Android apps 'open to snoopers'

Powered by SC Magazine
 

Report finds lax security on the Android Market.

One in five applications available for Android handsets could expose user data to third-party hackers, according to a new report from security vendor SMobile Systems.

The company said that the openness of the Android Market benefits developers but may present enterprise users with problems if they download a vulnerable application.

"Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and publish an application to the Market's consumers," said the Threat Analysis of the Android Market report (PDF).

Google's application store relies on self-policing to guard against vulnerable apps, which SMobile believes can leave a window of opportunity for attackers to exploit as developers struggle to fix problems.

"This presents the opportunity to easily defraud innocent consumers for financial gain. Financial gain drives the paradigm of information security, and attackers now see consumer and enterprise smartphones as targets," the company said.

"Since today's smartphone devices are the equivalent of mobile computers, it is logical that attackers have expanded their focus from PC-based malware to smartphone malware, and an open application repository lends itself to these types of attacks."

In January this year, Google was forced to remove a rogue application disguised as an authentic banking app from its Android Market app store after it turned out to be a phishing scam.

SMobile also warned that many Android Market applications contain information that is susceptible to exploitation.

"One in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes," the report said.

"One out of every 20 applications has the ability to place a call to any number without interaction or authority from the user."

Twenty nine of the applications, a small percentage of the 48,694 available, are detected and categorised as spyware by SMobile, while eight include a feature that could allow a remote user to damage the device.

Three per cent of the apps looked at by the SMobile survey could even send high-priced text messages without user authorisation.

Copyright ©v3.co.uk


Android apps 'open to snoopers'
 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 984

Vote