Feeds

Android apps: Shifty little bleeders

Bit malwarey here and there

Protecting against web application threats using SSL

A fifth of Android applications aren't playing fair, according to SMobile Systems which reckons that mobile application marketplaces are rife with malware.

SMobile ran though more than 48,000 applications on the Android Marketplace (about three quarters of the whole marketplace) collecting details of the permissions the applications requested – Android applications have to list resources required – and SMobile bases is analysis (pdf) on those requests.

The more perceptive reader will have noticed a flaw in such an analysis – it might be true that 20 per cent of Marketplace applications request access to personal information, but if those applications are social-networking-integration apps then they're going to need access to that data.

Similarly, five per cent apparently request access to the phone dialler, which SMobile points out can be used "to place a call to any number without interaction or authority from the user": but if those applications are shell replacements then that's entirely appropriate.

The Android Marketplace relies on the penguin approach – the first downloaders of an application are expected to report their suffering to protect everyone else. It's not a perfect system, and less secure than Apple's draconian impositions, but it maintains the freedom of the platform that some people consider more important than its security.

"Just because it's coming from a known location like the Android market or the Apple App store... doesn't mean you can assume that the app isn't malicious or that there is a proper vetting process," SMobile's chief technology officer told CNet, skipping over the fact that Apple's app store does have a proper vetting process (biased, contradictory and inconsistent, admittedly, but it is a process).

SMobile might have a point about Android applications asking for more privileges than they need, and that spyware is available for Google's platform. Android users do need to think twice before downloading applications, but saying that application stores are awash with malware seems more than a little alarmist. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.