Google removed 10 mallware apps - I'm affected. Please help

156 views
Skip to first unread message

n.a

unread,
Jun 14, 2011, 4:58:40 AM6/14/11
to Android Discuss
Hello Guys and Google,
I'm the developer of the most popular flashlight application on the
Android Market - Tiny Flashlight + LED (over 6.5 million downloads,
top 50 in the overall applications ranking).

Today I found that Google have deleted my developer account without
any notice and removed Tiny Flashlight from the market. I saw the news
that Google removed 10 malware apps from the Android Market (
http://phandroid.com/2011/06/14/google-removes-10-new-malware-apps-from-the-android-market/
) and decided to write you.

Seems like I've been affected by this and I hope this will be resolved
soon, because I have invested a lot in Tiny Flashlight. For the one
year since Tiny Flashlight has been released, I've managed to create
one of the best android applications on the market. Although a
flashlight application seems easy to create, it's actually quite hard
on android, because the different hardware vendors have different
camera drivers and this requires a lot of workarounds just to start
the camera led / flash. This takes a lot of time and investment. In
the last 4 months alone I had to buy over 20 different android
devices, spend huge amounts of time finding a way to start the led on
these devices and making the whole process trouble-free for the user.
I've also gone a step further. Tiny Flashlight is one of the few
applications, which supports all android versions on the market - 1.5,
1.6, 2.1, 2.2, 2.3, 3.0, and 3.1. It's the only flashlight
application, which still works on Motorola Quench / i1 / Backflip (all
Android 1.5).

Tiny Flashlight has become my primary source of income and the
investment I've made is huge. Every single line of code has been
written by me (except the Admob, Millennial Media, and Flurry SDKs,
but I think they are respectable companies and would never allow any
malware in their distributed SDKs).

I just can not afford to make the tiniest mistake with Tiny
Flashlight, because it's one of the top applications on the market and
I have over 4 million active users and I've invested my life into
this.

I’m angry that Google never contacted me. They just deleted the whole
account. I hope that they will fix it soon, before I lose my users and
ranking position.

http://www.appbrain.com/app/tiny-flashlight-led/com.devuni.flashlight

Paul Selormey

unread,
Jun 14, 2011, 5:10:08 AM6/14/11
to android...@googlegroups.com
Hello n.a,

It is really bad Google is not doing anything to control the market.
However, if you want people to take you serious try using something
better "n.a" for your name.

Best regards,
Paul.

> --
> You received this message because you are subscribed to the Google Groups "Android Discuss" group.
> To post to this group, send email to android...@googlegroups.com.
> To unsubscribe from this group, send email to android-discu...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
>
>

Al Sutton

unread,
Jun 14, 2011, 5:11:37 AM6/14/11
to android...@googlegroups.com
Mailing to this list is unlikely to get a response from Google, but we (on the list) are grateful for you sharing your experiences.

Al.
--
T: @alsutton W: www.funkyandroid.com

The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries.

John Coryat

unread,
Jun 14, 2011, 11:27:22 AM6/14/11
to android...@googlegroups.com
The Android market is sounding more and more like AdSense. AdSense is extremely secretive about their removal process and has a very cumbersome and somewhat ineffective appeal process. I would have hoped the Android market would be more forgiving.

This action is quite worrisome for developers. Who can tell what the next group of apps to be removed will be? I'm investing a lot of time and effort into bringing the next version of our most popular app online (with in-app billing) and the thought that it could be removed with the action of a non-thinking and error prone robot is quite disturbing.

It would be nice if Google would publish the process of appeals for app removal so developers would know what to do if they are subject to this action.

-John Coryat

Linux Box Solutions

unread,
Jun 14, 2011, 11:31:43 AM6/14/11
to android...@googlegroups.com, android...@googlegroups.com
Lol goodluck with this just make sure your app doesn't come up as malware in other software 

www.Krzyview.com

--
You received this message because you are subscribed to the Google Groups "Android Discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/android-discuss/-/iqAN108wk2gJ.

Tim Mensch

unread,
Jun 14, 2011, 1:24:45 PM6/14/11
to android...@googlegroups.com
On 6/14/2011 3:10 AM, Paul Selormey wrote:
> It is really bad Google is not doing anything to control the market.
> However, if you want people to take you serious try using something
> better "n.a" for your name.

In the AppBrain link he provided, his name is listed as Nikolay Ananiev.

If the Flashlight app didn't have any malware in it, then it would be
good to know what it WAS doing that they might have suspected was malware.

So Nikolay, I looked at the information that is available about the
exploits; was your app dynamically downloading any Java/Dalvik code? Did
it start a background service?

Also, is your web site really supposed to only have a single link to
PHPPDO, and nothing else? The AppBrain page links to that site as the
"Official Page," which makes me think that you intended to have more
content there?

