At last, Android Market faced its first serious security lapse on early March, when more than twelve applications were found to contain malicious codes that can steal user information. These applications were immediately withdrawn from the store, but not before triggering serious considerations and questions about the much touted Android Market’s openness. Unlike Apple’s App Store, Google’s Android Market prides itself as being “open”, which in essence means that Google’s impose more relaxed rules for third party developers.
DroidDream exploits a flaw in unpatched older versions of Android OS, unfortunately some phone manufacturers and carriers haven’t sent the security update out to the users. About 50,000 users have downloaded the malicious apps, which means that Google should act fast to remedy the situation. Fortunately, Google responded well in this situation, the problems apps were pulled out from the market in 5 minutes after the first report. An expert at Symantec, a company that offers free anti-virus software for Android, considers that the malware poses a “significant” risk. Symantec has also published a practical guide for figuring out whether your phone has been infected.
About 1000 new applications are being posted each day and it would be almost impossible to properly check them for security issues. It would be time-consuming and expensive to vet each one of them at low-level, which means that this incidence may inspire more malicious people to try to upload bad apps on the Android Market.
Mobile malware is currently on the rise, as tablets and smartphones are currently becoming primary devices for a large number of people. The mobile technology landscape is not as sophisticated or mature as it is for desktop computers and in fact most people are still not aware that malware for Android platform is exist, making them an easy target in most cases.
The App Store by comparison hand picks applications individually, which makes Android Market more popular with smaller or personal developers, who can publish their Android apps on the Google’s market as long as they follow a short list of guidelines. However, freedom often comes at a price: Security. In general, openness, the prominent characteristics of Android can become a double-edged sword. Some go further, saying that Android Market should impose a tighter screening procedure and scrutinize apps like Cupertino does. If we allow everyone sell their products on our store with no quality-control procedure, someone can put something malicious and poison the whole integrity of the market. Inevitably, the lack of stringent rules can open up opportunities for bad developers and as Android Market becomes more popular it will be targeted more by cyber criminals.
In general, Apple has a better security mechanism as it runs a very tight operation and it puts all available efforts to prevent malicious apps from contaminating its business. Even so, people shouldn’t give up Android Market altogether, because it is still among the safest ways to get an Android app. To improve your chance of avoiding malware, you should only install apps that have been used by many people and received positive reviews for them.
These are five easy ways to keep your Android device safe from malware intrusion.
- Always check the application publisher. Check its other apps, if any of them look suspicious or shady, you may need to avoid this developer.
- Don’t trust user reviews too much, as personal users may not always be truthful or reliable. It is a good idea to choose an app that is reviewed positively both by users and reputable Websites or magazines.
- Check for app permissions, a list of permissions appears when you download or update an app. For example, a scientific calculator app probably doesn’t need to access your contact list, so if an app seems to perform a suspicious activity, you may need to skip it.
- Don’t install APKs (Android Package) files directly, as most of the time, you don’t know its real contents.
- Install a reliable antivirus and malware scanner. Although some people consider an anti virus software unnecessary and a true performance hog, the DroidDream outbreak may change their minds.