Lurking amid the flood of games, tax guides and other mobile applications being downloaded onto mobile devices using Google's popular Android software is a fast-growing array of apps that can slap the gadget's owner with unanticipated fees, rifle their bank accounts and cause untold other grief.
Known instances of Android-related malware -- "virtually all" involving apps -- have jumped steadily month by month from 400 in June to 15,507 in February, according to Sunnyvale, Calif., security firm Juniper Networks. So far, hundreds of thousands of phones and other devices have been infected. And although Google says it is working to block the malevolent downloads, experts fear what may be coming.
"I see the problem getting significantly worse before it gets better," said Dan Hoffman, who heads Juniper's mobile research center. "We're very much in the infancy of this right now."
Proliferating at a remarkable rate and offering everything from puzzles, music and videos to cooking tips, weather information to fantasy baseball, apps have fueled the global adoption of smartphones and other mobile devices in recent years. But security specialists say these programs also have spawned a dark cottage industry that is poisoning the Android market and posing an increasing threat to the public.
Apps for Apple devices can also be targeted, but security experts say that in general, they are more secure.
In August, San Francisco-based Lookout Mobile Security reported that "an estimated half-million to one million people were affected by Android malware in the first half of 2011," all from apps.
Some experts say the biggest problem is in other countries, where apps frequently are downloaded from unofficial Android websites. Some of those sites have been cleverly designed to look just like Google's official site, formerly called Android Market and recently renamed Google Play.
But U.S. consumers also have been victimized, and Lookout has recently determined the likelihood of downloading an infected app in this country has doubled since the report came out.
Another security company -- Trend Micro of Japan, which has U.S. headquarters in Cupertino, Calif. -- identified "more than 1,000 malicious Android apps" last year, 90 percent of them on Google's site, which boasts more than 400,000 apps. Noting that the number of bad apps grew last year at 60 percent a month, Trend Micro has estimated the total this year "will grow to more than 120,000," though it's unclear how many of those might wind up on the Google site.
"There's definitely a worry out there," said Jon Clay, a Trend Micro security technology expert. "The bad guys have found a new environment to gain revenue, so they are going to start exploiting it more and more."
In a blog last month, Google disclosed that "for a while now" it has been using a feature called Bouncer to screen out malicious apps. As a result, the blog said, "we saw a 40 percent decrease in the number of potentially malicious downloads" from Google's site.
However, the company declined to answer a number of questions the San Jose Mercury News submitted to it about the bad apps it has detected.