ZDNet has reported a potential vulnerability in Android OS, which can be used by malicious software to disable the installed anti-virus software. The malware can even corrupt the anti-virus software and use it as a malicious app. The founder of security firm Privateer Labs, ReileyHassell highlighted this fact. The component that is vulnerable is not disclosed yet as Reiley is taking it up with Google.
According to Reiley, malicious Android developers can develop apps that look legitimate, but are actually malicious in intent. They claim to provide productive services like bank account authentications or virus-fighting enhancements. The users are tricked into downloading and installing these Trojanized apps lending themselves to malfeasance. The strategy, increasingly called “app phishing,” is an Android-based exploit where the app informs the Android developer whenever it is invoked. A banking app can, for example, show a fake login page and transmit the login details to a remove Web server, resulting in loss of financial and personal information.
It is a tough call to fix responsibility for ensuring the sanctity of Android development environment. Ideally, Google can follow a signature-based screening for Android mobile applications. Already, Google has removed over a 100 malware apps from the marketplace in the past year. Android development being open sourced lends itself to half-baked and malicious apps more than say Apple OS. These challenges are a tough call and needs to be addressed by the Android development community together. On the other hand, it has made Andorid mobile applications development the fastest growing platform in both range and scope.
The best ways users can mitigate risk from Android mobile applications are downloading and installing only from trusted sources that have known developer names and good rating, checking if the permissions requested by the app sticks to its stated objectives, and keeping an eye on unusual activities in the device.
According to Reiley, malicious Android developers can develop apps that look legitimate, but are actually malicious in intent. They claim to provide productive services like bank account authentications or virus-fighting enhancements. The users are tricked into downloading and installing these Trojanized apps lending themselves to malfeasance. The strategy, increasingly called “app phishing,” is an Android-based exploit where the app informs the Android developer whenever it is invoked. A banking app can, for example, show a fake login page and transmit the login details to a remove Web server, resulting in loss of financial and personal information.
It is a tough call to fix responsibility for ensuring the sanctity of Android development environment. Ideally, Google can follow a signature-based screening for Android mobile applications. Already, Google has removed over a 100 malware apps from the marketplace in the past year. Android development being open sourced lends itself to half-baked and malicious apps more than say Apple OS. These challenges are a tough call and needs to be addressed by the Android development community together. On the other hand, it has made Andorid mobile applications development the fastest growing platform in both range and scope.
The best ways users can mitigate risk from Android mobile applications are downloading and installing only from trusted sources that have known developer names and good rating, checking if the permissions requested by the app sticks to its stated objectives, and keeping an eye on unusual activities in the device.
MD @ Mobi People INC. Working For Clients for Various types of mobile application / software development. Working from last 10 years in web based software & Moile based application development industry.
0 comments:
Post a Comment