Tap Snake Game in Android Market is Actually Spy App

Posted on August 18, 2010


Android Users Just Need to Pay Attention? Is Security the End User’s Job?

Security experts report that an Android Market game titled Tap Snake is in reality a client for GPS Spy, a commercial spying application that harvests users’ location data. According to computer security firm F-Secure, Tap Snake (created by development firm Maxicom) by runs in the background forever following installation, even restarting automatically when users reboot their Android device–in addition, the game secretly reports the smartphone’s GPS location to a server every 15 minutes. “GPS Spy is a simple mobile spying tool and only costs $4.99,” F-Secure notes on its News from the Lab blog. “When bought, the application advises you to download and install the ‘Tap Snake game’ to the phone you want to spy on. During installation, the game is registered with a keycode to enable spying. This means that the spy has to have physical access to the phone he wants to spy on.”

F-Secure said it expects Google will remove Tap Snake from Android Market in the imminent future, speculating the digital services giant could also activate the storefront’s kill switch. In late June, Google confirmed it had recently activated Android Market’s remote application removal tool to wipe all installed copies of two unnamed research applications voluntarily deleted by their developer. Google cites violations of the Android Market Developer Distribution Agreement or Content Policy as the catalysts behind most app removals–in the event a malicious app poses a threat, Google also maintains technologies and processes to remove installed apps from Android devices, adding it sends the user a notification in the event it deletes software from their device.

Security firms are advising of the threat but also noting that it’s not a major one nor is it likely to be all that widespread. Android users, warns the mobile industry news source GoMo News, just “need to pay attention” to the permissions apps require.

UPDATE! Google’s official comment on this application:

When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a phone’s GPS location. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. They can also view ratings and reviews to help decide which applications they choose to install. We consistently advise users to only install apps they trust. “

Posted in: Uncategorized