Fake Battery Apps Invade Androidland

By Harry McCracken | Monday, October 17, 2011 at 8:02 am

More evidence that Android is the Windows of mobile operating systems: It’s under attack by sleazeware. PCWorld’s Tom Spring reports:

Brandt says that one Android battery app, called both Battery Doctor and Battery Upgrade, is particularly problematic: Not only does it not upgrade a battery or extend a charge, but when it’s installed and unlocked, it harvests the phone’s address book, the phone number, the user’s name and email address, and the phone’s unique identifying IMEI number. With a phone user’s name, IMEI, and wireless account information, an attacker could clone the phone and intercept calls and SMS messages, or siphon money from a user by initiating premium calls and SMS services. Once the battery app is installed the program sends the phone ads that appear in the drop down status bar of the phone at all times – whether the app is running or not. Lastly it periodically transmits changes to the user’s private information and phone-hardware details to its servers.

18 Comments

Read more: Google, Google Android, Operating Systems, Security, Smartphones

18 Comments For This Post

The_Heraclitus Says:
October 17th, 2011 at 9:47 am

Same pattern. Malware writers go after the largest installed base.

David Hamilton Says:
October 19th, 2011 at 12:07 am

Too simplistic. They go after a combination of size of market and ease of exploitation. These two factors attract a community of hackers, who then create tools for each other, which attracts more hackers.

Both iOS and Android are large enough to attract loads of attention from malware writers, it's just that (at the moment) that Android market is making it the easy target.

Jag Says:
October 17th, 2011 at 9:58 am

But..But…But….Android is open!

The_Heraclitus Says:
October 17th, 2011 at 10:30 am

Correct. What is your point?

Sir Fatty Says:
October 17th, 2011 at 10:04 am

And of course this cannot happen if you are using the Android marketplace. This only happens if you allow the software to be installed from unknown sources. A non-story really.

Chris Says:
October 17th, 2011 at 1:51 pm

I hate my HTC Evo. Every time I go to install an app, there's a long list of permissions I need to give it, like access to this or that. It's really a PITA. My iPad doesn't have that issue. I'll take Closed and Curated any day over Open and Malicious.

JohnFen Says:
October 17th, 2011 at 2:52 pm

@Chris: And I’ll take free & open any day over closed and curated. It’s a good thing that we can each have our preference 🙂

MJPollard Says:
October 18th, 2011 at 5:47 am

@JohnFen: Agreed 100%. It’s my choice to be informed about the choices I’m making and allow me to make them and take the risks if I so choose, rather than be coddled and treated like a mentally challenged child who can’t make decisions for myself.

JohnFen Says:
October 18th, 2011 at 11:16 am

As a general point of interest for those of us who prefer the free & open way, may I suggest DroidWall. It enables iptables firewalling, so you can choose which applications have access to networking. I recommend it highly, and the way I use it is to firewall off all apps by default and only allow access if the app doesn’t work. This also prevents apps from phoning home, so bonus!

MJPollard Says:
October 18th, 2011 at 11:42 am

@JohnFen: Thanks for the info; I’ll definitely look into DroidWall!

David Hamilton Says:
October 19th, 2011 at 12:14 am

@JohnFen, @MJPollard
Taking informed decisions is great and so is installing firewalls., and I'm sure that your phone is the right choice for you, however…

What about the 'man in the street', the one who has to use Google to find Facebook each time, the one who just wants 'a phone', has no idea what all those permissions mean (and doesn't care) and thinks a firewall is something you put in buildings?

What I hate is when 'geek technology' tries to force everyone to be geeks too, and regards those that won't get with the programme as unfortunate victims who had it coming.

JohnFen Says:
October 19th, 2011 at 6:35 am

@David Hamilton:

But as Sir Fatty mentioned, if you stay with the Android Marketplace, then your risk is the same as with the iPhone. That provides the curated environment that many people enjoy, no need to be a geek.

Android simply gives you the choice to be able to use your device to full advantage in true geek fashion, or to use it in a walled garden if you don’t want to take that responsibility.

And there’s still the iPhone, of course. As I said, it’s a wonderful thing that there are options suitable to either camp.

David Hamilton Says:
October 20th, 2011 at 3:32 am

Am I wrong in believing that that 'curation' is still only done retro-actively, initially trusting apps and only removing them once they have been proved to be malicious?

Am I also wrong in believing that users need to grant specific permissions even for apps from the Marketplace? Apparently there are 22 (22!) different permissions, and I note that Google autosuggests 'Android Permissions Explained' as the top completion when you start to type Android Permissions, which is a real warning sign – a sign that this is something people don't understand.

I also note that the explanations contain comments like "Unfortunately this permission seems to be a bit of a mixed bag" and "You will have to be very careful with this setting and use your judgment" as part of the permission explanations – http://techpp.com/2010/07/30/android-apps-permiss…. Also, according to this study over 30% of apps request permissions that they don't actually need (and, presumably, are happily given them by the users).

