The VICE Channels

    In the Vacuum of Flappy Bird, Malware-Laden Clones Arise

    Written by

    Derek Mead


    Image: FlappMMO

    Flappy Bird creator Dong Nguyen said he killed his superstar app because it was "addictive," a comment that seemingly runs antithetical to the entire concept of mobile gaming. But the suggestion that Flappy Bird users are addicted seems apt, especially with the news that a flock of malware-laden copycat apps have popped up to give ex-Flappers a low-grade fix.

    According to researchers at Trend Micro, Android-based Flappy Bird clones are "especially rampant in app markets in Russia and Vietnam," and look exactly like the original. The scam they run is pretty straightforward: the new apps require permission to send text messages—something the real Flappy Bird didn't require—and use that newfound power to send texts to premium numbers that charge the subscriber a fee.

    Fake Flappy Birds ask to read and send texts. Image: Trend Micro

    Basically, the Flappy Bird schemes Trend Micro found capitalize on the same transaction system as those ridiculous "joke of the day" services that charge $0.99 a message. But in this case, users might not realize they're being charged—the malware can hide text notifications. Because the malware can also connect to command-and-control servers through Google's cloud service, the security researchers also note there's a risk to user data. 

    Another report from security firm Sophos goes into more detail. (Hat tip to The Next Web for that one.) The Flappy Bird clones found by Sophos researcher Andras Mendik worked in a similar fashion to those highlighted by Trend Micro—they're quite possibly the same—but Mendik explains that actually getting scammed requires a lot of faulty steps on the part of users.

    First, the app clones have to be sideloaded from unofficial Android marketplaces, which TNW's Emil Protalinski argues isn't much of a deterrent, but which Android gives a thorough warning against. (Hey, at least it's cheaper than a $90,000 used phone, right?)

    A screen like this should really be a warning sign. Image: Sophos

    From there, Mendik notes that the clone apps pop up a screen telling users that the trial period is over, and that they can send a text to a random number to get more playtime. If users fall for that, another Android warning appears to tell users they could be charged for sending a text from an app. Should Flappy Bird prove so addictive that a user flies past all those red flags... well, I'll let you make your own judgment.

    The meteoric rise of Flappy Bird will surely make for a killer case study in the apps world, where figuring out how to make an app go viral remains a lucrative dark art. Such potential is why clones are some rampant for any big game. Of course, it's rather unprecedented to see such a popular game disappear so quickly, leaving users looking for alternatives.

    There are already enough ridiculous Flappy Bird thinkpieces floating around out there, so I'll leave the tortured comparison to the drug war to someone else. But man, it's fascinating to think that the Flappy Bird vacuum has allowed a malware-laden crop of imposters to spring up in its wake.