Google is still struggling to get rid of all Android apps that commit serious privacy violations. Google has already removed nine apps from the Play Store store after discovering they were Trojans stealing Facebook login details, specifically passwords. These applications didn’t have titles that easily denounce them, the malwares had more than 5.8 million downloads, and they presented themselves with easy-to-find titles like “Daily Horoscope” and “Cleaning Junk”.
They also stole the login session cookies. Facebook was the target in each type of these malware, but the creators could have simply directed users to other Internet services.
Google told the Ars which has already managed to ban all the creators of these types of apps from the store, although I recognize that it may not be a great solution since the malware creators are likely to create new accounts. Google may need to track the malware itself to keep the creators at bay.
The problem with this situation is that the applications accumulated millions of downloads even before being removed. Google’s extensively automated screening keeps a large amount of this type of malware out of the Play Store, yet weak protection may have helped rogue apps bypass these defenses and leave victims unaware that their Facebook data has fallen into the wrong hands.
Whatever the cause, it’s safe to say that all users should be careful when downloading any type of app whose creators are unknown, no matter how popular they might be.