Mobile apps emerge as new malware target
Google deals with Android ‘open app’ security woes as hackers find a new way to wreak havoc
The Android mobile operating system last week came under attack from malware injected into “dummy” apps, which tricked users into downloading them and then performed a root attack on the devices.
Google responded over the weekend by not only removing the apps in question from the Android Market but also remotely deleting the bad applications from user devices. “This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications,” wrote Rich Cannings, Android Security Lead, on the Google Mobile Blog.
Beyond that emergency move, Google said it is implementing a series of security measures to beef up Android security and prevent similar attacks from occurring.
That said, it’s surprising that it took so long for a major mobile app attack to appear. Apple has tight controls over its app store approval processes; Google less so. But because mobile apps contain executable elements – and many users root or jailbreak their devices to enable the use of “non-approved” apps – mobile users will likely see more app attacks in the future.
The question for software makers like Google and Apple, device makers like HTC and Motorola, and mobile operators such as AT&T and Verizon will be this: to what degree is a more open mobile app ecosystem worth the security risks it brings? And for end users: are they comfortable with their mobile vendors being able to reach out – as Google did this weekend – and remotely take control of their device and uninstall applications?
While the use of a remote “kill switch” seems to becoming part of the fabric of mobile computing, it’s hard to imagine something similar happening with computers, Web browsers and Internet service providers.
Clearly, the mobile security “rules of the road” are being hashed out as we speak, and as I discussed in another blog post, they aren’t necessarily turning out as one might expect, especially for telecom service providers:
What’s interesting is that mobile operators have [traditionally] opted for a more walled garden approach to apps and services, in part to control user experience (and revenue) but also in part to avoid just such security concerns, especially threats that take advantage of or disable network resources. As more and more mobile operators embrace Android, will they ask Google to tighten the Android reins a bit in order to protect their users – and their networks – from such threats? It could turn out to be an important question as Android continues to expand its reach and influence in 2011.
Stay tuned as this important issue continues to get hashed out.
Want to use this article? Click here for options!
© 2014 Penton Media Inc.
Enter Grand Prize Drawing
BONUS: By registering for these resources you will be entered into the Grand Prize Drawing Ultimate Giveaway: Approx Value $2056 (includes MacBook, iPad, iPhone 4G, Apple TV, XtremeMac InCharge Duo for iPad, iPhone and iPod, $200 iTunes Gift Card) See rules.