More Google Android Apps found stealing Facebook passwords.

[ssfc72]

https://www.xda-developers.com/google-removes-nine-apps-for-stealing-facebook-passwords/

Google removes nine apps for stealing Facebook users’ logins and passwords.
Google has removed nine apps from the Play Store after it was found these apps stole user’s Facebook login credentials. All apps offered legitimate services and were downloaded more than 5 million times.

What's worse is Google has only banned the App publishers from submitting Apps to the Google store.  Of course, you and I know the criminals will just create a new name for themselves and go on to put more credential stealing Apps, into the Google App store.

Google needs to take action so that the persons responsible for these password stealing Apps get prosecuted and are put in jail.

[Jason]

I'm all for getting them prosecuted obviously but I'm wondering if it'd be better just to get make it too difficult to get phony apps in the store in the first place. I was curious how one gets apps in the Google Play store. It turns out there is a $25 developer fee for getting admission which isn't much. I'm not sure how many Facebook logins they can scam for that $25 but it must be worth it. If Google set that rate higher, how likely would it be to prevent this kind of nonsense? Of course, they don't want to lose potential developers either, especially the little guys. Maybe they just need a better verification process, like a tax registration number, etc, that would verify that a business was legitimate (as much as you can), too.

I never seem to hear about this with Apple apps. I wonder why?

It shows another good reason to use 2FA, though. I'm glad they mentioned that part.

Thanks for sharing, Bill. I don't have any of those apps installed but I should share this, ahem, with my Facebook friends.

[Jason]

I forgot to add that this is also a good reason to have antimalware/antivirus software on your phone. I know I'm going to sound like a commercial but I use the free version of BitDefender. It scans every program when it's installed but it has an on-demand scan, too.

It uses memory and is light on battery use, unlike some antivirus programs. It uses so little, I don't even see it on the list of the top 25 apps for usage. The bottom energy user in the list is Twitter at 1%. I primarily use Twitter for transit updates.

[fox]

.... I know I'm going to sound like a commercial but I use the free version of BitDefender. ....

Where did you get it from? I couldn't find a Linux version of BitDefender free on their website.

[Jason]

I originally got it in the Play store. Yes, I recognize the irony in installing an app from the Google Play store after reading this but there aren't any apps called Bitdefender Free, so it's alright. On their website, it's under For Home -> Mobile Tools -> Toolbox.

Maybe in the future, it might be a good idea to see if a particular app has a website and use the link from there to install it. Of course, the miscreants could do that, too. But at least it makes them do extra work to get an app installed.


Update to this post on July 11 @ 3:22 pm. Additions are in bold.

[fox]

I originally got it in the Play store. Yes, I recognize the irony in installing an app from the Google Play store after reading this but there aren't any apps called Bitdefender Free, so it's alright. On their website, it's under For Home -> Mobile Tools -> Toolbox.

I must have misunderstood. I thought you meant that you were using it on a Linux installation.