Android Phone Tips
 |
| Android Phone Tips |
The news that Google is remotely removing 58 malicious applications from Android devices shows that opening up the supply of software to a variety of sources has its risks, including malware similar to what has been infecting Windows for years.
The fact that malware isappearing on Android devices shouldn’t be a surprise to anyone. Android devices also give you the ability to download apps from third party sources–places that aren’t part of the Android Market. I’m sure there are many out there who will suggest that this makes Android devices less useful in the enterprise than, say, Apple or Blackberry devices.
The freedom to load applications from anywhere gives Android device significant flexibility that you don’t get with other devices. There’s already a variant of the Zeus Trojan, named Zitmo, attacking Blackberry devices that apparently comes from visiting infected Web sites or from infected e-mails. This works just as effectively regardless of what brand of mobile device you’re running.
In addition, the problem is worse with mobile devices because security software hasn’t been a priority for mobile users. This means that malware can invade your mobile device and you may never know. I still use my BlackBerry to do that, if only because BlackBerry malware is much more rare than Windows malware.
With Android devices you have a larger number of infection vectors than you do with Apple or RIM devices, but that doesn’t mean that those devices are free from any risk, because they’re not. Google's response to a bout of Trojan-horse applications targeting its Android operating system shows how much and how little power it exerts over that platform.
The key part of Google's latest reaction, announced in a blog post Saturday night by Android security head Rich Cannings, is the remote removal from users' phones of applications identified as malware. These rogue applications were offered through Google's Android Market under such sketchy names as "Hilton Sex Sound" but also more-serious monikers such "Scientific Calculator.
" Google will also send a software update called "Android Market Security Tool March 2011" to infected phones over the next day or two that will close the security vulnerabilities exploited by this malware. You're better off inspecting a new app's critiques in the Web version of the Market that Google introduced last month.)
I've heard similar thoughts from Android developers who like not having to wonder if each new release--and each patch to an existing release--will get held up in app store review limbo. Although the current version of Android, 2.3, doesn't have the vulnerability exploited by this malware, most Android phones don't run it.
And Google can't make them offer updates to 2.3. Others, such as Vaughan-Nichols, advise getting anti-virus software for the phone. But no matter what, Google needs to improve its management of its Market.
Given that the malware was designed to download additional malicious software, it's not immediately clear whether affected devices lost sensitive information as a result of this secondary malware. Larimer advises resetting affected phones to their factory state. Google is distributing a specific piece of security software to affected users, the Android Market Security Tool. Cannings says that Google is working on a number of additional security measures to make Android Market more secure and is working with partners to improve software security.
By. Android Phone Tips
0 comments: