Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

F-Secure says that Android apps are easily clonable

The good news for Android device users is that they get their apps for free, but, says the firm, it also shows how easy it is for hackers to clone an existing app for their own darker usage.

According to the IT security vendor, the repackaging of Android apps is not that new, as it saw variations of the trend with Google advertisements two years ago, although "in that case it was rogue or scareware that was being pushed by the advertisements."

"What is interesting about the case is: Android application repackaging. We've seen this tactic being used quite frequently in the last few months, as it seems to be the favoured `quick; way for malware authors to produce new Android malware", says the firm in a security posting.

F-Secure goes on to say that this seems to be a popular way for developers to produce new and clean apps, although it adds that, because Android apps are coded in Java, they have a very low thresholds for cloning, since there are few real barriers to reverse engineering the code.

The slightly good news is that the security vendor reports that most of the repackaged apps its research team have seen are "clean" in that they don't have any malicious code included in them.

"Presumably, the point of the repackaging is to include the advertisement module, with the developers gaining some kind of monetary reward when users view or click through the ads being displayed", says the firm.

"However, since the repackaging was most likely done without the consent of the original developer(s), the repackaged app would probably be considered pirated, or at least intellectual property theft to the original developer" it adds.

F-Secure asserts that this is still something of a grey area though, especially as Google doesn't actively vet every application posted on the Android Market.

"Whether most developers - and users - are going to consider these repackaged apps as just another side-effect of an `open market' philosophy, or conversely as rip-offs of a developer's honest efforts, is anybody's guess", notes the company. 

What’s Hot on Infosecurity Magazine?