  information using AES/CBC  and uploads  it to a server controlled by the malware authors. This done, it proceeds to serve advertisements, in the form of notifications.

Not what you or I would call a legitimate app – yet the rigid rules set by Google make it possible for these programs to continue to be distributed, under the aegis of the Android Market.