by Thomas Brady

There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

Regarding 21 popular free Android apps that have been compromised with malware. How popular? Combined they’ve been downloaded fifty to two hundred thousand times in four days since this compromise was uncovered.

Source: Android Police via Daring Fireball.