More Malware found in Android Market
For months now I've been writing about the security problems with Google's Android operating system. Now yet more malware has been found in the Android marketplace, this time by security researchers.
The news, which was reported by ComputerWorld, said that four new malware apps were discovered on Friday by Lookout Security that were infected by a variant of the DroidDream Light virus. This is now the third time this year that this particular malware has been found in the Google marketplace.
Yesterday though, North Carolina State University researchers found new malware that would force Android phones to text premium rate numbers. According to ComputerWorld, Google has been forced to pull over 80 infected applications from its app store since March this year.
In a poor attempt to defend themselves, Google said in a blog post that "Fortunately the malware was available in the Android Market for a short period of time so the number of downloads was limited to 1,000-5,000."Â How the company can possible claim that up to 5,000 people's smartphones and tablets have been infected is 'fortunate' would need explaining to many people.
Ever increasing volumes of malware are being found on the Android marketplace and security researchers from across the world are warning repeatedly about the dangers posed by downloading them. These malware apps can do everything from texting and calling premium rate numbers, to stealing your personal and contacts information and email and other log-in information.
Currently the Android platform offers no protection from these apps and Google simply aren't being proactive enough in preventing them from appearing on their app store to begin with.
The problem stems from the open nature of the platform. App developers don't have to submit apps for rigorous testing in the way they do for Apple and Microsoft smartphone and tablet platforms. This is one of the factors that has allowed Android to become so popular in the last year and to build up huge numbers of available apps.
Furthermore, the open-course nature of the operating system gives malware writers unfettered access to Android source-code which they can use to refine and test their malware, to make sure that it remains as hidden and as deadly as possible.
Neither of these are problems facing Apple, Microsoft, RIM or HP on their own platforms. The problem is compounded however by a lack of clear communication and information from Google to their customers. Most Android users will be completely unaware that any malware problem exists on the platform. Obviously Google aren't too keen to highlight this to them as it would clearly damage sales, and harm the reputation of their operating system.
Also, the company has made no moves towards tightening up control of their own app store, or locking down specific features within the OS to prevent malware from actioning requests unless specifically called by the user.
Clearly something is going to have to give. Android is the most vulnerable operating system currently available and either Google will have to step in soon and take positive action to defend their platform against the threat, or the ever growing volume of negative publicity their action is bringing will eventually come to the attention of the mainstream press.
Xuxian Jiang, an assistant professor of computer science at North Carolina State University offered this advice to Android users keen to avoid malware on their devices. He said to make certain that the permissions an app requests from you match the permissions you would expect that app to have, while Lookout security said "Use common sense to ensure that the permissions an app requests match the features the app provides".
Lord….I just won’t read another article by Mr. Halsey. I agree that this is completely biased; doesn’t point out the virus’ that have been made available through apps on the Applie AppStore that were silently removed, doesn’t mention that there is virus protection, doesn’t mention the benefit of not having Apple decide what will be made available to you, doesn’t doesn’t doesn’t.
This isn’t the first incomplete article posted and it is certainly the last I will bother reading. Too bad that Ghacks doesn’t have a quality control procedure (one might suggest the same procedure that we are lead to believe the Android Market doesn’t have).
Still look forward to reading Martin’s contributions :)
Rick
I am a happy Android user and I do test out a lot of apps (and I do mean it). But most of the time I trust Lookout for Android and my knowledge. My Android being rooted helps a lot though. And my phone never got infected.
I agree that Android is vulnerable. But can you tell me, which operating system or smartphone is not. Even the most toughest of them are vulnerable when the most weakest point is the user? Those malwares are not getting installed themselves, the users are downloading them and blindly installing them without even bothering to check the permissions of the malware apps.
Regarding this article, I agree with vivitron here, articles should be less biased. This will help the readers a lot.
P.S. I love the openness that Android offers, unlike Apple or Microsoft.
Hate to suggest but considering the emergence of more and more malwares in the Android market, I advice going with Lookout AV for Android, I’m using it(free version) as well without any noticeable slowness.
This article smells of severe bias on the writer’s part. Sure, there are issues, but the real issue is in the screening process and user education – not the OS itself. All operating systems have vulnerabilities in them and to hint that they are secure is wrong. So statements like “Android is the most vulnerable operating system currently available…” sends chills down my spine.
“Vulnerabilities” such as these exist in Mac OS X, Windows 7, iOS, and even Linux based OSes. A program you are choosing to install is doing something that you didn’t expect. Android, like iOS, prompts you to allow the application access to different features of the phones. So the user is enabling these applications to do things. A “real” vulnerability would be if the user did not give the application permission to send a text message and it did.
In terms of reporting, the article you referenced mentions that one of the applications was only available from a “Chinese unauthorized app store.”
So lighten up and reduce the bias. Your readers will thank you.