Tim

Peter Sinnott

unread,
Jun 14, 2011, 6:24:50 PM6/14/11
to Android Discuss
Sorry to hear about your trouble.
If you have a way to get info to your current users maybe they could
report the app as missing using
http://www.google.com/support/androidmarket/bin/request.py?contact_type=market_phone

John Coryat

unread,
Jun 14, 2011, 7:18:49 PM6/14/11
to android...@googlegroups.com
This same topic is on the developer's forum. Looks like n.a. used keyword stuffing and that's probably why he got deleted. Bummer, but when you agree to something, it's probably a good idea to read what you've agreed to with understanding AND FOLLOW IT!

Hey, I learned that lesson back in 1986 by violating a non-compete. Hard and painful too.


-John Coryat

Al Sutton

unread,
Jun 15, 2011, 2:51:03 AM6/15/11
to android...@googlegroups.com
Would have been nice if someone from Google would have warned him. Its things like that that put people off Android Market, AdSense,.....

Al.
-- 
T: @alsutton W: www.funkyandroid.com

The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries.

--
You received this message because you are subscribed to the Google Groups "Android Discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/android-discuss/-/Szt9Yj2w1IsJ.

Brandon Newsome

unread,
Jun 15, 2011, 8:59:29 PM6/15/11
to android...@googlegroups.com
Nikolay your app seems to be fine on my phone ... I just noticed you sent an update for it. Were you successful in reaching Google?
--
Sincerely,
Brandon N

Paul Selormey

unread,
Jun 15, 2011, 10:30:37 PM6/15/11
to android...@googlegroups.com
From his post on the developer list, the application is restored.

This is the list of keywords he entered for his application...

"Torch, Light, Camera, Flash, Color, Dark, Bright, Brightness,
Brightest, Lights, Signal, Find Keys, Screen, Effects, brightest
flashlight, Emergency, Warning, Police, brightest led flash,
DroidLight, Maximum, Backlight, Best, Great, Fun, Cool, Coolest,
Widget, led flashlight, led flash, led light, brightest led
flashlight, camera light, color flashlight, color flash, tesla, bright
light, brightness, flash camera, flash, cam light, screen light, light
effects, simple flashlight, search, screen brightness, brightest app,
max brightness, maximum brightness, dark, darkness, police light,
emergency light"

It seems some of these guys are abusing their freedom, daring even Google
with the keyword "search"! A little price paid and a lesson for others.

Best regards,
Paul.

n.a

unread,
Jun 16, 2011, 2:57:54 AM6/16/11
to Android Discuss
Yes, the account and the application has been restored.
Google contacted and said this:

"Your account came under review during an investigation where
individuals spoofed some of your developer details in order to
obfuscate detection. Please be assured it is not malware related, and
we have introduced protocol to prevent such an interruption in the
future. We apologize for any confusion due to this investigation."


Seems like someone used my market details to do some bad stuff. I’m
happy everything resolved fast and the best part is that they’ve
taken
measures to prevent this in the future.

Tim Mensch

unread,
Jun 16, 2011, 3:09:05 AM6/16/11
to android...@googlegroups.com
I always thought it odd that anyone could effectively have an
application id com.google.blah.blah if they wanted; I wonder if it was
nothing more than them using com.nikolay.app...

Thanks for the update, regardless. Hope it didn't hurt your market ranking.

Tim

String

unread,
Jun 16, 2011, 8:09:34 AM6/16/11
to android...@googlegroups.com
On Thursday, June 16, 2011 8:09:05 AM UTC+1, Tim in Boulder wrote:

I always thought it odd that anyone could effectively have an
application id com.google.blah.blah if they wanted
 
That's an excellent point. Ideally, registering an app for sale should require you to give an email address at the domain being used in the package name, and the app doesn't go live until you click on a link in an email sent to that address. Wonder if someone should suggest that b.android.com...

String

Peter Sinnott

unread,
Jun 16, 2011, 12:05:01 PM6/16/11
to Android Discuss
That seems a little silly to me. Anyway I hope whatever new protocol
they invent at least includes emailing the person involved.

Linux Box Solutions

unread,
Jun 16, 2011, 12:38:59 PM6/16/11
to android...@googlegroups.com, Android Discuss
You app name does not have to reference a domain name

www.YouTube.com/user/linuxboxsolution
www.Krzyview.com
www.Email-Marketers.com

Mike Wolfson

unread,
Jun 16, 2011, 4:15:10 PM6/16/11
to Android Discuss
...and for many apps, there is no need for a web component, thus there
would not be a matching domain.

