Got Android? Then You Have Vulnerabilities Waiting To Be Exploited
Gotta love a nice open marketplace. One that lets anyone just throw anything onto it. So we know that one time someone created a banking app that actually sent your info to them. Not cool. But what if it turns out that it’s just the tip of the iceberg? SMobile Systems looked at over 48,000 applications available on Android’s market and found:
- 20 percent of applications in the Android market grant a third party application access to private or sensitive information that an attacker could use for malicious purposes, such as Identity theft, mobile banking fraud and corporate espionage;
- 5 percent of applications have the ability to place a call to any number, without requiring user intervention;
- Dozens of applications have the identical type of access to sensitive information as known spyware; and
- 2 percent of market submissions can allow an application to send unknown premium SMS messages without user intervention.
Man don’t you wish you had some real screening of these apps?:) To be fair, this is from a company selling security software. But between them and Google (you know, the company that is under investigation for illegally collecting personal data) it’s sorta hard to ignore them.
If nothing else, I think this gives some clues as to where things are headed. If the market remains as open as it is then this openness will be exploited – it’s inevitable. I know you guys love it nice and open, but just admit that you want someone watching out for your interests.
Well I’ve been using Windows Mobile for 4 years now, which we all know is as open or if not more so than Android, and I have never encountered a problem. I always read forums or reviews before installing a third party app, and I never provide sensitive information. People just need to use common sense here.
i think that’s the point. WM has had two vulnerabilities I know of with apps that were floating around the web. But none on Marketplace. Android’s marketplace has such relaxed standards that slipping something into an app seems simple enough and seemingly there’s nothing to prevent apps from doing a lot of potential harm and going into their marketplace. We presume markets are were apps that have been tested and certified belong but that’s not the case with Android.
In the immortal words of Sy Syms (for New York metro folks), “an educated consumer is our best customer”. Fortunately (but not good for market share) most WM users have been experienced users who approach most things, especially free things, with a bit of caution.
Not quite the same for Android, iPhone and probably many new WP7 users, so protecting a “newbies” best interests should be a pretty high priority. Guess it really sucks for Android Market users if they pay for something that ultimately compromises their personal info. That’s just wrong.
Congratulations! You have just won a new feed reader 🙂 .. really delicious blog, Mike.