Sophos Cloud Optix
Trouble with law enforcement started back in 2012 for the three alternative Android app markets.
Back in August 2012, websites called snappzmarket.com, appbucket.net and applanet.net went off the air in a takedown that the Federal Bureau of Investigation (FBI) refers to as “the first time website domains involving mobile device app marketplaces [were] seized.”
Fast forward nearly two years, and things just got a lot worse for several of the alleged operators of those sites.
According to the FBI, Messrs Taylor, Walton, Sharp, Blocker, Buckley and Lee have recently been charged with criminal offences relating to Android app piracy.
We’re not talking about a couple of dodgy apps on your phone here.
The allegations claim that the accused served up more than 5,000,000 copies of other people’s Android apps, without bothering to ask permission first, and without bothering to pay up the fees that the apps’ authors would have collected by selling their apps on legitimate markets.
(The FBI doesn’t identify those legitimate markets, but it’s reasonable to assume that the Google Play Store is one.)
Four others connected with the piracy operation, Messrs Peterson, Dye, Narbone and Pace, were charged earlier in 2014 and pleaded guilty.
The piracy allegations relate to the period from August 2010 to the shutdown in August 2012, which means more than 5,000,000 downloads in just two years.
That works out at close to five Android users every minute who couldn’t resist the chance to avoid paying the typically modest price of a popular paid Android app by going “off market.”
Piracy and malware
The charges relate only to crimes involving intellectual property, such as copyright, so there’s no suggestion that the accused were running a malware dissemination racket at the same time.
So we’re not going to trot out the usual line that you should be careful of pirated apps in case you get infected.
We’ll ask you to avoid pirated apps because you jolly well know that you ought to be paying for them, or choosing legal free alternatives instead.
And, having said that, we are going to trot out the “be careful” line, after all.
For all that there are many reputable apps to be had in many reputable non-Google app markets, you should assume that anyone who cares little enough about an app’s creator to rip him off probably doesn’t care terribly much about you, either.
After all, an app pirate can’t take a cut of the revenue from a paid app that he’s just “sold” you for nothing, so it’s worth bearing in mind that he might try to load up your “free” apps with what you might euphemistically call bonus content.
In fact, even free apps from the Play Store, rebundled into free apps on alternative markets, may contain unwanted surprises.
From Angry Birds to Flappy Bird, and from Instagram to Zelda, wandering into unregulated and poorly-secured alternative Android markets can be a recipe for trouble.
What to do?
Our suggestions:
- Stick to Google’s Play Store as far as you can.
- Don’t be tempted by free versions of apps that are supposed to cost money.
- Watch out for “alternative” versions of apps that are already free.
- Consider using an anti-virus and app reputation advisor on your Android.
And, if you’re thinking to yourself, “But you guys *would* say that,” then…
…yes!
We would, and we just did!
Image of pirate, arrr! courtesy of Shutterstock.
While you’re correct in warning us to be careful witrh such sources, there are others that can be risky.
There are many ‘download’ websites and some are very well known, but many seem to ‘bundle’ unannounced ‘bonus software’ in with the item you actually want. So you have to be very careful about where you download from and to be very, very careful to watch out for ‘foistware’ bundled in with what you really wanted- which means monitoring the installer *all* the time it is running! Some of these ‘foistware’ items are well known products, such as Google Chrome, but that’s not what you wanted in the first instance – so it is being ‘foisted’ on you and you have to refuse/reject the offer and make sure you ‘untick’ the selection and to ‘untick’ what I call the ‘let us hijack your home page’ tick box.
Even some big names in the software industry try to foist unwanted software on you and some of what is being offered is not actually free – or else it’s an old version or it’s not very good anyway!
My advice is to always assume ‘they’ want to foist unwanted junk on you and you have to be very wary to avoid getting caught out. Else you might find it difficult to find you own homepage again!
We have discussed this “foistware” habit of mainstream companies before, such as as Adobe:
http://nakedsecurity.sophos.com/patch-tuesday-wrap-up-may-2014-adobe-and-microsoft
And Oracle:
http://nakedsecurity.sophos.com/oracle-please-stop-sneakily-foisting-third-party-toolbars
At least Oracle and Adobe add the foistware to their own software installers.
CNET takes the whole foistware concept one step further by offering you other people’s software, adulterated with foistware:
http://nakedsecurity.sophos.com/popular-security-tool-nmap-at-the-middle-of-a-security-brouhaha
I’m wondering…..are there big bottom-line profits in peddling unwanted toolbars? Adobe, CNET, Oracle……I avoid CNET downloads, no exceptions.
I recall reading that they are paid per install. Can’t remember where, it may well have been here, in one of those links!