Linked by David Adams on Thu 24th Jun 2010 16:22 UTC, submitted by Governa
Privacy, Security, Encryption About 20 percent of third-party apps available through the Android marketplace allow third-party access to sensitive data, and can do things like make calls and send texts without the owners' knowledge, according to a recent security report from security firm SMobile Systems. There's no indication that any of the highlighted apps is malicious, but the report does underscore the inherent risks of a more open ecosystem as opposed to Apple's oppressive yet more controlled environment, with every app being vetted before availability.
Thread beginning with comment 431458
To view parent comment, click here.
To read all comments associated with this story, please click here.
nt_jerkface
Member since:
2009-08-26

Those are security defects, which indeed require patching, in the Android operating system,


It's a very poor design that will likely be exploited.

As much as geeks lament the locked down nature of the App store it does have a pristine security record.

There's more to improving the security of applications than your list shows, there is also developer verification which is part of the App store application process.

As for binary security checks they can be performed with software. Not 100% effective but when combined with developer verification you have a strong deterrent.

You can be dismissive of the app store but it has an excellent security record that cannot be denied.

Reply Parent Score: 2

Neolander Member since:
2010-03-08

What do you call developer verification exactly ? Some kind of digital signing that (is supposed to) identify the guy who submitted the app ?

Moreover, I agree that the App store has an excellent security record... But it's just like Nokia's Ovi Store, Microsoft's Marketplace, Android's Market, RIM's I-don't-remembler-how-they-called-it or even the old $5 java games download pages in that respect : there are only little to no recorded exploits in each case, so we can't make conclusions yet. It'd be like saying "Oh, dammit, those mobile OSs are so much more secure than Windows !".

To get a good picture, we should have good data in the form of hundreds of recorded exploits. Which the mobile phone repository system does not have yet, because it's just an uninteresting target at the moment. Plus, it lacks global penetration on the market : at the moment, smartphones still are mostly used by geeks and some executives who want to show how rich they are because they can...

Edited 2010-06-25 10:30 UTC

Reply Parent Score: 2

nt_jerkface Member since:
2009-08-26

What do you call developer verification exactly ? Some kind of digital signing that (is supposed to) identify the guy who submitted the app?


Verify that the developer has a legal address and bank account. Requiring that the developer has a verified paypal account is an easy way of doing this. It's just an additional security precaution that deters criminals.

Allowing unverified submission from all parts of the world is too risky. Very little malware comes from the US and Western Europe and security policies should take this into account.

Reply Parent Score: 2

Neolander Member since:
2010-03-08

You can be dismissive of the app store but it has an excellent security record that cannot be denied.

It's just a repository where package are checked before admission. Tons of these exist in the rest of the computing world. I'm not dismissive of that, as long as it's coupled with other strategies. What I don't understand is why the App Store is presented like some kind of revolutionary product.

Edited 2010-06-25 10:35 UTC

Reply Parent Score: 2

nt_jerkface Member since:
2009-08-26

Oh....I never considered it to be revolutionary.

Well implemented yes but I thought only Apple fans believed it was revolutionary.

There were app vaults well before the App store, and well designed ones like Steam.

Reply Parent Score: 2