View Full Version : Really? 20% of Android Apps Pose Security Risks? Not Really

06-27-2010, 11:31 PM
I just ran across this article (http://www.webpronews.com/topnews/2010/06/23/one-fifth-of-android-apps-judged-to-pose-security-risks) at Web Pro News,which I found to be pretty informative and somewhat alarming. The main reason I used to justify getting my Ally to begin with was the fact that I got tired of my Battle.net account getting hacked and my WoW toons being Shatthaied. I used the fact that there's a mobile authenticator app available to add an extra layer of security to my WoW account as justification for my purchase. Knowing that my laptop already fell prey to a keylogger or that I fell for a phishing attempt to begin with is sad enough.(They even used my old email address as a return path to successfully phish others info with) Now I've got yet an other machine to be concerned about such things with...frankly it's a bit annoying. I realize it's not LG, or any other manufacturers fault. It's just one more thing to be attentive of. One part of me finds it sad that people would stoop so low, another part finds it not at all surprising. People will always be looking to get whatever they can for as little effort as possible, especially criminally minded people. I just wanted to share this, as it's most likely a topic that one way or an other we are all going to have to address at some point in the future. I guess I'll be taking a closer look at what sorts of permissions the apps I choose to download are going to need, and consider why they need so much permission before I do so in the future. Now I'm off to check my current list of apps for potential security risks just for peace of mind. Thank goodness for the fact that I'm sure most developers are honest, but that doesn't stop the dishonest people from taking advantage of security holes.

Does anyone know about this topic? Are there other articles/studies or knowledge regarding this topic that anyone would care to share? If so, please do so, thanks in advance.

I'm not attempting to be alarmist, just cautious. I used to think having an account hacked would never happen to me, then it did. That old saying comes to mind,"An ounce of prevention is worth a pound of cure." or however it actually goes. At the very least, it's something to consider when allowing permissions during setups.


Had I bothered to read the entire article before starting this thread I would have seen the following:

UPDATE: Sure enough, Google's Jay Nancarrow responded in the comments section, stating, "This report falsely suggests that Android users don't have control over which apps access their data. Not only must each Android app gets users' permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious."

I really wish I'd not been bored and alarmed enough to create this post now. I can't sort out how to delete it now, so if a mod can do that for me I'd really appreciate it.http://www.lgallyforums.com/public/style_emoticons/default/biggrin.gif Unless you feel it's something that should maybe be left up as an example of doing your research completely before allowing your knee to jerk.http://www.lgallyforums.com/public/style_emoticons/default/blink.gif

06-28-2010, 07:45 AM
Actually, security on the OSes is a good topic. BTW by default, you cannot download 3rd party apps w/o giving explicit permission to your phone. In all honesty, no OS/phone is 100% secure. Being Open Source is a brave new venture and one I completely support.

One very good software for Android in the case of a phone being lost/stolen (a more physical and likely event than your OS being hacked) is from F-Secure F-Secure Anti-Theft Protection - FREE (http://www.f-secure.com/en_EMEA/products/mobile/anti-theft-download/anti-theft-download.html)

There was a case earlier this year of a malicious coder for the android that created a banking app and has since been caught - imo, anyone dumb enough to input sensitive banking info into a phone... well yea. Only ever use your own bank's software and website, folks.

As far as you using your phone for the mobile authenticator for WoW...I wouldn't. (I use the actual authenticator - attached to a lanyard.) But if you lose your phone, at least you can use the F-Secure software.

And if any iphone user tells you their phone is more secure and least likely to be hacked, they are either lying or have no clue what they are talking about. The new iphone 4g has alrdy been jailbroken. iphone 4 JBed (http://www.iphonehacks.com/2010/06/iphone-4-already-jailbroken.html)

07-15-2010, 07:28 AM
Following your lead, Intrimazz, I looked into F-Secure. First of all, it's only free for seven days. Second, I canceled the installation, when I saw how much of my device would be under the control of the program. Very invasive.

09-20-2010, 11:36 PM
The response from google is spin. Unless we users have control over the default google apps: voice search, amazon, etc that tends to pop on even though we kill them.

Yes the market apps and even some google apps list what permissions are auto assigned when they are installed. We should be able to remove the default google apps and what specific permissions they can access. Some may use the default apps and that is ok, but some of us couldn't give a crap about them much less gathering our contacts info.

09-21-2010, 03:31 AM
Root your phone if you want to remove preloaded apps that badly.