Rogue applications developed to steal banking credentials from users were discovered late last month in Google's Android Market online software store.The malicious programs were disguised as a legitimate mobile banking apps and were designed to steal users' online banking credentials, according to Oregon-based First Tech Credit Union, which posted a fraud alert about the threat on Dec. 22.
A source close to Google confirmed to SCMagazineUS.com on Monday that several applications using the names of banks, without permission, were removed from the Android Market.
The applications were investigated and Google "didn't find any malicious activity such as attempts to collect user information or passwords,” the source said.
Google launched the Android cell phone operating system in September. At the time, Google began touting that its app store was open, making it and easier for developers to distribute their apps for Android-powered devices.
“Android Market is open to all Android application developers,” Google says on its Android Market Publisher Site login page. “Once registered, developers have complete control over when and how they make their applications available to users.”
That runs in contrast to Apple, which personally vets every application, it says, to guard customer privacy and shield users from inappropriate content.
A Google spokeswoman told SCMagazineUS.com in an email Monday that applications on Android Market that identify themselves with third-party marks [such as bank names] without permission are not allowed.
"If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations," a Google spokeswoman said.
[An earlier version of this story was corrected Tuesday, January 12, 2010 at 3:20 p.m. EST. The earlier story reported that First Tech Credit Union and Travis Credit Union customers were targeted by the rogue application. They were not.]