Yesterday morning Computer Associates published a blog post about an Android trojan they say they discovered that is able to create an audio recording of a phone conversation. The audio file is stored on the phone, and it does not appear that the recording is being transfered to another computer on the Internet, although it appears the information is put on the phone to be able to perform the transfer.
What Computer Associates found is called a trojan because the unwanted behavior is hidden within an otherwise innocent appearing app. Unfortunately, Computer Associates does not actually name the app that contains the trojan, nor do they state where they got the app. What that means is that users do not have specific information about what they should avoid, beyond not installing apps from unofficial app sources.
Throughout the course of the day I have seen numerous web sites repeat the information provided by Computer Associates that provides no additional details. Phil Nickinson points out that no one has provided information disclosing the source application was in the Android Market, and therefore it is likely the average user will not encounter this problem.
Whenever I see reports such as this one I find myself conflicted. Information like this is usually disclosed by security software companies who sell products they say prevent viruses and malware, and therefore they have a vested interest in scaring people into buying their products. I would much prefer to see bulletins about security warnings coming from third party sources, or even Google (in the case of Android), who are not trying to sell people software to make devices secure.
On the other hand, given the popularity of mobile devices, it is assumed by most people that sooner or later someone is going to release a virus or some other malware that is going to do something really bad that affects a lot of people. Therefore, there are good reasons to use common sense when installing apps on a smartphone. My recommendation is that if you don’t know anything about an app, get some information about it from multiple sources before installing it on your phone.