caiel

Can anybody shed some light on the security aspect of Android?

What security mechanisms are used lets say in "Bank of America", "MyVerizon", and "WordPress" apps ?

Do I even have to worry about security, because I am not exactly sure if these apps are built by the companies themselves?

Anybody using such applications on their "androids"?

(there is always an option by visiting the website directly, but the problem of zooming on every screen gets annoying when there is no multi-touch capability).

Hoping to hear from you!

Anybody knows the time-line for Droid for the recent multi-touch update?

RI_TDI

I've started to load apps on my Droid as the needs become apparent.

Each one issues dire warnings upon installations that they have access to everything short of one's DNA. Contact, location, presumable messages etc etc.

What is th erealistic risk that something bad will com of it? Are there many instances of apps that burrow in and do nothing but betray or rob you?

caiel

Thanks for the reply!

The concern comes from using Banking apps, and such sensitive information (login ID/pwd).

How different is android surfing compared to any WiFi surfing?

Where do you draw the line?

For instance, I don't use sensitive info on any WiFi

Bottom line: am little hazy/confused on the security of cell phones (DROID), any loose ends I have to really worry about ? "hacks/eaves dropping" to worry about..

Bear with my basic questions

RI_TDI

I'm asking if anyone sees additional risk. Android phones concertrate more of your personal data into a smaller package in an OS that I don't know much about other than it does the user-visible stuff better than Windows Mobile. just beiong able to know your location could for instance tell someone when to break into your house.

caiel

If your house is locked and the lock is dependable, you don't even have to worry...

I am talking about the bank accounts, social security number, etc on those lines...

In short.., "Identity thefts"...

magnus

Personally.....I'd wouldn't use an app for banking.....I'd just navigate to their sites using a browser.

Just recently there was a case of exactly what you describe....a developer had written a whole bunch of banking apps designed to steal information.

The flip side of the whole open source thing is that there is nobody policing the app store........until something bad happens....
You have to decide if its worth it to you to be one of the people who's information gets compromised BEFORE Google removes the offending app/bans the developer


If you do decide to use an app....NEVER use an app that's not directly created by the bank/institution themselves.....
Look through the permissions of the app. I would respectfully disagree that they are all standard operating warnings and not to be heeded.

They are not all that hard to decipher....why would a file manager need internet or gps access for eg?

NOTHING is safe from someone who really really wants it......You don't want to make their job easier if they are not specifically targeting you, by being careless.

Personally I would think that Wifi/3G surfing that is encrypted is accepted as safe....even though the 3G encryption was cracked by researchers in less than 2 hours a few weeks back.

You just decide what your acceptable level of risk is... For me....I feel that it is unacceptable for me to use a banking app that is NOT written by the bank itself....But I would use banking information over 3G/encrypted Wifi.

RI_TDI

I am asking about the porosity of Android security, not a hypothetical house.

The purpose of the example was to say there is additional information of value on your phone when compared to surfong from your PC.

The apps say they access to a lot of data - is there history of any using it for no good?

magnus

Yes there is one instance on abuse recorded so far.

Google Pulls Fraudulant Banking Apps From Market | DroidTalk

RI_TDI

Thx magnus. Only one instance is pretty good.

Is the SSL on the browser as good as PC browsers?

caiel

Pardon me, but you just contradicted yourself from above!
IMHO, there has to be a third party certifying institute, which can certify the security of any such apps...

For instance "Verisign Certification", etc...

But again...

magnus

That's true......Verisign is a good idea....

When you said I contradicted myself.....were you talking about the fact that I would consider using 3G even though it was cracked....

If so...yeah I agree :-) ....But I didn't link to the article. It was cracked by a researcher to show out-dated the encryption systems for 3G networks are. It showed how easy it would be for somebody who really wanted to access ANYTHING over 3G communications to do so provided they had the right know how.
Just because something is possible, does not make it just as probable. It is not a common place thing......AFAIK. I'll take my chances

But hey....like I said.....it depends on your acceptable level of risk. Yes, 3G encryption has been cracked. Yes, Banks get robbed......but that doesn't stop you from using one.

Just be wise and know your risks. Beyond that....the circumstances are out of your control really....if someone is determined enough. No point in living in fear......but be wise.
:-)

Last edited by magnus; February 9th, 2010 at 04:22 PM.