Google has simplified the installation of apps via web Android Market. It has become extremely easy for users to surf the online web market and click on the 'intall' button if they want to install the desired app. The app will automatically install on your device. It doesn't ask for a user's confirmation that an app is being installed. The risk here is any cracker/attacker with accesss to users gmail details can easily install and run apps remotely on Android deviecs.

A Google spokesperson told Muktware, "Installation notifications appear on the device as an alert to users when the browser version of Android Market is used to install applications. If Gmail accouts are hard to crack and Google keeps a close eye on Android Market the risks come down to some extent. For Android phone users, the newfound convenience of installing apps remotely from the Android Market Website also opens up a security hole for malware.

When you click the "Install" button on the Android Market Website, it's as if you had just pressed the same button on the phone's Android Market app. So if someone gains access to a user's Google account, the user might not notice when that person installs a bunch of software that can, say, send and receive text messages or transmit contact lists.

Unlike Apple's iTunes Preview website, which allows users to browse for apps on the web but then directs them to iTunes to securely complete their purchase, Google's new web-based Android Market allows users to select and buy apps directly on the web site and then have the apps remotely installed on their device, something that is touted as a unique feature.

Purchased apps are then streamed directly to the user's handset and automatically installed. Additionally, apps on Android have far broader access to features on the phone; Google leaves the security ramifications related to apps up to the user when the app is being purchased.

Android's new security problem requires users' passwords to be intercepted by a malicious third party. Apple's iTunes users have already been regularly targeted by multiple attempts to either guess, crack or simply "phish" their passwords by malicious users seeking to obtain access to their accounts.

The difference is that with iTunes account information, all a malicious user can really do is make unauthorized purchases. "The phishers' intention may not be to use stolen account credentials for the purposes of sending spam but to install malware on the user's Android devices instead."
By. Androidguys

Wednesday, February 9, 2011 | 0 comments | Labels:


Post a Comment