First off, no, we're not trying to be sensationalist. And I'll admit up front that we're a bit light on details at the moment, but we've got a guy who is a professional, seasoned coder, and that's not the type of guy whose opinion you ignore. With that said: yes, we really think that we found something worse.
Among the flood of (mostly) related security/piracy tips we received in the wake of the DroidDream discovery was something that was worth a closer look: two more developers who were putting up more stolen apps. While that's unfortunately normal enough, what isn't is that their apps are highly obfuscated ("garbled") and encrypted - hiding something.
In other words, somebody has taken code that was more or less in English, translated it to Latin, and then scrambled it. Thoroughly. Justin's no novice; he's quite good at developing, and even better when it comes to security. And even he's having serious trouble getting in and seeing what's going on, at least without devoting a serious amount of time and energy to it (according to him, it would take a few days). What he does know is that it's started a timer, and it's counting down to something, though what that could be is anyone's guess. Justin is willing to bet that once the time is up, it will extract and execute the payload. Whatever it is though, it's almost certainly not a good thing.
So, once again, I'll say that we obviously don't have a ton of details. Now you know why, though - an app that has been stolen, republished, encrypted, obfuscated, and starts a timer once installed. As the expression goes, if it walks like a duck, quacks like a duck, looks like a duck... well, it's probably a duck.
Before writing this, Justin once again pinged his guy at Google, Android Security, and contacted the security companies who had been in touch with us earlier (Symantec, Lookout, F-Secure, and Samsung).
Google and the security world were impressively fast to reply beforehand (and XDA wasn't far behind). Let's hope they're quick to the rescue once again.