14 DAY TRIAL // Back in April, security researchers from Lookout identified a piece of malware, dubbed BadNews, in 32 applications hosted on Google Play. At the time, Google rushed to remove the apps downloaded by millions of users.
However, several weeks later, Google has changed its mind, saying that BadNews is not as malicious as it first appeared.
At a recent FTC event in Washington, Google’s Adrian Ludwig, who is a member of the Android team, revealed that the company did not find evidence that BadNews pushed any malicious elements, such as SMS Trojans, as Lookout’s research indicated.
“We’ve observed the app and we’ve reviewed all the logs we have access to. We haven’t seen a single instance of abusive SMS applications being downloaded as a result of BadNews,” Ludwig said, cited by Security Ledger.
Ludwig says Google had pulled the 32 apps from Google Play because they violated Google’s Android Developer agreement, not because they had been pushing SMS fraud malware onto devices as Lookout claimed.
On the other hand, Lookout sticks to its initial evaluation of BadNews, which has been named by the company as being the first mobile ad network to distribute malware.
Lookout founder and CTO Kevin Mahaffey has told Security Ledger that they’re confident BadNews is a malicious ad network.
Mahaffey claims they’ve analyzed the code behind BadNews and found that it’s similar to the one in the RUPaidmarket malware, which indicates that the same developer is involved in both projects.
Mahaffey argues that BadNews pushes malicious ads only for short periods of time – sometimes as little as five minutes a day – which might explain why Google failed to see its true nature.