A little off the subject, but still relevant. I find it troubling
that any user could upload an app with the same Application name (not
package name). The malware attack from a few months ago (the
"DroidDream" one) was an example of this. The malicious developer
uploaded a lot of apps with the same name as popular apps, in hopes
that consumers would search, then mistakenly download their infected
app.

I worry about this, as I have spent a lot of time creating a "brand"
and it could very easily be hijacked by another user (or competitor
trying to benefit from searches for my app).

I could Trademark my name, but this is prohibitively expensive.

It would be great, if the Market could provide a "Verified Account"
designation or something to ensure "spoofers" aren't able to take
advantage of this loophole.



On Jun 16, 9:38 am, Linux Box Solutions <linuxboxsoluti...@gmail.com>
wrote:
> You app name does not have to reference a domain name
>
> www.YouTube.com/user/linuxboxsolutionwww.Krzyview.comwww.Email-Marketers.com
>

c beck

unread,
Jun 16, 2011, 6:15:13 PM6/16/11
to android...@googlegroups.com
On Thu, Jun 16, 2011 at 3:15 PM, Mike Wolfson <mwol...@gmail.com> wrote:
<snip>

> I find it troubling
> that any user could upload an app with the same Application name (not
> package name).  The malware attack from a few months ago (the
> "DroidDream" one) was an example of this.  The malicious developer
> uploaded a lot of apps with the same name as popular apps, in hopes
> that consumers would search, then mistakenly download their infected
> app.

<snip>

> I could Trademark my name, but this is prohibitively expensive.

Even Trademarking your name would do no good past giving you authority
to sue the offender if you could figure out who they were. Unless...
Maybe The Google Market Team is actively policing for trademark
violaters in the market and that's what they do with all of their
time?

> It would be great, if the Market could provide a "Verified Account"
> designation or something to ensure "spoofers" aren't able to take
> advantage of this loophole.

I think this sounds like a great idea.

String

unread,
Jun 16, 2011, 6:18:45 PM6/16/11
to android...@googlegroups.com
Sure, I know that. My point is that maybe it should, as a way to exclude imposters trying to list an app under a fraudulent package name.

Of course, restricting duplication of app names would also probably be a good idea.

String

Mark Carter

unread,
Jun 16, 2011, 8:50:18 PM6/16/11
to android...@googlegroups.com
When you upload an app to Market, there could be a check to see if the package name starts with a domain name. If it does, and you haven't used that domain name before, the Developer Console could ask you to enter an email address from the same domain name and then send you a verification email.

If the package name does not start with a valid domain name then you wouldn't need to verify.

This wouldn't stop people using package names like com.gmail.fraudster, but it would stop com.mycompany.fraudster.

Another idea would be to "claim" a domain name. Once claimed, no other person would be allowed to upload an app with a package name starting with that domain name. This is more tricky because there would need to be a whole process behind someone illegally claiming a domain name like gmail.com! Maybe a threat of deleting their account would be enough.

anatoly

unread,
Jun 16, 2011, 10:25:51 PM6/16/11
to Android Discuss
Dup application names was a serious issue on Orkut in the past but now
they don't approve apps
with the names similar to existing.

They also delete live apps which change their names to become similar
to existing names trying to benefit from popular searches.

Maybe android team can benefit from the experience orkut team already
has.

If you invest time and money into building your unique brand it is
always good to officially trademark the app name.
Then you can use DMCA to try to remove all duplicates or similar names
from the market.




On Jun 16, 11:15 pm, Mike Wolfson <mwolf...@gmail.com> wrote:
> ...and for many apps, there is no need for a web component, thus there
> would not be a matching domain.
>
> A little off the subject, but still relevant.  I find it troubling
> that any user could upload an app with the same Application name (not
> package name).  The malware attack from a few months ago (the
> "DroidDream" one) was an example of this.  The malicious developer
> uploaded a lot of apps with the same name as popular apps, in hopes
> that consumers would search, then mistakenly download their infected
> app.
>
> I worry about this, as I have spent a lot of time creating a "brand"
> and it could very easily be hijacked by another user (or competitor
> trying to benefit from searches for my app).
>
> I could Trademark my name, but this is prohibitively expensive.
>
> It would be great, if the Market could provide a "Verified Account"
> designation or something to ensure "spoofers" aren't able to take
> advantage of this loophole.
>
> On Jun 16, 9:38 am, Linux Box Solutions <linuxboxsoluti...@gmail.com>
> wrote:
>
>
>
> > You app name does not have to reference a domain name
>
> >www.YouTube.com/user/linuxboxsolutionwww.Krzyview.comwww.Email-Market...

Felipemnoa

unread,
Jun 16, 2011, 11:54:58 PM6/16/11
to android...@googlegroups.com
There is a way to verify with google if you own a website. Just use that mechanism to verify you own your domain. 
Reply all
Reply to author
Forward
0 new messages