Phishing Application Invades Android Market

Ah, and there we have it: another chapter in the discussion between open and closed when it comes to application stores. A phishing application, masquerading as a banking application from First Tech Credit Union, made its way onto the Android Market. It was removed quickly, but the damage is done.

It’s actually old news, as it dates back to December 22, 2009, but only recently did it get picked up by the web. First Tech Credit Union put a notice on their website, warning users of the fraudulent application, and noting that it had already been removed from the Android Market.

“We recently learned that a fraudster developed a rogue Android Smartphone app,” the bank warned, “It creates a shell of mobile banking apps that tries to gain access to a consumer’s financial information. Droid09 launched this phishing attack from the Android Marketplace and it’s since been removed.”

This is of course very interesting, especially since OSAlert has been harping on Apple’s restrictive application store model from pretty much day one. The Android Market is more open than Apple’s App Store, but as you can see, this has its downsides as well.

The key question here is what Google’s promises are regarding the Android Market. If you read the Terms of Service, you’ll see that Google neatly protects itself from any possible damages that might be caused by non-Google applications. “You agree that Google is not responsible for any Product on the Market that originates from a source other than Google,” the ToS states.

Apple’s Terms and Conditions for the App Store state something similar: “Apple is not responsible for that Third Party Product, the content therein, or any warranties or claims that you or any other party may have relating to that Third Party Product or your use of that Third Party Product.”

This means that despite all the talk of the Android Market or the App Store being a safe place to buy applications from, Apple nor Google is liable for any damages that third party applications may cause. As such, the type of review process is moot when it comes to who is actually responsible: Android or App Store, Google and Apple are safe.

Still, the fact here is that a dangerous application made its way onto the Market, and that’s a very bad thing. Openness comes at a price, and while Apple’s review process may be problematic, it does ensure (at least, so far) that this doesn’t happen.

In the end, though, responsibility is always on the user’s shoulders. I agree with both Apple and Google that they are not responsible for third party applications, review process or no. It might be a good idea for both Google and Apple to place a little more stress on this particular aspect.

19 Comments

  1. 2010-01-13 5:48 am
    • 2010-01-13 8:35 am
      • 2010-01-13 12:36 pm
        • 2010-01-13 12:43 pm
          • 2010-01-13 12:48 pm
          • 2010-01-14 2:12 am
          • 2010-01-14 9:24 am
          • 2010-01-15 12:43 am
          • 2010-01-14 1:11 pm
          • 2010-01-15 1:25 pm
          • 2010-01-14 11:04 pm
    • 2010-01-13 9:20 am
    • 2010-01-13 12:03 pm
      • 2010-01-13 12:53 pm
        • 2010-01-13 1:23 pm
          • 2010-01-13 1:38 pm
    • 2010-01-13 11:07 pm
  2. 2010-01-13 10:23 pm
  3. 2010-01-14 7:33 am