Android apps 'open to snoopers'

By David Neal on Jun 24, 2010 6:40 AM
Filed under Software

Report finds lax security on the Android Market.

One in five applications available for Android handsets could expose user data to third-party hackers, according to a new report from security vendor SMobile Systems.

The company said that the openness of the Android Market benefits developers but may present enterprise users with problems if they download a vulnerable application.

"Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and publish an application to the Market's consumers," said the Threat Analysis of the Android Market report (PDF).

Google's application store relies on self-policing to guard against vulnerable apps, which SMobile believes can leave a window of opportunity for attackers to exploit as developers struggle to fix problems.

"This presents the opportunity to easily defraud innocent consumers for financial gain. Financial gain drives the paradigm of information security, and attackers now see consumer and enterprise smartphones as targets," the company said.

"Since today's smartphone devices are the equivalent of mobile computers, it is logical that attackers have expanded their focus from PC-based malware to smartphone malware, and an open application repository lends itself to these types of attacks."

In January this year, Google was forced to remove a rogue application disguised as an authentic banking app from its Android Market app store after it turned out to be a phishing scam.

SMobile also warned that many Android Market applications contain information that is susceptible to exploitation.

"One in every five applications request permissions to access private or sensitive information that an attacker could use for malicious purposes," the report said.

"One out of every 20 applications has the ability to place a call to any number without interaction or authority from the user."

Twenty nine of the applications, a small percentage of the 48,694 available, are detected and categorised as spyware by SMobile, while eight include a feature that could allow a remote user to damage the device.

Three per cent of the apps looked at by the SMobile survey could even send high-priced text messages without user authorisation.

1 comment in this discussion

"Maybe Google should develop or buy software that analyses Apps automatically and categorises them according to specific privacy/safety measures. The same software could also alert Google of Apps ..."

By ITnovice

Tags

android, applications, market, application, report, smobile

ATO commits to complexity

Review: Asus Fonepad

Google I/O tells strategy story

Telecom NZ to consolidate applications

Breaking Stories

Alacer Gold turns ERP refit project to Australia

NSW Govt bids for self-service analytics

NSW Police take aim at 3D-printable guns

Google faces new federal antitrust probe

US ISP to rip out Huawei equipment

Comments: 1

ITnovice

Jun 24, 2010 4:23 PM

Maybe Google should develop or buy software that analyses Apps automatically and categorises them according to specific privacy/safety measures. The same software could also alert Google of Apps that are fake or malicious - it would take some work but it is worth it if they want more enterprise users of Android phones.

Comments have been disabled for this article.

Ads by Google