Android apps 'open to snoopers'

Powered by SC Magazine
 

Report finds lax security on the Android Market.

One in five applications available for Android handsets could expose user data to third-party hackers, according to a new report from security vendor SMobile Systems.

The company said that the openness of the Android Market benefits developers but may present enterprise users with problems if they download a vulnerable application.

"Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and publish an application to the Market's consumers," said the Threat Analysis of the Android Market report (PDF).

Google's application store relies on self-policing to guard against vulnerable apps, which SMobile believes can leave a window of opportunity for attackers to exploit as developers struggle to fix problems.

"This presents the opportunity to easily defraud innocent consumers for financial gain. Financial gain drives the paradigm of information security, and attackers now see consumer and enterprise smartphones as targets," the company said.

"Since today's smartphone devices are the equivalent of mobile computers, it is logical that attackers have expanded their focus from PC-based malware to smartphone malware, and an open application repository lends itself to these types of attacks."

In January this year, Google was forced to remove a rogue application disguised as an authentic banking app from its Android Market app store after it turned out to be a phishing scam.

SMobile also warned that many Android Market applications contain information that is susceptible to exploitation.

"One in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes," the report said.

"One out of every 20 applications has the ability to place a call to any number without interaction or authority from the user."

Twenty nine of the applications, a small percentage of the 48,694 available, are detected and categorised as spyware by SMobile, while eight include a feature that could allow a remote user to damage the device.

Three per cent of the apps looked at by the SMobile survey could even send high-priced text messages without user authorisation.

Copyright ©v3.co.uk


Android apps 'open to snoopers'
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 853

Vote