While Google likes to brag about how open Android is, the platform has become an increasingly open target for malware writers. Indeed, Google's openness paved the way for malware writers to target apps in the Android Market, and Google has now had to resort to pulling 21 infected apps.
Google has confirmed the issue and said the apps contain malware that works to gain root access to a victim's smartphone so it can snoop data and download additional code onto the handset -- all without the user ever noticing.
"We should point out that this vulnerability was patched with Gingerbread, meaning any device running Android 2.3+ should be fine," Aaron Gingrich of the Android Police, wrote in a blog post. "The hole was fixed by Google, but it's relatively useless since many phones aren't yet running a version of Android that is protected."
The malware drama isn't exactly good news or good timing for Google. The company already faced a major public relations issue when millions of Gmail accounts went missing earlier this week. Indeed, Google Apps seem frequently to be the object of news stories that report glitches of one kind or another, according to Rob Enderle, principal analyst at The Enderle Group.
"At RSA [the security conference], there was a talk about the fact that folks in China were pulling apps out of the marketplace, rewriting them, putting malware in them, and then rereleasing them on the web," Enderle said, pointing to a Tuesday evening report that the Droid Dream app was one of the affected applications on the Android Market store shelf.
When the Android Police notified Google, the search engine company was quick to respond, removing the apps within minutes. But the security issue could be a long-term problem for Google because, at least currently, anti-malware is not running on Android devices.
"The Android Market remains the only real protection Google offers and apparently it's no protection at all. So the platform is at high risk," Enderle said. "If someone very visible gets compromised or if a large number of people get compromised, you could have a marketplace that avoids Google-based products, in which case they are done."
An Untrusted Brand?
Apple may be criticized for its walled garden approach to apps, but it's paying off with security. Apple designed far more security around its App Store and has had far fewer issues with malware. Though malware writers are beginning to rewrite malware for Apple products, Enderle said, the App Store has not proven to be an exposure for Apple yet.
"Google is becoming an untrusted brand. The only thing that's allowing Google to survive in the apps area is that they give their stuff away for free. If they were fee-based company, I think you could argue that they'd be close to being done now," Enderle said.
"All of these security exposures don't hit Google's core revenue, which is search advertising. If this were having a major impact on their revenue, I think they would take it far more seriously than they do. But the issues just makes it increasingly difficult for Google to be successful in these areas and to diversify its revenue stream."
Posted: 2011-03-02 @ 1:29pm PT
Why not list the affected apps ?