Phony, potentially malicious apps are continuing to make their way into Google’s Play marketplace, triggering debate over whether applications are being properly vetted for adhering to the company’s marketplace policies.
Developers at the Root Uninstaller Team have called out another app publisher, Team DROID, for copying their work after duplicate, “hacked” versions of Root Uninstaller’s apps have popped up in Google’s Play market over the past few weeks.
Root Uninstaller, a small team responsible for creating about two dozen Android apps in the Play marketplace wrote about the issue in a post on its blog late last week. In the write-up, the company claims a fake version of its Smart RAM Booster Pro, an app that helps selectively kill less important apps running in the background on Android phones, is being sold by developers who go under the guise Team DROID.
Looking at the two, Team DROID’s version, “RAM Boost Pro,” appears to be almost almost identical to Root Uninstaller’s legitimate application, yet is priced at almost twice as much as its being sold for by Root Uninstaller. The company argues the fake “RAM Boost Pro” app is essentially Smart RAM Booster Pro with its package name changed, while other attributes, like the app’s “icon and graphical assets” remain the same.
Like Root Installer’s version, RAM Boost Pro claims its app is “designed to tackle the difficult yet crucial problem of memory management for all Android devices,” yet screenshots of the app use the same screenshots as Root Installer’s version.
Elsewhere on Play exist phony versions of Android system tools like Alexander Dejanovski’s Track Your 3G app, Sam Lu’s 1Tap Cleaner Pro app and a duplicate version of Booom Soft’s wallpaper application “Cardiogram Live Wallpaper,” all produced by Team DROID.
While Root Uninstaller describes these apps as “hacked versions” of other apps, it’s uncertain whether these apps are actually malicious or if the creators are just trying to squeeze a couple extra dollars out of smartphone owners who unknowingly download them.
Root Uninstaller writes that they’ve already informed Google of the problem and that the group hopes “[Google] will take an action to ban that publisher soon.”
An “intellectual property” clause in Google Play’s Developer Program Policy deters app developers from infringing on the intellectual property rights of others, writing that Google will ban developer accounts who break these policies.
While the apps have only been downloaded by a handful of users since being uploaded to Play the week before Christmas, it appears they’ll continue to be hosted on Google Play until the issue is addressed.
This continues to be a common problem across both Google’s Play app store and Apple’s App Store where-in attackers try to dupe unsuspecting customers into spending money on seemingly official, sometimes malicious apps.
Last summer researchers with AegisLab found a handful of fake antivirus apps on Play. That discovery, coupled with the emergence of tainted apps in Japan and increasingly diverse strains of Android malware triggered Google to clampdown on security. In the last year, the search giant created Bouncer, a mobile malware analyzer and implemented a new malware scanner for inspecting suspicious apps on Android devices.