At a time when Gartner estimates that we’ll have downloaded 17.7 billion + mobile apps worldwide by the end of this year, I couldn’t help thinking that Android users are likelier to pay for lax screening in the Android Market than users who are protected by reasonably strict application whitelisting.
Well, it looks like that concern had some justification. There are a spate of stories today about >50 applications pulled from the Android Market
[Update: Oops! Nearly forgot Richi Jennings, who was well ahead of the curve on this.]
…no, not the ESET android graphic…
A couple of days ago I had an interesting conversation with the estimable Steve Gold, Technology Editor at Infosecurity Magazine. Much of the conversation was around Stuxnet and a presentation I'm doing next month at Infosecurity Europe, but we also touched on some other topics, including the vulnerability of the Android platform, and you can get a flavour of the conversation in the article "Android is terrifying" says ESET's David Harley.
Well, terrifying may be overstating things a bit: I'm not suffering from advanced androidophobia and I haven't joined the marketing through FUD (Fear, Uncertainty, Doubt) movement. And unlike my colleague Randy Abrams, I haven't been spending hands-on time looking at Android up close and personal. Nonetheless, at a time when Gartner estimates that we'll have downloaded 17.7 billion + mobile apps worldwide by the end of this year, I couldn't help thinking that Android users are likelier to pay for lax screening in the Android Market than users who are protected by reasonably strict application whitelisting.
Well, it looks like that concern had some justification. There are a spate of stories today about >50 applications pulled from the Android Market because of infection by information-stealing malware going by the name of DroidDream (very BladeRunner…) among other names:
- John Leyden in The Register: Tainted apps worm into official Android store: DroidDream creates security nightmare
- Adeline Yubocao in Digital Journal: Over 50 malware-infected Android apps pulled out by Google
- Aaron Gingrich for Android Police: The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor
- Ryan Kim for Gigacom: Malware Attack Highlights Android Market Security
- Athima Chansanchai for MSNBC: Malware infects more than 50 Android apps – First big infection highlights vulnerability of Android's openness
- The H: Android malware on the rise, 21 apps pulled from Android Market
- Peter Pachal: Google Removes 21 Malware Apps from Android Market
- Richi Jennings: Android Market malware scare: Google nukes 21 Trojan apps
Well, I'm not one for saying "I told you so." But I told you so. ;-) And it's not often that corroboration follows so soon after a soundbite…
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Discussion