

Fake (Malicious) Mobile Banking App Discovered in Android Marketplace - wmeredith
http://www.phonenews.com/fake-mobile-banking-app-discovered-in-android-marketplace-9949/

======
dpcan
Dammit. Stuff like this is exactly what is going to destroy the app market for
the Android.

Who's going to download anything if they hear this can even happen?

Most developers complain about the Apple iPhone approval process, but they
don't realize how much it really HELPS them.

Consumer confidence keeps people buying mobile apps, and with the iPhone,
nobody even thinks twice about it because we have the added comfort of knowing
Apple stomps out the bad stuff - usually before we ever see it.

~~~
algorias
How is that different from desktop apps, from web apps, from an OS even? Any
program you trust in whatever way can do bad, bad things with your banking
details, private data, list of contacts, etc.

~~~
potatolicious
That isn't what happened here. Someone submitted an app purporting to be _from
the bank_.

I'm presuming that Apple will at least perform the diligence of making sure
the app author is who they say they are.

~~~
JunkDNA
Having just gone through this with Apple for a major name organization, I can
assure you they take the identity of developers very seriously. You have to be
who you say you are.

------
marcusbooster
This scenario was discussed in the most recent Cringely post, I guess someone
got inspired to start hunting.

[http://www.cringely.com/2010/01/when-is-your-bank-not-
your-b...](http://www.cringely.com/2010/01/when-is-your-bank-not-your-bank/)

------
olefoo
Someone at Apple is feeling vindicated right now.

~~~
dminor
How in-depth is the iPhone app review process? Would they catch something
trojaned into an otherwise legitimate app?

~~~
mschy
Perhaps somebody could submit one and report back.

Well... I'm sure somebody has submitted one. We just need for them to kindly
report back.

------
jkincaid
Please correct me if I'm wrong, but wouldn't it be fairly trivial to create a
phishing iPhone application (even one that got accepted to the App Store?) My
understanding is that nobody is combing through your code line by line, so you
could sneak something in there that wasn't activated until after the app was
accepted, right?

~~~
zmimon
The app would have to be signed by someone who presumably would have paid the
$99 to get the developer account with Apple and thus there would be a way to
trace (somehow) the app to some real person. Now, the identity used to get the
account could be faked, but that's no longer trivial, assuming Apple has done
things properly.

I don't quite understand however why this does not also apply to the Android
app market - surely whoever put this up there has a known identity. If not,
the whole point of the market place is undermined. All this has no bearing on
the "evilness" factor - Apple's market place is evil because it is a self-
enforced monopoly. The Android market place could have policies controlling
their apps ten times as fascist as Apple's and they would not be as evil,
because we can always go elsewhere (and maybe will, if this continues to be an
issue).

------
wrs
"I disapprove of what you submitted to the Android Market, but I will defend
to the death your right to submit it."

~~~
jmtulloss
That's fine, but what mechanisms are in place for the consumer to ensure that
what they are being shown is from who the app says it's from? I haven't
submitted an app to the Android app store, so I'm unsure.

