The Google Play Store, formerly the Android Market, was recently hit with a piece of malware called BadNews. It was bad news indeed, as it stole personal information from phones and transmitted them to an offshore server.
Article Excerpt:
Read Entire ArticleLast month a form of malware called BadNews was downloaded several million times from the Google Play store. This malware impersonated an ad network and leaked personal information from affected phones to a designated offshore server. It also prompted users to install a Trojan application (AlphaSMS) which produces expensive text charges. All in all, it wasn’t pretty.
According to an article on arstechnica.com, Google examines all apps uploaded to Play (they use a cloud service called Bouncer to verify new apps against known malware signatures and test them for malware-like behavior). In this instance the BadNews-related apps were clean upon upload. The designers introduced the malware components to these programs several weeks later. I’m sure these tactics will evolve, as they always do, but fortunately there are a few principles you can rely on to avoid malware infections from Google Play (or elsewhere).