Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Android phones targeted by malicious app developers

Kaspersky says number of Android malware reached 70 last month, up from two in September 2010

Article comments

The Android vs iPhone smartphone race is a lot like the Windows vs Mac rivalry. On one side is a broadly licensed operating system used by many manufacturers. On the other is a locked down and expensive hardware platform.

However, according to Internet security firm Kaspersky, Android favours Windows in another, more sinister way: It's become a playground for malware creators.

Kaspersky recognised 70 different types of malware last month, according to its chief technology officer Nikolay Grebennikov, as reported by Bloomberg News. In September last year Kaspersky recognised just two. We should always be wary when a firm trying to sell us a cure hypes up the disease, but, if true, the figures indicate explosive growth.

Getting malware onto Android phones is easy. Once a developer has signed up to the Android Marketplace, which costs just $25 (£15), they can start releasing software straight away and there are no checks on the apps they create. This is in stark contrast to Apple's App Store, for which each program made available is individually scrutinised by an Apple engineer before release (and there's a $99 joining fee).

However, Google has put in place a number of protection systems. Apps run in a "sandbox" environment, for example, which hives them off in memory and should mean they're unable to compromise the entire phone.

Additionally, apps sold via the Google Marketplace can be killed remotely by Google, should they later prove to be malware.

Thirdly, whenever any software is installed on a user's phone, the user is informed of what hardware components of the phone the software will use. For example, an app might need to use the Internet connection and cause the phone to vibrate and the user will have to agree to this.

However, all of this is clearly not enough. Last month malware creators managed to infect approximately more than 400,000 phones with the DroidDream malware.

In this case, they didn't even go to the expense of creating a new app. As initially spotted by a contributor to the social networking site Reddit, malware creators simply stole several existing apps, then rebranded them and added in the rootkit exploit before making them available under new names. Again, the marketplace has no protection against this kind of piracy.

One of the original developers of a stolen app, CodingCaveman, was aware his app had been stolen but was unable to get a response from Google. It was only after the scandal hit the headlines that Google apologetically responded to him.

Essentially, the difference between the Google and Apple approach to app stores is that Google places the responsibility for security on the phone and its user, whereas Apple attempts to prevent security being an issue for users.

A cynic might suggest that Android's approach to security is to close the barn door after the horse has bolted.

Apple's way of doing things is expensive but effective - having people check over every app that's released is labour-intensive. However, Google's approach provides significantly more freedom, openness and ultimately more customer choice.

However, if 20 or so years of Windows domination have proved one thing, it's that users simply can't be trusted to take care of their computers. It's taken until Windows 7 for Microsoft to engineer this into their systems and it would be a shame if we had to wait that long for Google to come to the same conclusion.

Sadly, Google isn't showing much movement on the issue. In a posting to the Google Mobile blog last month, all Android Security Lead Rich Cannings would say is that "security is a priority for the Android team" and that Google is "committed to building new safeguards to help prevent these kinds of attacks from happening in the future". Google did respond to the DroidDream outbreak by releasing a clean-up tool, but it shouldn't have to resort to such extraordinary measures.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *