Android Threat Tackles Piracy Using Austere Justice Measures

[ampos]

(Check the original article for the images: http://www.symantec.com/connect/blogs/android-threat-tackles-piracy-using-austere-justice-measures)

Android.Walkinwat is the first mobile phone threat discovered in the wild that attempts to discipline users that download files illegally from unauthorized sites.

Figure 1 – Messages displayed by the Trojan

Presented as a non-existent version (V 1.3.7) of Walk and Text, an application that is available on the Android Market, Android.Walkinwat can be found on several renowned file sharing websites throughout North America and Asia. One could make the case that this app was intentionally spread in these regions by the creators of the threat in order to maximize the download prevalence and convey their message to as large an audience as possible, however one could also make the case the creator of Android.Walkinwat is attempting to undermine the publisher of Walk and Text.

Once running the app, the user is presented with a dialog box that gives the appearance that the app is in the process of being compromised or cracked, when in fact, the app is gathering and attempting to send back sensitive data (name, phone number, IMEI information, etc.) to an external server.

Figure 2 – What happens in the background

Additionally, the app sends out the following SMS messages to all the contacts in the contact list:

Figure 3 – SMS message sent to all contacts in the contact list

Interestingly enough, the Trojan performs the above set of actions in a routine of Android.Walkinwat called "LicenseCheck", something traditionally used by legitimate apps for license management in conjunction with a Licensing Verification Library available for the Android platform to help prevent piracy. The authors of the malicious code have taken an extra step to make sure that their app was obfuscated, which is another recommended measure to prevent piracy.

Figure 4 – The LicensingService and LicenseCheck routines

The app concludes with a final message to the user, reminding them to check their phone bill, as well as providing an option of buying the legitimate version of the app from the Android App market.

Figure 5 – Final message displayed by the threat

Although this isn't the first case of disciplinary justice being used as means to send a message against piracy, this is the first of its kind discovered on the mobile landscape

[Leginus]

Would it be bad of me if some part of me approved this 

[Wampus]

Would it be bad of me if some part of me approved this 

Heh, revenge is sweet. The problem is this anti-piracy app will be about as effective as slapping someone in the face to stop them getting angry.

There is a good reason anti-piracy advertising changed from messages like, "Stop criminal scum, we're going to break you" to "Please don't pirate stuff, it makes nice people sad".

[Ian Price]

I put some code in my iPhone game B'lox! about piracy. I wonder if any pirates actually saw it.

[Leginus]

I would guess  not.  Its not like the old school hacking that we used to do on c64...erm....that some people used to do   it is basically a script or tool that is used on apps from appstore.  i forget the name of it, but I did research it a little while ago.  Therefore, they would not need to view your code

[erico]

but don't worry if they ever pirate it, will be more underground propaganda!

[doimus]

Exactly, don't worry about those 99% pirates but make millions on those 1% who pay.
That's how the big boys do it, EA & Co.

Last game company I worked for did casual games for a publisher. Both the company and publisher lived and profited from 2% conversion rate.
That's how many people bought the game in comparison to how many just downloaded demo from legit sites! Add pirates to that and rate probably gets waaay below 1%!

[Leginus]

That's decided then. Next app is £49.99

[Wampus]

Exactly, don't worry about those 99% pirates but make millions on those 1% who pay.
That's how the big boys do it, EA & Co.

Last game company I worked for did casual games for a publisher. Both the company and publisher lived and profited from 2% conversion rate.
That's how many people bought the game in comparison to how many just downloaded demo from legit sites! Add pirates to that and rate probably gets waaay below 1%!

That's bad! On the bright side there are games like Minecraft that we might look to for encouragement. Of the people who've registered to play it roughly 30% of them ended up buying the full game. 

[doimus]

Well, if three companies (developer, publisher, portal) manage to profit on 1% conversion rate from a $7 game - I think that's acually good!

It's just the matter of how you set your business model. If you set on to make profit from 1%, then 2% might make you rich!
But if you set on to make new Mine/War-craft and it then flops, you're screwed!