BadNews seems pretty safe, says Google
Google has broken down its six-week silence on the BadNews bug, telling a US security conference that while it was justified in removing infected applications from Google Play, it had no valid evidence that BadNews was having a part in the spreading of SMS-borne frauds.
Announcing its discovery of the malware, security company ‘Lookout’ said BadNews started by running as a legitimate advertising network, but later would forward the AlphaSMS SMS fraud malware to infected devices.
The Security Ledger is now claiming that Google Android security engineer Adrian Ludwig has reported doubt on that claim, speaking to an FTC event in Washington DC.
“We have noticed the application and we’ve analysed all the logs we have access to,” TSL quotes Ludwig as saying, and “we haven’t seen any instance of abusive SMS apps being downloaded as a result of BadNews.”
Ludwig agreed with Lookout that the 32 BadNews-carrying applications found on Google Play had downloads in the “low millions”, claiming that Google had detached the apps because they violated the Android developer agreement.
Take-downs, he added, can occur for reasons other than the inclusion of malware: “removal doesn’t always mean [an] application is bad … we rarely confirm the reasons.”
The media has asked Lookout Mobile Security to respond to Ludwig’s claims. We would also note that it’s feasible that zero logs of AlphaSMS downloads could point out that users are simply ignoring messages inviting them to click on a link found in an SMS.
Chat With Our System Analyst To Remove All Kinds Of Threats And Get Online Technical Support.