The Gooligan malware has now hit 1.3 million Android devices since November, the malware collects user data through an ad clicking campaign and highlighted continuing Android app security testing problems. The malware infiltrated Android devices through apps from third party app stores.

With this technique, hacking into Android devices and exploiting Android app security to collect user information is made easier. with ostensible Android apps getting around security measures, however, these are compromised with malware and put onto third party app stores.

Android’s open source structure has made developers lives easier but at the same time it has allowed opportunities for malicious apps. The key to ensuring Android app security is to  only use the Google Play Store and ignore third party app stores. Google screens out potentially harmful apps from the Play Store, and tracks the app portfolio for malicious behaviour.

According to Google, in addition to scanning apps before publishing them on Play Store, the app review process collaborates with users to flag apps for review. There is no comparable oversight in third party app stores.

Statistics for Android app security show that approximately half of Android users are still using devices running versions of Android released years ago. This makes it easier for hackers to exploit Android bugs that have been known for years and even after patches in updates. This shows the increasing danger of fragmentation of devices and operating systems for Android app security.

Checkpoint Technologies has created a tool to check whether you’re infected with the Gooligan malware, all you need to do is enter the email ID you use for your Android device.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.