BBM for Android? 100,000 users duped into downloading fake app

Do you want BBM (BlackBerry Messenger) on your Android phone?

Earlier this year, BlackBerry CEO Thorsten Heins announced that BBM will be going multi-platform sometime in 2013 and becoming available to iPhone and Android users.

Heins’s troubled phone company is clearly banking on BBM, which is beloved by instant-messaging teenagers, being one of its stronger assets and that a strategy of opening up the service to more platforms will be better for the firm’s future than forcing anyone who wants it to buy a BlackBerry smartphone.

BBM is coming to Android and iOS

Sign up to our free newsletter.
Security news, advice, and tips.

So, you can imagine the excitement when Android users saw a new app in the Google Play store: “blackberry messenger bbm” from RIM.

Alarm bells should have rung immediately, as RIM is the BlackBerry company’s former name. But that didn’t stop over 100,000 people from downloading the app, which displayed a screen saying it wouldn’t start working until June 27 and then asked the user to grant permission for the StartApp advertising network to install icons and bookmarks onto your Android phone.

BBMIn short, more than a hundred thousand people were duped into installing adware that will put money into the pockets of scammers who simply stumbled across the simple plan of pretending their app was the hotly-anticipated BBM for Android.

Malware is a far far far bigger problem on the Android platform (I could have put a few more “far”s in there) than on iPhone, and part of the reason of that is the tight control Apple exerts over what iOS apps are allowed to grace its App Store.

The hipsters who run the Google Play marketplace, on the other hand, are a lot more free-and-easy about things than their Cupertino counterparts. Yes, they do try to weed out unsavoury Android apps, but it’s nothing like the iron fist that Apple applies.

The rights and wrongs of the differing approaches are a topic for another day, but one thing is clear: Apple has almost completely avoided malware affecting millions of iPhone and iPad users, but the Android platform has become strongly associated with money-making malicious apps.

Most Android users assume that if an app is in the official Google Play store, it must be safe to install on their phone. The truth, sadly, is rather different.

Take care over what apps you install, read the app’s reviews and check that you are familiar with the developer. Ultimately, you get to decide what apps get to run on your Android phone.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.