Android Phone Tips
|Android Phone Tips|
Some users are shocked that Google can remove stuff from your Android phone remotely. I'm more alarmed at the ridiculous ease with which malicious coders can create Trojans for Android. At last week's Next@Norton event, Symantec researchers presented a dazzling array of information about the current state of mobile security and the mobile malware landscape.
Here are the five simple steps Chien demonstrated:
One. Start by downloading a free app. You can choose any app at all, but of course you'll want to pick something that will draw plenty of downloads.
Two. The language compilers that create applications on your PC take textual source code and convert it into assembly language that the CPU can read and process. It's a one-way translation; there's no way to go from the final executable file back to the source code. Androidapps are written in Java, though, and that means that you can decompile them back to the original source code using simple, easily-available tools. For the next step, decompile your target app.
Three. The third step is a little tricky. You'll need to obtain Java source code that does something nasty, like sending personal information from the device to a third party. For the demonstration, Chien used a known threat called Android.Geinimi.
Four. Adding the Trojan code is absurdly simple. You copy it into the folder containing the existing source code, make a small change in the manifest to run the Trojan code before the rest of the app, and edit the permissions to give the Trojanized app free access to the entire device. While you're at it, tweak the app's name. Chien added "FREE!" to the name for his demo.
Five. Compile the modified app and upload it to the market. You're done!
Of course, malicious apps don't last long in the Android Market. If you really want to spread a dangerous program, you're better off uploading it in China, where there is no official Android market. It's time to look into mobile security for your Android device. Google recently removed at least 10 applications from the Android Market, all of which contained malicious code disguised as add-ons to one of the most popular apps of all time.
Google suspended the questionable applications the same day, “pending further investigation.”Jiang found malicious programs other than Plankton in his research. Jiang says apps containing the virus were available on the Android Market for at least three months before Google pulled them.
Jiang found a similar application, DroidKungFu, circulating Chinese application markets before YZHCSMS made its way to the Android Market. For many app developers, the Android Market offers a freedom not found in other application retail outlets. Unlike Apple’s strict application review process, apps submitted to the Android Market are published almost instantaneously.
Google’s lack of vetting applications lends the Market to security vulnerabilities like these. Going outside of the official Android Market for apps can be even riskier. Without Google’s moderation capabilities in these outside markets, users are more susceptible to downloading malicious apps.
By. Android Phone Tips