The New York Times Bits blog, DLP Mobile's new app Secret SMS Replicator, which forwards all SMS text messages to another device unbeknownst to a phone's owner, has been banned from the Android Market.Note to Android developers: the Google Android Market is open, but it's not that open. After being profiled by
The reason? The app violates the "Android Market Content Policy," which states that apps that involve "invasions of personal privacy" are not allowed.
Spying on Your Texts
The controversial app can be installed on the sly on an Android device, and, as DLP's chief executive Zak Tanjeloff told The Times, "there is no visible icon or shortcut to access it, so once it's installed, it will continue to monitor without revealing itself."
Sounds like a dream come true for stalkers, right?
Tanjeloff even noted that the company chose to develop the app for Android, because a spy app like this would never make it into the iTunes App Store for iPhone users.
Looks like it won't make it into the Google Android Market either.
Spyware vs. Spyware
Although the Google Android Market is generally more open than the curated collection maintained by Apple, it does have a few rules. No spyware being one of them. Also, no illegal content, no promotions of hate or violence, no pornography, no obscenity, no material not suitable for persons under 18, no copyright violations, no "spammy" user experiences, etc., etc.
Do those rules sound familiar? In fact, they're a lot like the rules Apple has in place - rules which have been criticized as "censorship," when wielded improperly, such as in the case of the accidental ban of the satire cartoon app from Pulitzer-winning journalist Mark Fiore.
But in Android's marketplace, rooting out the spyware isn't always so easy. In DLP's case, the app transparently advertises what it's all about - it's a spyware app - but what's more difficult to determine is when apps are after data they don't need access to.
For example, Android developer Jackeey Wu's Android Tapp application was reported as harvesting personal data and sending that data to servers in China. As it turned out, a Google investigation revealed that there was no malicious code in the app, the app was just accessing data it didn't need to. It was subsequently allowed back into the Market.
Google vs. Apple
The difference between Google and Apple's strategies, is that Apple vets apps first for violations, whereas Google pulls them after publishing. That means that malicious apps, like this latest sneaky spyware application, will often have a window where they do become available for installation from the Android Market. We asked Google if, in the case of Secret SMS Replicator, the company used its "kill switch" to remotely remove the app from any phones where it was installed. However, Google responded that it could not comment on individual apps.
What this means for end users is that, as compared to Apple, there's an increased need for anti-malware solutions to add an additional layer of protection on Google mobile devices.
In August, we put a few of these programs to the test including those from droidSecurity, Lookout, Symantec's Norton Mobile Security and Smobile. Lookout, the only one to have initially caught the app in question at the time, another sneaky spyware program called Tap Snake, was again on top of the situation with this latest threat - the company released an over-the-air update to its users to protect them from SMS Replicator.