Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Symantec backtracks from Google Android malware claims

Apps use aggressive ad network code but AV firm refuses to call them 'adware'

Article comments

Symantec has backtracked from assertions last week that 13 Android apps distributed by Google's Android Market were malicious, and now says that the code in question comes from an aggressive ad network that provides revenue to the smartphone programs.

The security firm's new stance was in line with that taken by Lookout Security, which questioned Symantec's conclusions and instead said that the apps displayed the same behavior as others funded by 10 or more similar ad networks.

Symantec dubbed the code embedded within the 13 apps "Android.Counterclank," and classified it as a Trojan horse, or malware. According to Symantec's researchers, the malware was a variation on "Android.TonClank," called "Plankton" by researchers at North Carolina State University, another Trojan first uncovered in June 2011.

The apps containing the Android.Counterclank code had been downloaded between onemillion and five million times, said Symantec, which used the Android Market's own published numbers to arrive at that range. That made it the "largest malware outbreak on the Android Market," Kevin Haley, a director with Symantec's security response team, said last Friday.

In a blog post earlier this week, Symantec retracted its earlier allegations and said that the Android.Counterclank code comes from an SDK, or software development kit, distributed to "third parties to help them monetise their applications, primarily through search."


Symantec declined to name the ad network that distributes the SDK responsible for the code it detects as Android.Counterclank.

Both Symantec and Lookout have noted that the ad network code used by the 13 apps is more aggressive than the norm.

"In general, it's changing the home page of the browser, adding additional shortcuts to the desktop, adding and even removing bookmarks," Haley said.

So, if the Android.Counterclank apps are not malicious, what are they? Adware, the name pinned to unwanted PC software in the last decade?

Haley wasn't ready or willing to assign a label.

"It took a while for some consensus then about what was adware or spyware, and what wasn't," said Haley, talking about the intense debate five-to-seven years ago about those terms. "But eventually that consensus was reached."

Symantec will still identify apps that include Android.Counterclank - a name it's also continuing to use - but will not delete them, said Haley.

"We will come up with labels when it's appropriate," said Halley. "Now, we will make sure that we tell customers what's going on on their phones. We'll tell them what it does, and let them make the decision whether they want to make the trade-off and keep the app."

App monetisation

That was essentially the same practices that security companies used initially during the debates over adware and spyware on Windows PCs. Eventually, most antivirus vendors moved to a more forceful approach, and started to automatically remove such software.

"This is an inevitable discussion on mobile," said Haley. "We're going to see app vendors experiment with how to monetise their apps on Android phones, more so on mobile than on the PC, because mobile apps are sold at very inexpensive prices or given away for free. It's understandable that we'll see some pushing the boundaries, or even going beyond them."

Symantec said it reported the 13 apps with the Android.Counterclank code to Google, but that Google said the apps did not violate any of its policies, and would remain in the Android Market.

"We expect in the future there may be many similar situations where we will inform users about an application, but the application will remain in the Google Android Market," Symantec noted.

Google has declined to comment on Symantec's original malware claims or on the counter-arguments made by Lookout Security.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *