Google Android Apps Highly Vulnerable to Viruses, Report FindsBy Nathan Eddy | Posted 2010-06-23 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Danger Will Robinson! While Google’s open source Android platform is seen as a rising competitor to Apple’s iPhone, businesses should be aware of serious security issues, a report warns.
For the first time since its inception, Android based smartphones outsold iPhones in the first part of 2010. Consumers who purchase these smartphones are downloading millions of Android-based applications, and, according to a SMobile Systems analysis of the Android market, putting their personal and professional data at risk. SMobile’s Global Threat Center discovered 20 percent of applications in the Android market grant a third party application access to private or sensitive information that an attacker could use for malicious purposes, such as identity theft, mobile banking fraud and corporate espionage.
The report, which an in-depth analysis of over 48,000 applications currently available on the Android market, found five percent of applications have the ability to place a call to any number, without requiring user intervention and dozens of applications have the identical type of access to sensitive information as known spyware. Two percent of market submissions can allow an application to send unknown premium SMS messages without user intervention, the report found.
"The open-source architecture that drives Android phones and the abundance of application stores available for all smartphone devices have allowed developers to quickly create and post thousands upon thousands of new applications," said Daniel Hoffman, chief technology officer for SMobile. "As a result, applications are currently available that have the potential to cause serious harm to devices, customers and to the broader cellular network."
While the report notes the Android Market offers flexibility that markets such as the Apple App Store do not by allowing anyone to develop and publish an application to the Market’s consumers, this presents the opportunity to easily defraud consumers for financial gain. Troy Vennon and David Stroop, the report’s authors, noted financial gain drives the paradigm of information security and attackers now see consumer and enterprise smartphones as targets.
"Since today’s smartphone devices are the equivalent of mobile computers, it is logical that attackers have expanded their focus from PC-based malware to Smartphone malware and an open application repository lends itself to these types of attackers," the report concludes. "At this point, it is no longer just a theory that attackers could use these repositories as a means to distribute malicious applications that are built specifically defraud a user. These things are happening today."