Android apps 'open to snoopers'

Powered by SC Magazine
 

Report finds lax security on the Android Market.

One in five applications available for Android handsets could expose user data to third-party hackers, according to a new report from security vendor SMobile Systems.

The company said that the openness of the Android Market benefits developers but may present enterprise users with problems if they download a vulnerable application.

"Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and publish an application to the Market's consumers," said the Threat Analysis of the Android Market report (PDF).

Google's application store relies on self-policing to guard against vulnerable apps, which SMobile believes can leave a window of opportunity for attackers to exploit as developers struggle to fix problems.

"This presents the opportunity to easily defraud innocent consumers for financial gain. Financial gain drives the paradigm of information security, and attackers now see consumer and enterprise smartphones as targets," the company said.

"Since today's smartphone devices are the equivalent of mobile computers, it is logical that attackers have expanded their focus from PC-based malware to smartphone malware, and an open application repository lends itself to these types of attacks."

In January this year, Google was forced to remove a rogue application disguised as an authentic banking app from its Android Market app store after it turned out to be a phishing scam.

SMobile also warned that many Android Market applications contain information that is susceptible to exploitation.

"One in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes," the report said.

"One out of every 20 applications has the ability to place a call to any number without interaction or authority from the user."

Twenty nine of the applications, a small percentage of the 48,694 available, are detected and categorised as spyware by SMobile, while eight include a feature that could allow a remote user to damage the device.

Three per cent of the apps looked at by the SMobile survey could even send high-priced text messages without user authorisation.

Copyright ©v3.co.uk


Android apps 'open to snoopers'
 
 
 
Top Stories
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
Will Nutanix be outflanked before reaching IPO?
VMware muscles in on storage startup in hyper-converged infrastructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  67%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 578

Vote