It is deeply ironic that Google on the one hand have so little trust in user's judgement that they force Chrome to auto-update (not on my computers it doesn't – ha!) in the name of 'security', and yet on the other they push complex and nuanced security decisions into the hands of the users.

The last 20 years has shown trust and the internet to be a lethal cocktail. I wish the Android market good luck, and hope that it doesn't need it.

Sidebar: I do find replying using the 'reply' link against the specific comment to be very helpful when holding a conversation, as they get notified of your response, and the comment area doesn't get cluttered with overlapping threads!

JohnFen Says:
October 21st, 2011 at 10:34 am

@David Hamilton:

“Am I wrong in believing that that ‘curation’ is still only done retro-actively, initially trusting apps and only removing them once they have been proved to be malicious? ”

I don’t know, as this is an area I have no interest in and haven’t investigated.

“Am I also wrong in believing that users need to grant specific permissions even for apps from the Marketplace?”

Yes, you are wrong. When I install an app, I am given a list of the permissions that the apps requires, but I don’t have to specifically grant each and every permission separately. It’s just an information screen that appears just before clicking the “approve & install” button. That way, if I care, I can read it and decide not to install it after all. Or, if I don’t care, I don’t have to pay any attention to it at all.

Google isn’t pushing nuanced security decisions on the user. It’s empowering the user with information so they can make informed choices, if they care about such things. Users who don’t care can simply ignore the whole issue.

That the iPhone doesn’t do this sort of thing is one of the three major reasons I opted for Android. The iPhone makes me very nervous on this score, as I have no idea what the apps are actually doing.

JohnFen Says:
October 21st, 2011 at 10:36 am

“Sidebar: I do find replying using the ‘reply’ link against the specific comment to be very helpful when holding a conversation, as they get notified of your response, and the comment area doesn’t get cluttered with overlapping threads!”

I don’t see any such link. 🙁

Jeff Thomson Says:
January 18th, 2012 at 3:00 am

This is my first opportunity to visit this website. I found some interesting things and I will apply to the development of my blog. Thanks for sharing useful information.

Must University | Must University | Must University

Jeff Thomson Says:
January 18th, 2012 at 3:01 am

I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

Must University | Must University

office design Says:
February 13th, 2012 at 2:35 am

It will pop a low battery warning up on the screen once triggered, so all you need after that is the ability to feign shock and disappointment over not being able to let your pal pop bubble-wrap for 20 minutes.

The_Heraclitus Says:
October 17th, 2011 at 9:47 am
Same pattern. Malware writers go after the largest installed base.
David Hamilton Says:
October 19th, 2011 at 12:07 am
Too simplistic. They go after a combination of size of market and ease of exploitation. These two factors attract a community of hackers, who then create tools for each other, which attracts more hackers.

Both iOS and Android are large enough to attract loads of attention from malware writers, it's just that (at the moment) that Android market is making it the easy target.
Jag Says:
October 17th, 2011 at 9:58 am
But..But…But….Android is open!
The_Heraclitus Says:
October 17th, 2011 at 10:30 am
Correct. What is your point?
Sir Fatty Says:
October 17th, 2011 at 10:04 am
And of course this cannot happen if you are using the Android marketplace. This only happens if you allow the software to be installed from unknown sources. A non-story really.
Chris Says:
October 17th, 2011 at 1:51 pm
I hate my HTC Evo. Every time I go to install an app, there's a long list of permissions I need to give it, like access to this or that. It's really a PITA. My iPad doesn't have that issue. I'll take Closed and Curated any day over Open and Malicious.
JohnFen Says:
October 17th, 2011 at 2:52 pm
@Chris: And I’ll take free & open any day over closed and curated. It’s a good thing that we can each have our preference 🙂
MJPollard Says:
October 18th, 2011 at 5:47 am
@JohnFen: Agreed 100%. It’s my choice to be informed about the choices I’m making and allow me to make them and take the risks if I so choose, rather than be coddled and treated like a mentally challenged child who can’t make decisions for myself.
JohnFen Says:
October 18th, 2011 at 11:16 am
As a general point of interest for those of us who prefer the free & open way, may I suggest DroidWall. It enables iptables firewalling, so you can choose which applications have access to networking. I recommend it highly, and the way I use it is to firewall off all apps by default and only allow access if the app doesn’t work. This also prevents apps from phoning home, so bonus!
MJPollard Says:
October 18th, 2011 at 11:42 am
@JohnFen: Thanks for the info; I’ll definitely look into DroidWall!
David Hamilton Says:
October 19th, 2011 at 12:14 am
@JohnFen, @MJPollard
Taking informed decisions is great and so is installing firewalls., and I'm sure that your phone is the right choice for you, however…

What about the 'man in the street', the one who has to use Google to find Facebook each time, the one who just wants 'a phone', has no idea what all those permissions mean (and doesn't care) and thinks a firewall is something you put in buildings?

