App Inventor Enables the Easy Creation of Malicious Apps

In today’s increasingly connected society, heaps of new mobile apps are cropping up every day. It no longer takes a technical degree or programming background to create and deploy a mobile app. Android is well known for being an open and accessible platform that any mobile app developer can use. With this reputation in mind, it’s no wonder that MIT built an App Inventor online tool for Android developers. The tool allows anyone to easily drag-and-drop a variety of widgets in order to create their own, personalized Android app.

Unfortunately, App Inventor has caught the attention of some cyber users with criminal intent, who have since built malware directly into the tool. That means that novice-level malware authors can now create a Trojanized app.

Once attackers have created these Trojanized apps, they spread them around using a combination of phishing links and file sharing services. As soon as users open the phony apps on their phones, the apps start carrying out nefarious activities. Even worse, they are often developed to automatically begin downloading additional malicious apps once they are installed.

While App Inventor doesn’t give malicious apps any special powers, it does make the production of Trojanized apps incredibly easy. Because of it, anyone with a basic understanding of Android programming can quickly churn out tons of malicious apps. As I have covered before, Trojanized apps attempt to scam users by forcing them to pay fines, searching for and stealing their mobile banking information, or sending unwanted and costly premium text messages to their contact lists.

With all of these bad apps running rampant, here are some simple, yet effective, tips you can use to protect your mobile device against app security threats:

  • Use comprehensive security software on your mobile device. The sad truth is that malicious apps are not going away anytime soon. So, having security installed on your mobile device that helps protect your privacy and identity is a must. McAfee® Mobile Security is free for both Android and iOS, and it offers a variety of protections, including ones to help Android users dodge Trojanized apps.
  • Avoid downloading apps from third parties. By taking this one simple step and only downloading apps from trusted online sources like Apple App Store and Google Play, you can significantly lessen your chance of downloading a malicious, Trojanized app.
  • Don’t open a link or file from someone you don’t know. Whether you receive a link or file through email, social media, or text message, it is always best to avoid opening attachments from unfamiliar senders.



Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top