More than a dozen common Android apps leave mobile phones vulnerable to attack, a mobile security researcher has claimed.
Riley Hassell, founder of Privateer Labs, has alerted Google but refused to publicly identify the apps for fear they would be targeted by criminals, reports Reuters.
“App developers frequently fail to follow security guidelines and write applications properly,” he said.
A Google spokesman told Reuters that Android security experts were not convinced Privateer Labs had uncovered problems with Android.
Hassell and a colleague Shane Macauley were due to demonstrate at least two theoretical Android attacks during a presentation called “Hacking Android for Profit” at the Black Hat hacking conference in Las Vegas before pulling out at the last minute.
While developing a child-blocking app, Hassell discovered an Android feature that allows apps to respond to other apps being launched. This could be used to insert password protection by a concerned parent or a spoof log-in page by an attacker.
Hassell called this attack, which sees a malicious app mimicking a trusted app to steal users’ credentials and send them to a remote server, “AppPhishing”.
Another attack exploited an Android function called ‘activity reuse’ that allows apps to execute functions belonging to other apps. If an app that makes phone calls is hijacked by a malicious app it could be used to dial premium rate numbers or potentially listen into phone calls.
Hassell and Macauley reportedly had a proof of concept prepared for both attacks targeting Skype but pulled out of the conference upon learning that part of their work may have replicated previously published research.
The attacks require a malicious app to be downloaded in the first place and a previous white paper by Privateer Labs found that the correct permission restrictions are not routinely written in by Android app developers.
In March, more than 50 apps infected with the personal data stealing DroidDream malware were removed from the Android Market and a couple of months later 26 more were discovered with a variant called DroidDream Light. It was speculated that DroidDream Light could have infected up to 120,000 users.
As Android’s market share sails past Apple OS it will become an ever more inviting target for malware producers.
No single Android device comes close to challenging Apples’s iPhone as the market leader. However, the sheer volume of different devices running Android means analysts have reported steadily climbing market share for the Goole OS. Last week, Gartner pegged Android’s market share at 43.4 percent versus iOS’s 18.1 percent.
Meanwhile, analysts IDC also predicted last week that the enterprise mobile security and management market would balloon 30 percent to $763million (£470m) by 2015 thanks to the consumerisation of IT, the acceleration of mobile enterprise applications, and cloud computing.
OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…
European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…
James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…
Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…
Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…
Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…
View Comments
These reports are becoming more prolific, it's like watching a train wreck in slow motion. I'm dismayed at Google's apparent indifference to this problem.
Google need to be more pro-active,informing & keeping in touch actively,not sitting on the fence