Andy McKay

Aug 27, 2010

Rogers My Account - Malware?


Rogers has a "My Account" app in the android market [1]. Now this app does the following:

Rogers My Account provides secure access to your account right on your iPhone. View your account balance, make a payment, check your wireless usage and manage your services like MY5, RBT and ETM, all on the go.

Cool. These are all features available in their website, so it would just be a nice native interface with a few back end REST calls? Well it's Rogers and "enterprisey" so it's likely more complicated than that.

Now if I was to get this on the Apple store it would be vetted by Apple. Of course, its App Store vetting that gets all those developers frothing and foaming at the mouth - but you could trust the app.

On the Nexus One, before installing it, here's the list of permissions it needs [2]:

Your messages » edit SMS or MMS, read SMS or MMS
Network communication » full Internet access
Your personal information » read contact data
Phone calls » read phone state and identity
Services that cost you money » send SMS messages
System tools » change network connectivity, retrieve running applications

That's right, they need to send SMS's, read all your apps and contact data, edit SMS's etc. Why? There's no explanation on the Rogers website. Can you trust this app?

Given the lack of information and the lack of vetting, I'm just saying no to these apps.

  1. which I would happily link to if the android market had a search functionality. Or showed more than a "highlight" of apps. Here's the link to the unhelpful Rogers page.
  2. which I would happily take a screenshot of, but to take a screenshot of a Nexus One I need to download the Android SDK.