Establishing Digital Trust: Don't Sacrifice Security for Convenience
F-Secure researchers recently found a malicious version of the popular "Bad Piggies" game for Android, called "Bad Pigs" and posted by a developer identified as Dan Stokes, on Google Play and other Android markets.
The app's description notes that it's been downloaded more than 10,000 times since May 25, 2013.
The researchers note that Dan Stokes' contact address is listed as "firstname.lastname@example.org," and that its required permissions include everything from viewing the user's Wi-Fi connections to the ability to modify or delete the contents of the phone's USB storage.
AppBrain also notes that the app can create icons on the desktop that link to ad sites, can display ads in the Android notification bar, can create ad bookmarks in the browser, can access the browsing history, can discover the user's accounts and get the user's e-mail addresses, and can view the user's current location.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The same developer also offers fake versions of the games "Fruit Chop Ninja" and "Paper Toss 2."
F-Secure has reported the issue to both Google and Rovio, and the researchers say the apps are no longer indexed by Google's search.