Everybody should know by now that downloading apps from Google Play is not as safe as we all would like. Admittedly, the probability of downloading malware is much smaller than on third party online Android markets, but it still exists.
Webroot researchers have recently unearthed two apps that install additional fonts on an Android device, but also offer a way in for spyware.
The apps in question, Free Galaxy Classic Fonts and Galaxy Fonts, have since been removed from Google Play, but are still offered on their developer’s official website.
Once the user downloads and runs one of the apps, and requests it to download and implement a new font, the app downloads the ikno.apk file – a spying app that forwards SMS, call logs, and location information to a web portal where the person doing the spying can review the information.
The official developer’s site apparently offers users to download iKno from the Android Market, but the users actually downloads it from the site.
My theory is that this option is for those who willingly install the app on a target device (probably when its owner is not present), and the font apps on Google Play were used to make the target unwittingly install the spyware after the attacker recommended the apps to them.
As the apps have been removed and the Google Play account offering them has been shut down, it’s impossible to tell whether the permissions requested by the apps indicate their secret nature – but the odds are they have.
Unfortunately, many users don’t even review them, so investing in a good mobile security solution is a good idea.