Phishing app sneaks on to Android Market

Google's Android Market does not subject apps to any stringent checks

A rogue application disguised as an authentic banking app has been removed from Google's Android Market app store after it turned out to be a phishing scam.

The software was posted by a user called 'Droid09', and claimed to be a banking app from US bank First Tech Credit Union.

However, the bank confirmed in a statement on its web site that it does not have any Android apps, and urged customers who have downloaded the software to remove it and consult their provider to ensure that it has been removed entirely.

The attack highlights the risk to mobile users of downloading apps, particularly from sites without stringent checking procedures, and will strengthen Apple's position of rigorously vetting apps, for which it has been criticised in the past.

Rik Ferguson, senior security advisor at Trend Micro, warned that the incident highlights a growing trend of attacks on mobile devices in recent months, as consumers begin to use mobiles more regularly for services which may expose personal data.

"Criminals always follow market trends so, if the use of mobile devices for banking continues to rise, there will also be a proliferation of attacks of this nature. App stores like Android's will need more stringent checking procedures in place," he said.

Ferguson added that he expects this single incident to lead Google to re-evaluate its current procedures for allowing applications on to the site.

A Google spokesperson said that the Android Market Content Policy clearly states that it does not allow any application to identify itself with third-party marks without permission.

"If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations," the spokesperson added.