Android application safety and security

June 25, 2010
1
    Android Applications

    Android Applications

    Over the last few days there have been a number of blog posts and reports stating that ’20% of Android Applications threaten privacy’ or ‘pose a potential privacy threat’. These sensational headlines came about after SMobile Systems published a white paper stating that this was the case (having done research to prove it). What has subsequently become clear is that SMobile Systems’ President and Vice President of Operations are former AT&T employees. As you will know, AT&T have the iPhone and Android is a significant competitor. Furthermore, SMobile Systems sell software for Android which protects against security threats. Overall, there is a huge amount of bias and cause for concern with their findings.

    Some of the applications they consider a threat to your privacy are applications which manage your contacts. This is because these types of applications have access to your address book. Duh! The best thing about Android is that it always asks the user and informs them what applications are up to when they install or configure them.

    Nonetheless, Google have recently removed a few applications from the Market because they (intentionally) try to deceive the user into what data they are accessing. Here is an official statement form Google,

    Every now and then, we remove applications from Android Market due to violations of our Android Market Terms of Service or Content Policy. In cases where users may have installed a malicious application that poses a threat, we’ve also developed technologies and processes to remotely remove an installed application from devices. If an application is removed in this way, users will receive a notification on their phone.

    Recently, we became aware of two free applications built by a security researcher for research purposes. These applications intentionally misrepresented their purpose in order to encourage user downloads, but they were not designed to be used maliciously, and did not have permission to access private data — or system resources beyond permission. As the applications were practically useless, most users uninstalled the applications shortly after downloading them.

    Comments

    • http://www.safercode.com/blog/ Amit

      Android has a much superior “local” security model which will go a long way in preventing its users from security threats which will definitely breach through Apple’s walled garden approach, especially because a huge number of apple users jailbreak their phones, freeing them from the curator’s watch…And the walled garden in itself isn’t a good check for malware in the first place itself..
      I read another post that does a detailed comparison of Android and Apple security models here:
      http://tech.shantanugoel.com/2010/06/26/android-vs-iphone-security-models.html

    Popular

    Latest