In my continuous hunt for new apps, I sometimes run into such obvious malware/crapware that it causes an immediate virtual gag reflex. Sometimes, however, this malware is cleverly disguised and to an unsuspecting user it may seem legitimate.
Here, have a look at what I found today:
If you briefly scanned this page, you may have missed the fact that the publisher's name is MicrosDft Corporation (in all caps), or that it's requesting a permission to directly dial phone numbers without your intervention, or that the website in the listing is msM.com.
Thankfully, the amount of 1-star user reviews is now starting to look alarming, but that wouldn't have been the case if you saw it right as it came out. What's even more worrisome is 10,000+ downloads and the amount of 5-star ratings, all of them undoubtedly either fake or created by unsuspecting victims.
So remember - always pay close attention to the details, do your due diligence, and be suspicious - otherwise you may end up giving away your personal information straight to rogue databases or find a few hundred dollars worth of premium calls on your next phone bill.
What You Can Do
So, what can you do when you spot a shady app like that?
Call [Android] Police
Flag As Inappropriate In The Device Market
Flag the app as harmful by pulling up the on-device Market and marking it as inappropriate (the Market then asks for a more detailed reason). Why Google doesn't build this functionality into the web Market is beyond me.
Note: The "Harmful to phone or data" option only shows up if you install the app first.
Report It On The Web
You can report apps on the web via this form buried somewhere deep inside Market support pages. Be prepared to fill out a bunch of info the Market should already know about you - come on, Google, do you really want to discourage your users like this?
Thanks to John Cassero for this tip!
Leave A 1-Star Review
Unfortunately (in this case), in order to leave a 1-star review, you need to actually install the app, quickly leave the review without starting it, and then quickly uninstall it. Do so if you feel especially adventurous today - your brethren will be forever grateful, but note that very theoretically the app could get triggered by something and run in the background after installation, so know the risks and be quick.
Note: Be sure you're leaving a 1-star review for an app you truly think is malicious. Don't hit an innocent dev by accident.
This PSA is brought to you by your local Android PD. Stay alert, folks.