Experts disagree on Android call recording 'Trojan'

According to some headlines, the sky is falling on Android. No, I am not referring to the headlines predicting that the iPhone 5 will double Apple's smartphone market share and leave Android in its dust. I am referring to reports that a new Trojan has infiltrated the Android ecosystem. Some experts, however, suggest this may not be malware, but simply an app working as intended.

A CA blog describes Android malware capable of recording entire phone calls. It also logs call and text activity, and possibly GPS location data. It sounds insidious if you are unaware that the activity is taking place. It also sounds a lot like perfectly legitimate apps like eBlaster Mobile.


So, is this app a malicious Trojan intent on tracking your Android activity, or is it just an app that tracks Android activity?

Irfan Asrar, an analyst with Symantec Security Response, explains, "Despite the fact there have been multiple reports of the app uploading the recorded voice conversations to a remote sever, our analysis has found no such functionality. It can record calls; however, physical access to the device is required in order to retrieve them."

Experts disagree on Android call recording 'Trojan'

The behavior of the app suggests that it's not malware. It clearly states what it's going to do and requests the appropriate permissions. Once installed, the icon shows up just like any other app. If it is malware, it does a very poor job of trying to hide. It seems like an app that a suspicious spouse or lover would install--intentionally--on a partner's Android smartphone.

Asrar acknowledges that the app has the ability to send GPS data, and call and SMS logs to a remote server--a server hosted by the app author. However, that data is then offered for a fee--ostensibly to the husband, wife, or lover who installed the app.

Armando Orozco, Webroot threat research analyst, sits somewhere in between malware and legitimate app. He points out that the app uses tools available in Android--a Java class called MediaRecorder--and that it is far from the only app that does so. Whether it is "malware" or just an app, its behavior is essentially indistinguishable from apps designed for spying on or monitoring Android smartphone activity.

Orozco says that an app like this blends into the background and may be easily missed by the Android smartphone owner. "Easily overlooked with 50+ apps installed, I don't think many users are aware of these surveillance apps; all it takes is an untrusting partner."

David Harley, Senior Research fellow for ESET, puts the "threat" in a even more tempered perspective. "It's an interesting item: perhaps more of a proof of concept than an epidemic in its own right, but nevertheless both technically interesting and significant. I see this as an indication that the bad guys are putting real research and development resources into exploiting the Android market."

Troy Gill, a security analyst with AppRiver, sums up the Android malware issue with this thought: "This is not the first and will certainly not be the last. Malicious apps are fast becoming the easiest way to infect a mobile device and the Android market has been the platform of choice as of late."

Harley agrees, "This may or may not be the "year of mobile malware" but I think the time has long gone when the concept of smartphone malware could be dismissed as security vendor hype around a few hobbyist Trojans."

Yes, the app exists. No, the Android malware sky is not falling--at least not yet.