Mobile banking applications developed for Android-based mobile devices raised a ruckus earlier this week with security issues coming to light as some Android apps were shown to be unauthorized and possibly fraudulent.
Telltale signs of rogue applications in the Android Market were first seen in December of last year when Travis Credit Union (TCU) issued a warning to alert their customers that a mobile banking app posted by a certain developer known only as 09Droid was not a legitimate offering from the institution.
The notice issued on the credit union’s website and Facebook account, and sent via email, stated that “Your mobile device may be at risk if you downloaded an application provided by 09Droid from the Android Marketplace; applications from 09Droid are NOT an authorized or legitimate downloadable application for TCU Mobile Banking.”
A similar announcement was made by First Tech Credit Union, which warned that the mobile banking app could be used as a way to steal vital personal information for the purpose of identity theft.
Dubious Banking Apps Pulled Out
As more institutions raised concerns about the legitimacy of the banking apps being offered by rogue developer 09Droid, Google pulled out the apps from the Android Marketplace. Prior to Google’s removal of the applications, developer 09Droid had more than 50 mobile banking applications on sale on the Android store. The apps were taken off the market Monday.
But while Google thought it best to remove the potentially fraudulent applications, F-Secure, the anti-virus and computer security software company looking into the matter reveals that the security community hasn’t had a chance to test or reverse engineer any of the apps in question just yet.
On the one hand, as many of the institutions for which the apps were being offered still did not have any mobile banking platforms available, it could be that the application would simply redirect users to the bank’s online banking site. But then again, F-Secure also theorizes, as do the banks, that the program could serve as a way for the programmer to pilfer login information and hack consumers’ accounts.
Tighter Screening Process Needed
Android is an open source operating system for mobile phones which has seen a sudden spike in popularity with the recent release of the much-hyped about Nexus One smartphone from Google. Applications for Android-powered smartphones can be bought and downloaded from the Android Market, the equivalent of Apple’s iPhone App Store.
Currently, about 22,000 applications are available on the Android Market — a far cry from the iPhone’s 100,000+ apps. The incident has given rise to the feedback that the screening process of applications posted on the Android store is not as lengthy and thorough as that of the AppStore.