Experts disagree on Android call recording 'Trojan'

Sources are reporting discovery of new Android app malware, but others say it is simply a legitimate app with sneaky motives

According to some headlines, the sky is falling on Android. No, I am not referring to the headlines predicting that the iPhone 5 will double Apple's smartphone market share and leave Android in its dust. I am referring to reports that a new Trojan has infiltrated the Android ecosystem. Some experts, however, suggest this may not be malware, but simply an app working as intended.

A CA blog describes Android malware capable of recording entire phone calls. It also logs call and text activity, and possibly GPS location data. It sounds insidious if you are unaware that the activity is taking place. It also sounds a lot like perfectly legitimate apps like eBlaster Mobile.

So, is this app a malicious Trojan intent on tracking your Android activity, or is it just an app that tracks Android activity?

Irfan Asrar, an analyst with Symantec Security Response, explains, "Despite the fact there have been multiple reports of the app uploading the recorded voice conversations to a remote sever, our analysis has found no such functionality. It can record calls; however, physical access to the device is required in order to retrieve them."

The behavior of the app suggests that it's not malware. It clearly states what it's going to do and requests the appropriate permissions. Once installed, the icon shows up just like any other app. If it is malware, it does a very poor job of trying to hide. It seems like an app that a suspicious spouse or lover would install -- intentionally -- on a partner's Android smartphone.

Asrar acknowledges that the app has the ability to send GPS data, and call and SMS logs to a remote server -- a server hosted by the app author. However, that data is then offered for a fee -- ostensibly to the husband, wife, or lover who installed the app.

Armando Orozco, Webroot threat research analyst, sits somewhere in between malware and legitimate app. He points out that the app uses tools available in Android -- a Java class called MediaRecorder -- and that it is far from the only app that does so. Whether it is "malware" or just an app, its behavior is essentially indistinguishable from apps designed for spying on or monitoring Android smartphone activity.

Orozco says that an app like this blends into the background and may be easily missed by the Android smartphone owner. "Easily overlooked with 50+ apps installed, I don't think many users are aware of these surveillance apps; all it takes is an untrusting partner."

David Harley, Senior Research fellow for ESET, puts the "threat" in a even more tempered perspective. "It's an interesting item: perhaps more of a proof of concept than an epidemic in its own right, but nevertheless both technically interesting and significant. I see this as an indication that the bad guys are putting real research and development resources into exploiting the Android market."

Troy Gill, a security analyst with AppRiver, sums up the Android malware issue with this thought: "This is not the first and will certainly not be the last. Malicious apps are fast becoming the easiest way to infect a mobile device and the Android market has been the platform of choice as of late."

Harley agrees, "This may or may not be the "year of mobile malware" but I think the time has long gone when the concept of smartphone malware could be dismissed as security vendor hype around a few hobbyist Trojans."

Yes, the app exists. No, the Android malware sky is not falling -- at least not yet.

Tags spamantispamconsumer electronicssecurityvirusesAndroidsmartphonesphishingmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?