AndroidOS.Tapsnake: Watching Your Every Move

A few days ago we came across an interesting application in the Android Market, which we’ve decided to detect as AndroidOS.Tapsnake. Why are we detecting this? A cursory read through the description doesn’t tell us much, other than it’s a spin on the classic “snake” video game, which dates back to the 1970s:
"Yet another modification of the Google Android Snake game. This one listens to the taps for its turn directions." 
Sure enough, after downloading and registering the game it plays as you might expect it to:

However, the Android “satellite” icon appeared in the top menu bar while the game was running, indicating that GPS data was being acquired. What was requesting this data? Well, it was a Trojan included with the game, which then uploads data to a remote server, allowing another person to monitor the location of the phone without the knowledge of the user.
In order to receive the GPS coordinates, a second, paid-for application called "GPS Spy" must be installed on another Android device. In this case, the developer describes it as an application to track another mobile:
"Download and install the free Tap Snake game app from the Market to the phone you want to spy on. Press MENU and register the app to enable the service.  Use the GPS Spy app with the registered email/key on your (continue reading...)