Find out what the apps really do and then decide if they're malicious or not

Feb 1, 2012 10:19 GMT  ·  By
Install these apps on your phone only after informing yourself regarding their behavior
   Install these apps on your phone only after informing yourself regarding their behavior

After mobile security firm Lookout argued that Android.Counterclank is not a piece of malware as Symantec labeled it, the latter came forward with some new arguments to sustain their initial decision of informing users on the potential dangers.

Symantec’s update on the matter reveals that even Google decided that the apps met their Terms and Service conditions and their removal from the Android Market was unnecessary. Even the developers accused of serving malicious apps came forward to deny that their products represent malware.

“WE ARE NOT MALWARE!! Symantec, the company that wrongly labeled this app as malware the other day, have contacted us and are in the process of un-doing the mistake they did and whitelabling our product,” the developers write on Android Market.

On the other hand, Symantec explains that they maintain their initial arguments, claiming that they want to keep users informed on the behaviors of some applications that may pose a threat to regular users.

“The situation we find ourselves in is similar to when Adware, Spyware, and Potentially Unwanted Applications first made appearances on Windows. Many security vendors did not initially detect these applications, but eventually, and with the universal approval of computer users, security companies chose to notify users of these types of applications,” they said.

Now, they bring further details to support their initial arguments around the dangers presented by the applications in question.

They reveal that Tonclank and Counterclank apps come from the same vendor, a company that distributes an SDK to third parties with the purpose of helping them monetize their applications, mainly through search.

So exactly what do these apps do if installed on an Android phone?

First, they connect to a remote server and send information such as the device’s IMEI, data to identify the application that uses the SDK, device information, including OS version, display metrics, language preferences, and browser user agent.

After receiving this information, the application waits for commands from the remote server. These commands can cause the application to display a certain webpage, set the browser’s homepage to an arbitrary page, create or request bookmarks, and place shortcuts on the home screen.

Some users provided negative feedback regarding these apps and since the vendors didn’t inform their customers on the privacy implications, Symantec decided to notify people of Counterclank.

While the parties involved resolve the issue, users are advised to take the behaviors detailed by Symantec into consideration before installing the following apps: Counter Elite Force, Counter Strike Ground Force, CounterStrike Hit Enemy, Heart Live Wallpaper , Hit Counter Terrorist, Balloon Game, Deal & Be Millionaire, and Wild Man.

The complete list of names and vendors is available here.