The Android community should definitely tread softly with what kind of applications they are downloading from the Android Marketplace. There has been a flurry of malicious software making its way to the Androids app purchasing medium that has been affecting millions of users of the software. The latest installment of the epidemic, according to Venture Beat, comes from an application that has disguised itself as a collection of wallpapers that Android users can use to change the background of their device.
When the application was examined, it was discovered that it was sending information about the end-users Internet browsing activity, phone numbers, passwords, subscriber identification, text messages along with other personal private information. The malicious software would then gather this information and then send it to select servers in China. It has been estimated that the app has effected more than four million people in the Android community.
It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China. The app has been downloaded anywhere from 1.1 million to 4.6 million times. The exact number isnt known because the Android Market doesnt offer precise data.
While some applications often do access personal information of a users device, it can be rather confusing for the average user (in which Googles Android platform is purchased by almost entirely and is most of the mobile world user-base) to discern and understand what each and every disclaimer for different types of data access means. Because of this, consumers may give pass to certain data access requests in order to get started using the application. There is no personal pre-examination per se for the approval of an application on the Android platform (which is one of the main reasons why applications get posted to the Marketplace so quickly). Google does sandbox their apps and force them to inform the user of what it will be accessing, though. However, this leaves the user to decide which information an application can access, which, if not tech savvy (as most users arent), will result in the person just granting access to data for the application. Being that this is so on the Android platform, the disclaimer for data access is pretty much frivolous if not evaluated first by the user.
Applications on Apples App Store are examined by a team of individuals from Apple themselves. When an application is submitted to the App Store, it goes through an examination and approval process. The operation is completed within seven (7) days of the applications original submission date. During the examination, each and every application is screened both digitally and humanly in every aspect of their anatomy for malicious and suspicious activity, as well as defects in the software. If the application passes the inspection, Apple approves the app, notifies the developer and then places the software on the App Store for distribution. If the app does not pass the exam, the application is rejected back to the developer with an explanation providing reasoning for the apps denial into the App Store. In result of Apple taking responsibility of prescreening apps before they are published, common users (again, which is most of the mobile world user-base) are relieved of the task of having to identify what data requests are OK to grant for an application to access before installing the app. In addition, when applications request data access from a users device, the request is sandboxed and detected by Apples software in which Apple notifies the user, in “plain English”, that the application wants to use certain information from the device. The user can then deny or grant access to the data for the app until the user decides not to be prompted anymore.
Users of the Android platform are advised that due to the recent spike of suspicious activity, they should be cautious of what application they are installing. The best solution would be not to install apps that you arent sure of and only the ones from familiar and publicly trusted sources (Twitter, Facebook, Google, Microsoft). Quality comparisons were conducted of the two security implementations that Android and iOS use a while back among various security firms and experts, including world famous security consultant Charles Miller. It was concluded that both companies’ sandboxing method does a great job of informing the user of what data is being accessed with some more credit being given to Apple for their plain English notifications. However, the firms and consultants gave more praise to Apple being that they took responsibility of digitally and humanly inspecting software before distributing it to the public. Now, with the recent increase in hacking attempts on Android, tech savvy individuals and experts alike are now declaring that Apple’s method seems more secure.