Linked by David Adams on Thu 24th Jun 2010 16:22 UTC, submitted by Governa
Privacy, Security, Encryption About 20 percent of third-party apps available through the Android marketplace allow third-party access to sensitive data, and can do things like make calls and send texts without the owners' knowledge, according to a recent security report from security firm SMobile Systems. There's no indication that any of the highlighted apps is malicious, but the report does underscore the inherent risks of a more open ecosystem as opposed to Apple's oppressive yet more controlled environment, with every app being vetted before availability.
Thread beginning with comment 431393
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Comment by anevilyak
by mrhasbean on Thu 24th Jun 2010 22:32 UTC in reply to "RE[4]: Comment by anevilyak"
mrhasbean
Member since:
2006-04-03

That's certainly the case. What it does help you catch though is cases where an app is asking for rights it very obviously shouldn't need. For instance, suppose you go to install a game, and it asks for the right to make calls. Why would it possibly need that?


And the average user is supposed to understand exactly what's being asked and make the correct judgement call at install time? The same users who see a popup on their home PC telling them that they have a virus and need to install this you-beaut software to fix it, to later find they actually installed a trojan?

OK, I can see how that will work...

Reply Parent Score: 2

RE[6]: Comment by anevilyak
by lemur2 on Fri 25th Jun 2010 03:58 in reply to "RE[5]: Comment by anevilyak"
lemur2 Member since:
2007-02-17

And the average user is supposed to understand exactly what's being asked and make the correct judgement call at install time? The same users who see a popup on their home PC telling them that they have a virus and need to install this you-beaut software to fix it, to later find they actually installed a trojan? OK, I can see how that will work...


I'm not entirely convinced that it is a good idea, but this is Google's answer to that sceanrio:

Google Remotely Deletes Android Apps
http://www.pcmag.com/article2/0,2817,2365651,00.asp

Google this week removed two applications from its Android Market, and exercised a feature that lets the company remotely delete the apps from a user's phones.

...

The apps were found to be "intentionally misrepresenting their purpose in order to encourage user downloads," Rich Cannings, Android security lead, wrote in a blog post. "But they were not designed to be used maliciously, and did not have permission to access private data."

As a result, they were removed from the Android Market, but also remotely pulled them from the phones on which they were installed.

...

"In cases where users may have installed a malicious application that poses a threat, we've also developed technologies and processes to remotely remove an installed application from devices," Cannings wrote. "If an application is removed in this way, users will receive a notification on their phone."


Hmmmmm. I can see some good aspects about that, and some not-so-good.

Edited 2010-06-25 04:03 UTC

Reply Parent Score: 2