Android Security - whay do you do?


Last Updated:

  1. kisby

    kisby Well-Known Member This Topic's Starter

    Joined:
    Jun 11, 2010
    Messages:
    109
    Likes Received:
    23
    I just read this article Smartphone apps could be sharing your private data which basically talks about the possibility that some free apps could be harvesting info from your phone.

    What can be done for security? How do you know if you have one of these apps?
     

    Advertisement
  2. Bitbang3r

    Bitbang3r Well-Known Member

    Joined:
    Apr 24, 2010
    Messages:
    108
    Likes Received:
    24
    Short of using only apps you've built from source after personally vetting the code, basically nothing. The panicked security stories haven't even touched on the possibility of multi-part exploits, like app #1 (with access to your contacts and /sdcard) writing them to a file, and app #2 (with access to /sdcard and the internet) reading and POST'ing it.

    Free, non-opensource software will NEVER be "secure", and any perceived security for commercial software is a theatrical illusion more than anything. That's just the way it is, and the way it's always been.

    Is Android Market perfect? Hell no. Far from it. The answer isn't to make it more restrictive, but to make additional information available to users (via searches, filters, and viewable parameters) so they can ignore it or use it to make more informed decisions.

    Case in point: a "bank" app. Suppose you go install an app right now for Chase, Citi, or some other bank, from Android Market. What assurance do you have that it actually came from that bank and hasn't been tampered with? Yes, it was signed... but how do you view the app's cert and validate its authenticity? AFAIK, you can't. The only safe way is to download the .apk directly from your bank's website and install it... assuming, of course, that you aren't unfortunate enough to be a jailed AT&T customer who isn't allowed to do that.

    At the end of the day, all you can really do is be alert. If an app is free and looks like it's "too good to be true", it probably is. Visit the author's website and sniff around. Google him. Think of him as a salesman in a bazaar, and evaluate both him and his merchandise accordingly.
     

Share This Page

Loading...