Company Fined for Distributing Malicious Android Apps

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to PhonepayPlus, the UK's premium rate phone services regulator, A1 Agregator Limited has been fined £50,000 (approximately $78,300), and ordered to repay all fees charged to consumers, for distributing malicious version of popular Android games, including Angry Birds, Assassins Creed and Cut the Rope.

"To users, the fake games downloaded properly but appeared never to launch correctly after install. In reality, on launch the apps sent the user three hidden SMS messages at a cost of 5 pounds ($7.80) each," writes Kotaku's Kate Cox. "The messages were hidden in such a way that the phone user would have no idea the messages existed until receiving the bill."

"PhonepayPlus said that approximately 14,000 downloads of the malicious apps were made worldwide, and the fraud is thought to have affected 1,391 mobile numbers in the UK with £27,850 [approximately $43,600] taken before the shortcode was suspended," writes Digital Spy's Andrew Laughlin.

"It happened to John Gladstone from Southampton," writes BBC News' Jim Taylor. "The 31-year-old engineer bought his first smartphone just before Christmas. 'I was full of excitement,' he said. 'I opened the box and downloaded every app that I could see on the Android market which had good reviews or if I recognised the name.' He only realised he'd been conned when his phone provider told him he'd been sending premium messages."

"We will continue to clamp down on those who wish to take advantage of UK smartphone customers," Patrick Guthrie, PhonepayPlus’ Director of Strategy and Communications, said in a statement.

"It's good to see more action being taken against those who try to hit smartphone users where it hurts -- in the pocket," writes Sophos' Graham Cluley. "But this shouldn't just be about relying upon the authorities for protection. For instance, be sure to check the permissions that an app requires when you install it on your Android. Does it have a legitimate reason to ask for them? If you don't see why it requires permission to send SMS messages, be cautious."