Android Banking Scam App Shoots Phish In Google's Barrel

The crime: identity theft. The location: the Android Market. The weapon: a free "banking" app. The lesson: you should be terrified at all times, of all things, even if Google says you shouldn't be.

Downloading your bank's mobile app seemed like a surefire way to avoid stumbling into a phishing scam. It was the prudent thing to do! Until this week, when malicious software masquerading as an official First Tech Credit Union banking app wormed its way into the Android Market. Of course, when I say "wormed" I really mean "strode more or less undisturbed," because that's what you do in the Android Market—approvals take hours, not days, and the inspection process seems to be cursory, at best.

This doesn't highlight a problem so much as a tradeoff: do you want your primary app resource to be mostly unfiltered and non-exclusive, so no company can tell you what you can or can't download, but where you're possibly exposed to scam apps like this? Or do you need to be held in the warm, protective breast of a multination corporation, guarded by its app approval minions, who go over every app with a fine-tooth comb?

Either way, its worth noting that this is only somewhat indicative of a weakness in the Android Market concept, because it shouldn't have happened—they theoretically screen for malicious apps. But it did, so at the very least be more scared careful. [First Tech Credit Union via AndroidGuys]