Lookout: Android.Counterclank is aggressive advertising, not malware

Lookout: Android.Counterclank is aggressive advertising, not malware

Remember last week when we reported on Symantec’s finding that Android.Counterclank had infected somewhere between one and five million Android users?  According to Lookout Mobile Security, infected isn’t the word we should be using.  As they see it, there is no malicious activity going on here, just shady advertising techniques.  A post on Lookout’s blog breaks down what they see going on with Apperhand code inserted in the 13 applications.  While they found that there’s no real threat to worry over, the details are shady nonethless.

How would you feel if an app was pushing bookmarks to your Android smartphone?  That’s one of the things going on with these applications, as uncovered by Lookout.

  1. It is capable of identifying the user uniquely by their IMEI, for instance, but unlike some networks this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data.
  2. The SDK has the capability to deliver “Push Notification” ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.
  3. The SDK drops a search icon onto the desktop. Again, we consider it bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe.  In this case, it is simply a link to a search engine.
  4. The SDK also has the capability to push bookmarks to the browser.  In our opinion, this crosses a line; although we do not believe this is cause to classify the SDK as malware.

We’re already hardcore against applications that push ads down to our phones and tablets with crap that shows up in notifications bars.  To hear that we’re getting bookmarks pushed to our device as well…? We hate to single out developers here, but if you use this type of stuff then we cannot endorse your experience.

For its part, Symantec has published a follow up post which is definitely worth a read.

Ok, so Android.Counterclank has pissed off somewhere between one and five million Android users.

About author

Scott Webster
Scott Webster 6602 posts

Scott has been running AndroidGuys since 2007 and loves nothing more than reading up on the latest smartphone rumors. His other mobile efforts can be found on Android Update (CNET) where he covers Google's mobile platform.

You might also like

News and Rumors

Android Market, Available in the Android Market

For a brief period of time tonight, a tablet-optimized version of the Android Market was among Google-published apps listed in the web version of the Android Market. Though the detail

News and Rumors

Sprint Making it Easier to Become Their Customer

If you have been considering switching over to Sprint as your mobile carrier, (I know I have been, sorry T-mo, you are the only carrier with no 3G and no service in my home area), now may be the time to do it. Sprint is right now offering people who have smartphone contracts with other carriers $125 for each number ported over. If you are a non-smartphone user, they are offering $50. Check out the quote from Sprint’s posting on their site:

News and Rumors

Report: Samsung Hoping to Double Smartphone Market Share by the End of 2010

Samsung is hoping to up its global smartphone market share this year from 5% to 10%.  Lee Donjoo, senior vice president of the company’s mobile communications division, told Bloomberg this week


  1. Anonymous
    January 31, 16:32 Reply

    Wow i wonder who paid Lookout for their endorsement.  Hey Lookout, it is malware any way you try to spin it.  

  2. Al
    January 31, 19:01 Reply

    Just call it like it is guys, it’s malware.

Leave a Reply