A strange event today has a lot of Samsung Android owners rightfully worried about malware on the Android Market. We've received a raft of tips from users who have discovered an app titled "МТС Мобильная Почта" (MTC Mobile Mail) on their Samsung devices, an app they never installed and are finding it difficult to uninstall.
As near as we can tell, the issue appears to be this: Samsung has several pieces of software that it installs on it devices but that aren't in the Google Play store (for obvious reasons). However, every single Android app has an app name that identifies it on the Android system, in this case the "unique" name is com.seven.Z7, which identifies Samsung's email app. What appears to have happened is that Russian developer OJSC Mobile Telesystems gave that unique identifier to its "МТС Мобильная Почта" app, and so these Samsung devices were tricked into thinking it was an update to Samsung's email client. Since Google Play allows for automatic updating of all apps, it was installed on many devices appeared on the "My Apps" section within Google Play (see update below).
Unfortunately, we don't have a clear idea as to why this company gave this app that ID but don't believe that it had malicious intent by doing so — early indications from the folks at xda-developers indicate that the app is not a threat. For those of you steeped in mobile history, you may remember that Seven created popular email services for Windows Mobile back in the day, but now the company has moved on to providing those services as a white label, hence the com.seven.Z7 app id on Samsung's email app. It's possible (and likely, actually) that OJSC simply received the same white label service from Seven and the identical app name and signing certificate is an unfortunate mix up.
There are a couple of issues at play here. First, Google Play needs to be more intelligent about automatic updates for carrier-installed apps that are already on the phone, the fact that merely having the same App ID appears to be enough to get software installed via an automatic update is potentially a serious security problem (See update below). Second, although it doesn't appear that OSJC was acting maliciously, giving its email app the same App ID as one already in very common use was a mistake — although to be fair that App ID wasn't yet in use on the Google Play store, only within Samsung's own ROM. Then again, this is not the first time that this issue has cropped up.
Right now, it looks like that the process for removing the app may require some Android hacking skills, but we have reached out to both Samsung and Google to get more details. In the meantime, "МТС Мобильная Почта" has been taken down from the Google Play Store. We'll let you know when we hear more.
Update: As we suspected, Seven seriously erred in giving the same App ID and signing certificate to two different apps, and that's the core problem. We spoke with Google, who provided some clarification on what happened here. Google says that there was a bug that caused the Russian version of the mail app to erroneously appear in the "My Apps" section of Google Play for a large number of Android users. However, Google says that it disabled the app some time ago, so it was never actually installed on any devices. Google is currently working on a fix for the "My Apps" issue.
Thanks to everybody who sent this in!
Comments
I wondered where that came from.
By aj.35nla on 03.26.12 6:13pm
OK people need to relax, this app came pre-installed on my factory SGSII from BELL mobility. it is completely harmless. quick google search can confirm all of it.
By Micr0b3 on 03.26.12 6:52pm
Also, to stem the tide of misconception, it appears that both apps were made by the same developer, using the same namespace, and using the same signing key.
This is an issue on Seven’s and Samsung’s part, but mostly the former. Google Play was operating normally.
By StayCalmCarryOn on 03.26.12 11:46pm
The intent of the manufacturer of the app is clear. They wanted to install their crap app (which I may tell as Russian, it’s a carrier-specific mail that nobody gives a damn about) on all Russian Samsung phones, and they didn’t give a fuck about anything else.
The app itself is mostly harmless but the intent of its manufacture is quite malicious. I hope Google will do something to fix this and disallow this kind of trick. Otherwise someone would inevitably want to do it again.
By QJ on 03.27.12 6:07am
From the update above, and actually reading the rest of the article, I’d say you’re wrong.
By XCMeathead on 03.27.12 8:13am
From the info I have here I’m also wrong :) but it’s different from the update.
Seven has provided some 3rd-party morons with the sources and the certificate and those are accustomed to thinking with their hind parts so they put the app to Play without checking or any second thought. End of the story.
By QJ on 03.27.12 11:17am
Meanwhile, in the comments section
By bilalakhtar on 03.26.12 6:14pm
No kidding. Google releases a buggy service? Shocking! This should be interesting.
By CaptainCanada on 03.26.12 6:20pm
Pretty sure it’s more of Samsung’s fault than Google’s.
By bilalakhtar on 03.26.12 6:29pm
Yep, someone used their signature key to sign the app, thus making it identical to the other app in the eyes of Google Play.
By StayCalmCarryOn on 03.26.12 11:41pm
It’s Samsung, not Google.
By redbullcat on 03.26.12 7:01pm
Except its not a bug. If an app is published with the same id, a newer version number, and signed with the same certificate, its going to update if you have auto update selected.
By magicman0 on 03.26.12 7:56pm
I have heard so many complaints about Google Play Store, and this one is the worst. I’m not sure what Google is trying to offer to customers with this crappy slow buggy store app that does not even function properly.
By henrykkim on 03.26.12 6:18pm
It’s still the best app store when it comes to app discovery. And to a lesser extent, content.
By bilalakhtar on 03.26.12 6:19pm
Best content?! Ahahahaha. That’s funny.
By boyhowdy on 03.26.12 6:25pm
And to a lesser extent
I meant it’s not better than the iTunes app store, but still better than any other store that exists right now.
My point about app discovery is still valid, though.
By bilalakhtar on 03.26.12 6:28pm
Thanks for the clarification. I read it as “their app store is still the best, but not by as much of a wide margin.”
By boyhowdy on 03.26.12 6:32pm
That is technically what he said.
By jonmilani on 03.26.12 6:40pm
This is Samsung’s problem, not Google’s. Get your facts straight.
By jwoglom on 03.26.12 7:19pm
In Soviet Russia, Apps load you!
By mikemakin50 on 03.26.12 6:19pm
+1
By numberoneoppa on 03.26.12 9:24pm
I was hoping somebody would say this :D
By Whatyousayin on 03.28.12 4:40pm
In Soviet Russia, YOU install the email app.
By erikschmidt on 03.26.12 6:19pm
got ninja’d. Now I look silly and immature.
By erikschmidt on 03.26.12 6:20pm
No biggie, schmidt happens
By DavyW on 03.26.12 7:38pm