Feeds

Japanese govt: Use operator-run app stores, not Google Play

Info-stealing sexy wallpaper app was downloaded 500,000 times on official site

Secure remote control for conventional and virtual desktops

Google’s security credentials have taken another hit after the Japanese government warned local Android users to download their apps from third party operator-run stores, and not Google's own Play, following the discovery of a prolific info-stealing app on the official site.

The Tokyo-based Information Technology Promotion Agency (IPA) alerted domestic Android users last Friday that a rogue app named “sexy porn model wallpaper” had already been downloaded 500,000 times from Google Play before being spotted and removed.

The app, which promises “sexy fresh girls wallpaper”, works like many others of its kind by requesting user permission to access phone information including location details, email address and terminal information before sending it on to a third party server.

While not containing any malware, the app has no good reason to request access to such info, and effectively uses the “sexy girl” content to distract users while lifting this data in the background, said IPA.

The government-backed body warned users off Google Play and instead urged them to visit third party app stores run by mobile operators – such as KDDI’s “au Smart Path”, Docomo’s “D Market” and Softbank’s “Yahoo! Market” – saying that, “in these markets, operators carry out their own checks of the app”.

Google’s Android ecosystem has long been criticised for its lack of in-built security checks, although the Chocolate Factory responded to concerns by launching an app verification service for Google Play recently.

That said, its efficacy has been called into question by researchers, and the security vendor community is claiming threats will continue to snowball on the platform.

Trend Micro, for example, predicted recently that the number of malicious and high-risk Android apps would reach the one million mark this year. ®

Boost IT visibility and business value

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.