Got your trojan right here!


Jun 23, 2001

According to Russian security firm Kaspersky, Android has been hit by its first SMS-based trojan. Claiming to be a media player, the offending 13KB Android Package (APK) requests permission to send SMS text messages on behalf of the user.

Once installed, the application then proceeds to send premium rate SMS text messages without further consent from the user. Of course, the important word to note here is “consent” because, as with other Android applications, this application specifically requests permission to use this feature, but then exploits it once granted. This can result in extremely high phone bills if not detected early.

Kapersky did not release the name of the specific application, and I suspect that there are (or will be) others that have simply not been discovered yet. As such, I can only recommend that we all do an audit of our installed applications (and possibly our phone bill) to make sure nothing unexpected is going on.

At this point, I must also reiterate something we have discussed several times here at Android and Me – Watch those permissions!

In several previous articles here the topic of permissions and the potential for their misuse has been addressed and has sometimes been met with surprisingly nonchalant responses. From these responses, it would appear that these people believe all users operate their smartphones in a secure way and only grant permission to applications they trust. The truth is, many (if not most) users don’t put enough thought into the permissions during the installation process, despite it being an important opportunity to know what an application plans to do, and to protect yourself from it. Again, we can’t say it enough: Watch those permissions!

I personally believe that, while Google has done a good job making sure that permission to use certain features be granted by the user, there are opportunities to put more emphasis on this decision by making the permission screen more clear in some cases, possibly adding checkmarks to certain risky permissions, and even allowing for the user to grant only some permissions to an application.

What do you guys think? Is this an isolated occurrence, or something we might see more of?