Aug. 2, 2011 at 1:51 PM ET
What if your beloved phone suddenly turned against you and began recording your calls without your knowledge? If you get tricked into downloading a nasty piece of Android malware, it just might.
According to researchers at CA Technologies, this latest Android security threat is significantly more advanced than previously seen Trojans — which merely snooped on text-based details such as call duration or incoming/outgoing call logs — and takes steps to record and build an archive of your actual phone conversations.
The malware basically cajoles users into allowing it to be installed by behaving like a legit Android app, creates a "configuration" file for itself so that it can operate properly, and then starts spying on you the instant you make an outgoing call.
Phone calls are recorded as AMR files — AMR is a file format frequently used for storing spoken audio — and placed directly onto your device's SD card into a freshly created directory called "shangzhou/callrecord." There aren't details regarding what happens once the audio files are saved. The folks at CA Technologies don't elaborate on whether the malware attempts to send the recording anywhere, but it wouldn't be surprising if this was a "feature" built into this or future versions of the Trojan.
The creepy speculation aside, what can you do to protect yourself and keep your phone from spying on you? Not too much beyond what you should already be doing: Following the advice of good ol' Mad-Eye Moody of Harry Potter fame and staying "always vigilant!"
Pay close attention to the apps you install on your mobile device and make sure that they're coming from a trusted source. Are they requesting you to grant broad permissions? Don't download any apps that aren't already getting lots of downloads and reviews — the more obscure the app, the more potentially dangerous. And if you're interested in some unfamiliar or niche app that may not be very popular, do some research. After all, a quick Google search never hurt anyone.