2012-0327

Google Play bug installs Russian email app on some Samsung Android devices

1 Comment[Author: Category: News ]

A strange event today has a lot of Samsung Android owners rightfully worried about malware on the Android Market. We’ve received a raft of tips from users who have discovered an app titled “МТС Мобильная Почта” (MTS Mobile Mail) on their Samsung devices, an app they never installed and are finding it difficult to uninstall.

As near as we can tell, the issue appears to be this: Samsung has several pieces of software that it installs on it devices but that aren’t in the Google Play store (for obvious reasons). However, every single Android app has an app name that identifies it on the Android system, in this case the “unique” name is com.seven.Z7, which identifies Samsung’s email app. What appears to have happened is that Russian developer OJSC Mobile Telesystems gave that unique identifier to its “МТС Мобильная Почта” app, and so these Samsung devices were tricked into thinking it was an update to Samsung’s email client. Since Google Play allows for automatic updating of all apps, it was installed on many devices.

Unfortunately, we don’t have a clear idea as to why this company gave this app that ID but don’t believe that it had malicious intent by doing so — early indications from the folks at xda-developers indicate that the app is not a threat. For those of you steeped in mobile history, you may remember that Seven created popular email services for Windows Mobile back in the day, but now the company has moved on to providing those services as a white label, hence the com.seven.Z7 app id on Samsung’s email app. It’s possible (and likely, actually) that OJSC simply received the same white label service from Seven and the identical app name and signing certificate is an unfortunate mix up.

There are a couple of issues at play here. First, Google Play needs to be more intelligent about automatic updates for carrier-installed apps that are already on the phone, the fact that merely having the same App ID appears to be enough to get software installed via an automatic update is potentially a serious security problem. Second, although it doesn’t appear that OSJC was acting maliciously, giving its email app the same App ID as one already in very common use was a mistake — although to be fair that App ID wasn’t yet in use on the Google Play store, only within Samsung’s own ROM. Then again, this is not the first time that this issue has cropped up.

Right now, it looks like that the process for removing the app may require some Android hacking skills, but we have reached out to both Samsung and Google to get more details. In the meantime, “МТС Мобильная Почта” has been taken down from the Google Play Store. We’ll let you know when we hear more.

Related posts:

  1. FBI asked Google to unlock Android phone
  2. Could the Asus MeMo Become a $199 Google-Branded “Nexus” Tablet
  3. Samsung confirms Android 4.0 update for Galaxy S II, Galaxy Tab and more
Tags: ,
«
»

Add a comment »One comment to this article

  1. Chyba v Google Play Store spôsobuje zmätky u niektorých majiteľov Samsung telefónov | MojAndroid.sk

*

Copyright © All Rights Reserved · Green Hope Theme by Sivan & schiy · Proudly powered by WordPress