Bitdefender antimalware researchers Csaba-Zsolt Juhos and Vlad Ilie thoroughly documented SndApps as a trojan malware family – but Google doesn’t see it their way.
The first instance of a SndApps adware trojan was discovered and described by a NCSU team with Assistant Professor Xuxian Jiang at the lead on July 4 this year and removed on July 17 by Google from the Android Market.
Yet, the applications have been returned and are still present in the Android Market, having underwent a few changes – such as the addition of “interesting” EULAs and encryption for the haul of data they make off with.
Apparently, that’s all it took for Google to re-instate them on the market.
This, for an app that takes the phone’s IMEI, the victim’s phone number and e-mail address, the network operator name and country code, encrypts the stolen information using AES/CBC and uploads it to a server controlled by the malware authors. This done, it proceeds to serve advertisements, in the form of notifications.
Not what you or I would call a legitimate app – yet the rigid rules set by Google make it possible for these programs to continue to be distributed, under the aegis of the Android Market.