What I hate is when 'geek technology' tries to force everyone to be geeks too, and regards those that won't get with the programme as unfortunate victims who had it coming.
JohnFen Says:
October 19th, 2011 at 6:35 am
@David Hamilton:

But as Sir Fatty mentioned, if you stay with the Android Marketplace, then your risk is the same as with the iPhone. That provides the curated environment that many people enjoy, no need to be a geek.

Android simply gives you the choice to be able to use your device to full advantage in true geek fashion, or to use it in a walled garden if you don’t want to take that responsibility.

And there’s still the iPhone, of course. As I said, it’s a wonderful thing that there are options suitable to either camp.
David Hamilton Says:
October 20th, 2011 at 3:32 am
Am I wrong in believing that that 'curation' is still only done retro-actively, initially trusting apps and only removing them once they have been proved to be malicious?

Am I also wrong in believing that users need to grant specific permissions even for apps from the Marketplace? Apparently there are 22 (22!) different permissions, and I note that Google autosuggests 'Android Permissions Explained' as the top completion when you start to type Android Permissions, which is a real warning sign – a sign that this is something people don't understand.

I also note that the explanations contain comments like "Unfortunately this permission seems to be a bit of a mixed bag" and "You will have to be very careful with this setting and use your judgment" as part of the permission explanations – http://techpp.com/2010/07/30/android-apps-permiss…. Also, according to this study over 30% of apps request permissions that they don't actually need (and, presumably, are happily given them by the users).

It is deeply ironic that Google on the one hand have so little trust in user's judgement that they force Chrome to auto-update (not on my computers it doesn't – ha!) in the name of 'security', and yet on the other they push complex and nuanced security decisions into the hands of the users.

The last 20 years has shown trust and the internet to be a lethal cocktail. I wish the Android market good luck, and hope that it doesn't need it.

Sidebar: I do find replying using the 'reply' link against the specific comment to be very helpful when holding a conversation, as they get notified of your response, and the comment area doesn't get cluttered with overlapping threads!
JohnFen Says:
October 21st, 2011 at 10:34 am
@David Hamilton:

“Am I wrong in believing that that ‘curation’ is still only done retro-actively, initially trusting apps and only removing them once they have been proved to be malicious? ”

I don’t know, as this is an area I have no interest in and haven’t investigated.

“Am I also wrong in believing that users need to grant specific permissions even for apps from the Marketplace?”

Yes, you are wrong. When I install an app, I am given a list of the permissions that the apps requires, but I don’t have to specifically grant each and every permission separately. It’s just an information screen that appears just before clicking the “approve & install” button. That way, if I care, I can read it and decide not to install it after all. Or, if I don’t care, I don’t have to pay any attention to it at all.

Google isn’t pushing nuanced security decisions on the user. It’s empowering the user with information so they can make informed choices, if they care about such things. Users who don’t care can simply ignore the whole issue.

That the iPhone doesn’t do this sort of thing is one of the three major reasons I opted for Android. The iPhone makes me very nervous on this score, as I have no idea what the apps are actually doing.
JohnFen Says:
October 21st, 2011 at 10:36 am
“Sidebar: I do find replying using the ‘reply’ link against the specific comment to be very helpful when holding a conversation, as they get notified of your response, and the comment area doesn’t get cluttered with overlapping threads!”

I don’t see any such link. 🙁
Jeff Thomson Says:
January 18th, 2012 at 3:00 am
This is my first opportunity to visit this website. I found some interesting things and I will apply to the development of my blog. Thanks for sharing useful information.

Must University | Must University | Must University
Jeff Thomson Says:
January 18th, 2012 at 3:01 am
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

Must University | Must University
office design Says:
February 13th, 2012 at 2:35 am
It will pop a low battery warning up on the screen once triggered, so all you need after that is the ability to feign shock and disappointment over not being able to let your pal pop bubble-wrap for 20 minutes.

The Weird History of Windows
Laptopia: Twenty-One Totally Bizarre Laptops
Fifteen Classic Game Console Design Mistakes
The Thirteen Greatest Error Messages of All Time
When the Muppets Worked for IBM
Tech Products That Were Brilliant. And Doomed
The Legend of the Legend of Zelda
15 Breakthrough Products That Went Absolutely Nowhere
The 25 Most Notable Quotes in Tech History
How 1940s Whiskey Ads Predicted the Future
The Great Operating System Games
The Weird Secret Origin of Tech's Favorite Insult

Technologizer by Harry McCracken

Fake Battery Apps Invade Androidland

18 Comments For This Post

The Weird History of Windows

Laptopia: Twenty-One Totally Bizarre Laptops

Fifteen Classic Game Console Design Mistakes

The Thirteen Greatest Error Messages of All Time

When the Muppets Worked for IBM

Tech Products That Were Brilliant. And Doomed

The Legend of the Legend of Zelda

15 Breakthrough Products That Went Absolutely Nowhere

The 25 Most Notable Quotes in Tech History

How 1940s Whiskey Ads Predicted the Future

The Great Operating System Games

The Weird Secret Origin of Tech's Favorite Insult

Technologizer Info

Technologizer Everywhere

Technologizer Topics