Russian firm’s Android malware scam nets £50k fine
Make that up to £300k total with the refunds, but is it such a surprise that Droids continue to get attacked?
PhonepayPlus, the UK-based service regulator, has slapped down a £50,000 fine on Russian malware firm Connect Ltd for misleading its customers through extortionate SMS messages.
Connect Ltd, trading as SMSBill, used a Facebook link which downloaded malware onto Android smartphones. Upon download of the app, a text message was sent out which resulted in a £10 fine for the user.
On further exploration of the contents pages and reading the terms and regs, there was an agree/disagree option. Hitting ‘agree’ meant another £10 charge for the resultant text message.
Worse still, for UK consumers, buried within the regulations on page six, the app wrongly said there would only be a £5 charge – “about 5 GBP”, in the words of the terms.
According to the review from the tribunal, it considered the breach “very serious” and issued a formal reprimand. The breaches, four in total, were in particular related to pricing, misleading, charges without consent and registration.
ConnectLtd has also been ordered to refund all its customers who erroneously paid out within three months. It is reported in adjudication notes from PhonepayPlus that between £100,000 and £250,000 was spent by consumers on the app.
Security on the Droid
But should we expect such breaches, given how popular the Android OS is?
Back in August Viteb developer Jack Sutton put together a series of tips for DeveloperTech regarding how to stay safe with Android apps, which included ensuring everything is downloaded from Google Play, avoiding such practices as sideloading, and consistently checking updates.
“Although a lot of these third party app stores are quite reliable, there may still be a few that are really not up to the mark”, he wrote, adding: “Unless you know that your source is secure, you could be downloading a lot of viruses alongside your app.”
Yet it’s not as if there haven’t been many Android security breaches over recent months.
These have included A1 Agregator Limited fined £50,000 in May for allowing users to download Trojan horse versions of such games as Angry Birds and Assassins Creed which similarly resulted in charges for SMS messages, and, in April, more malware which was disguised as an Instagram app, naturally at around the same time the firm was sold to Facebook for $1bn (£630m).
Sophos’ Naked Security blog wrote at the time of the Instagram scam: “If you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone,” reinforcing Sutton’s earlier point.
So should consumers become more aware? Android security is just one of the hot topics that are going to be discussed at the Droid World track at Apps World, on 2-3 October at Earls Court 2, London.