Symantec recants Android malware claims

Now agrees with rival that apps use aggressive ad network code, declines to label them 'adware'

By , Computerworld |  Security, Android, Symantec

Symantec has backtracked from assertions last week that 13 Android apps distributed by Google's Android Market were malicious, and now says that the code in question comes from an aggressive ad network that provides revenue to the smartphone programs.

The security firm's new stance was in line with that taken by Lookout Security, which on Friday questioned Symantec's conclusions and instead said that the apps displayed the same behavior as others funded by 10 or more similar ad networks.

Symantec dubbed the code embedded within the 13 apps "Android.Counterclank," and classified it as a Trojan horse, or malware. According to Symantec's researchers, the malware was a variation on "Android.TonClank," called "Plankton" by researchers at North Carolina State University, another Trojan first uncovered in June 2011.

The apps containing the Android.Counterclank code had been downloaded between 1 million and 5 million times, said Symantec, which used the Android Market's own published numbers to arrive at that range. That made it the "largest malware [outbreak] on the Android Market," Kevin Haley, a director with Symantec's security response team, said in an interview last Friday.

In a blog post Monday, Symantec retracted its earlier allegations and said that the Android.Counterclank code comes from an SDK, or software development kit, distributed to "third parties to help them monetize their applications, primarily through search."

Symantec declined to name the ad network that distributes the SDK responsible for the code it detects as Android.Counterclank.

Both Symantec and Lookout have noted that the ad network code used by the 13 apps is more aggressive than the norm.

"In general, it's changing the home page of the [smartphone's] browser, adding additional shortcuts to the desktop, adding and even removing bookmarks," said Haley in a follow-up interview today.

So, if the Android.Counterclank apps are not malicious, what are they? Adware, the name pinned to unwanted PC software in the last decade?

Haley wasn't ready or willing to assign a label.

"It took a while for some consensus then about what was adware or spyware, and what wasn't," said Haley, talking about the intense debate five-to-seven years ago about those terms. "But eventually that consensus was reached."

Symantec will still identify apps that include Android.Counterclank -- a name it's also continuing to use -- but will not delete them, said Haley.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question