A programmer who calls himself Ã‚Â 09Droid has illuminated security concerns sure to come into sharper focus Ã‚Â as the tech giants and theÃ‚Â financial services industry make their move toÃ‚Â extend Internet banking to mobile devices.

Antivirus supplier F-Secure says 09Droid offered more than 50 mobile banking applications for sale through the Android Marketplace. But Google on Monday pulled the apps. It seems several banks for whom 09Droid took the initiative to write the apps for issued warnings not to use them. F-Secure Chief Research Officer Mikko HyppÃƒÂ¶nen says no one in the security community has seen an actual copy of 09Droid’s first-of-its-kind banking app. So it could simply be a cheapo program, sold for 99 cents, that redirected users to the bank’s online bank website.

On the other hand, 09Droid could have programmed in stealthy code to silently steal account logons. The point is, no one checked, and he did sell some number of apps prior to having Google yank them.

HyppÃƒÂ¶nen notes that Android apps at present do not go through approval process, unlike apps available through the iPhone App Store or through Signed by Symbian programs.

As a general rule of thumb he recommends avoiding any third party banking apps on any platform unless you know for certain it is expressly approved by your bank.

To date F-Secure has not seen any malicious apps sold through iPhone App Store, Palm App Catalog, Ã‚Â BlackBerry App World or Windows Mobile Marketplace. However, the security company has seen the Ã‚Â “Signed by Symbian” certification process subverted a couple of times.

By Byron Acohido

January 11th, 2010 | Imminent threats