Here is an article about how a Trojan for Android works by Dinesh Venkatesan. (This article was posted with full permission from the original author.)
I have observed another piece of Malware for Android platform that tracks the physical location of the victim mobile phone.
This Malware, known as TapSnake, doesn’t appear to be financially motivated, but it certainly is a threat to privacy. By tracking the physical location of the phone, the attacker can track the whereabouts of the phone’s owner.
TapSnake requires manual installation of by the victim to get installed, and in classic Trojan tradition, the threat masquerades as a game. Fig.1 shows the application installed in a controlled environment.
Once, the user invokes the game, it turns up the following gaming interface [Fig.2].
While nothing seems malicious so far, in the background, the application registers a LocationListener object that sends a message about the location of the victim. The following code taps every locationChanged event [Fig.3]
The logic in this case is mostly simple. The payload component registers an event handler that gets triggered for every location change event, and the definition of the event handler is responsible for tracking the victim [Fig.4].
As always, we request the users to be cautious while installing any untrusted application. Even if the application is trusted, the user should be paying attention to the access requests the software requests to access upon install.