Mobile Privacy and Security: Symantec Spots Android Trojan

Dave Courbanou

August 19, 2010

2 Min Read
Channel Futures logo in a gray background | Channel Futures

Sometimes the walled garden isn’t such a bad idea. It can take forever for an App to get through the Apple red-tape, but you can feel comfortable knowing that there’s more than a good chance the app is nice and squeaky clean. You might want to be a bit more wary downloading apps on Google Android, however. A prime example: Symantec has identified a trojan in the game “Tapsnake” (which runs on Android). Here are the potential implications.

Tip of the hat to Symantec for catching this interesting find. It works like this…

You download Tapsnake, and you also have to pay and download GPS Spy on the Android platform. If you have both, and access to two different phones, GPS Spy can listen in on the location of the Android phone that has Tapsnake installed. The ‘cute’ part is that the developer explains that the trojan is there for a reason…

“Download and install the free Tap Snake game app from the Market to the phone you want to spy on. Press MENU and register the app to enable the service. Use the GPS Spy app with the registered email/key on your own phone to track the location of the other phone. Shows the last 24 hour of trace in 15 min increments.”

Obviously, the usage is up to you — nefarious or not. Maybe you’re  looking after your kid? There’s some legal issues with this, like undisclosed surveillance, but Symantec doesn’t touch on that. Getting rid of the trojan is not as easy as quitting the game because Tapsnake only has to be run once. After that, the process runs in the background for the duration the phone is in use.  However, getting the whole trick to work as advertised requires work, as Symantec details…

The silver lining here is that for the application to really be used maliciously, an attacker would need to have access to the phone to install the program. For it to work, an email address and “key” must be typed into the phone running AndroidOS.Tapsnake. This same registration information must later be typed into the phone running GPS Spy.

Bottom line? A walled garden into an App store has it’s pros and cons, but so does letting everything roam free.

Sign up for The VAR Guy’s Newsletter; Webcasts and Resource Center; and via RSS; Facebook; Identi.ca; Twitter and VARtweet.

Read more about:

AgentsMSPsVARs/SIs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like