Even though Google recently introduced a malware-blocking system called Bouncer to keep the Android Market safe from malicious software, crafty spammers and fraudsters are still managing to find ways around the restrictions to get their software onto users’ phones.
Security firm, Sophos have reported that there is malware going around via the Facebook application. The malicious software disguises itself as an Android app named “any_name.apk” or “allnew.apk” and is sent to Android phones via Facebook’s mobile app.
An Android user may receive a Facebook friend request and if the user goes to the requester’s profile to check them out, they could be diverted to another web page instead, where the malicious app will be automatically downloaded.
Although Android doesn’t by default allow apps to be automatically downloaded, some users choose to turn off this protection in order to have access to apps distributed outside of the Android Market. This kind of malware is similar to clickjacking, which takes place very often on Facebook.
Bouncer is a good first step towards protecting Android users, but regardless of what methods are used to lock down the Android Market, spammers and scammers can always find another way in.