[Update: Oops! Nearly forgot Richi Jennings, who was well ahead of the curve on this.]
…no, not the ESET android graphic…
A couple of days ago I had an interesting conversation with the estimable Steve Gold, Technology Editor at Infosecurity Magazine. Much of the conversation was around Stuxnet and a presentation I'm doing next month at Infosecurity Europe, but we also touched on some other topics, including the vulnerability of the Android platform, and you can get a flavour of the conversation in the article "Android is terrifying" says ESET's David Harley.
Well, terrifying may be overstating things a bit: I'm not suffering from advanced androidophobia and I haven't joined the marketing through FUD (Fear, Uncertainty, Doubt) movement. And unlike my colleague Randy Abrams, I haven't been spending hands-on time looking at Android up close and personal. Nonetheless, at a time when Gartner estimates that we'll have downloaded 17.7 billion + mobile apps worldwide by the end of this year, I couldn't help thinking that Android users are likelier to pay for lax screening in the Android Market than users who are protected by reasonably strict application whitelisting.
Well, it looks like that concern had some justification. There are a spate of stories today about >50 applications pulled from the Android Market because of infection by information-stealing malware going by the name of DroidDream (very BladeRunner…) among other names:
Well, I'm not one for saying "I told you so." But I told you so. ;-) And it's not often that corroboration follows so soon after a soundbite…
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, We Live Security