Android application security
Recent reports of a misbehaving Android application have rekindled concerns about the security of Android-based mobile phones. Because applications can be made available in the Android Market by anyone, without any review, it would seem to be an excellent target for malware purveyors. The Android security model is meant to sandbox applications, but some applications need more capabilities—to get them, they ask the user. While it appears that the application in question, MemoryUp, was actually innocent of what is was accused of doing, the incident highlights potential problems with Android security.
Unlike the iPhone App Store, Android applications are not vetted before being placed into the Android Market. In addition, for now, Android applications must be distributed for free, though that is set to change sometime later this year. Given the problems with Apple's inconsistent and anti-competitive decisions on iPhone applications, Google's openness has some benefits. But it also has some pitfalls.
Applications are required to be signed with a developer's private key, which should provide some measure of accountability. Given that it only takes a Google account and $25 to get into the developers program, it may not be very difficult for a malicious developer to get an "anonymous" (or largely untraceable) key. But there is a larger issue as well. The security model leaves it up to users to, essentially, guess whether they should allow an application to have additional privileges.
As David "Lefty" Schlesinger points
out in his blog, the security model in many ways faults the
user: "I've commented in a variety of places about the problems with
Android's security model, and how it essentially made any security problem
the users' fault by asking them to approve what the application says it
wants to do--in broad terms--on installation, without any policy component
behind it at all.
" While it appears that MemoryUp neither asked
for, nor received, any extra privileges, it is something that actual
malware—or, worse in some ways, applications that live in the gray
area between malware and benign-ware—developers will not hesitate to
exploit.
If an application needs network access to do its job, it will presumably be granted that access by the user at install time. But, there is nothing stopping that application from using that access in ways the user might never approve. Combining network access with access to personal data, leaves the user wide open to sharing that data in ways they might not expect—or approve of. In some ways, that is no different than Android's automatic syncing of contact information to Gmail, which ensures that Google has access to that info. Undoubtedly Google's privacy policy prohibits them doing anything overt with that information, but it is, or should be, worrisome.
Mobile phones are rather sophisticated computing devices these days, with multiple connectivity choices, and lots more storage than even desktop machines had just a few years ago. Along with that sophistication goes the security risk. We have yet to train users to make sensible security decisions on their desktop machines—though it seems like it might be getting slowly better—do we truly expect them to make good decisions when "HotPhoneApp" asks for more access than it truly deserves?
For Linux desktops and servers, distributors generally play the role of application examiners. In many ways, they are the first line of defense against malware. It is understandable why Google might not want to play that role, but users should keep it in mind when installing Android applications.
| Index entries for this article | |
|---|---|
| Security | Mobile phones |
Posted Feb 5, 2009 11:21 UTC (Thu)
by NAR (subscriber, #1313)
[Link] (1 responses)
Posted Feb 9, 2009 18:07 UTC (Mon)
by bronson (subscriber, #4806)
[Link]
Google's going to have to add a comment rating system if they want comments to be anything more than random noise.
Posted Feb 5, 2009 17:25 UTC (Thu)
by pflugstad (subscriber, #224)
[Link]
Posted Feb 7, 2009 2:30 UTC (Sat)
by jwb (guest, #15467)
[Link] (10 responses)
So please, keep the blame on the technical side. Turning over control of your program to middlemen is not a security enhancement.
Posted Feb 7, 2009 3:48 UTC (Sat)
by jake (editor, #205)
[Link] (9 responses)
While you may disagree with the article, and you make some reasonable points, it is hardly 'FUD'. Calling everything we disagree with 'FUD' only serves to dilute that term.
One of my points, which may well have been inadequately stated, was that there is no one serving the role that Linux distributions traditionally play for Android. There is a distinct danger to Android users who download applications and install them without thought. Given what you say, I am shocked, actually, that there haven't been security problems for Blackberry. Surely you don't think there are no malicious entities out there who would like to get malware installed on Androids, Blackberrys, or iPhones.
But I don't see any 'Fear, Uncertainty, and Doubt' being promulgated here.
jake
Posted Feb 7, 2009 6:03 UTC (Sat)
by dlang (guest, #313)
[Link] (4 responses)
but it's enough for malware to just be available for there to be a significant security problem, there needs to be a way for that malware to be run.
on windows systems this happens through network holes or application flaws when seeing specific content.
on the blackberry (and the Android) this requires that the user actually install the malware.
that doesn't mean that bad things don't happen, but it does mean that the scale of them happening is low enough that it doesn't generate any attention.
Posted Feb 7, 2009 17:08 UTC (Sat)
by jake (editor, #205)
[Link] (3 responses)
that's certainly one vector, but people installing malware on windows (and elsewhere) is pretty common. spyware, adware, etc. come with the latest codec that has to be installed to see the cool video of the day, etc.
less than clueful users (and even some clueful ones) voluntarily install dubious stuff on their computers all the time, why do we expect mobile phones to be any different?
jake
Posted Feb 8, 2009 8:54 UTC (Sun)
by dlang (guest, #313)
[Link] (2 responses)
the spam thing may change (especially if there is a way to identify vunerable users), but the number of portable users is much less than the number if normal computer users, and the connectivity of the portable users is significantly less (although it may be on full-time). as a result taking over thse system is less attractive to the bad guys.
the smaller screen means that a 'typical web page' with a paragraph of info surrounded by advertisements is unreadable, so users don't go there, or if they do, would have to go to extra effort to see the advertisements.
so, for all these reasons, I just don't see the mobile malware problem ever getting as bad as the windows malware problem currently is.
Posted Feb 9, 2009 18:13 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (1 responses)
You don't see mobile malware bringing entire power distribution grids to their knees? Or infecting 1 in 3 handsets? Or spawning a $500 million / year industry devoted to broken-by-design antivirus snake oil?
Well, that's a relief! Guess we don't need to worry about it then.
Posted Feb 11, 2009 10:40 UTC (Wed)
by job (guest, #670)
[Link]
Posted Feb 7, 2009 19:41 UTC (Sat)
by jwb (guest, #15467)
[Link] (3 responses)
I think that's FUD. You hold up Apple as a positive example, and then you portray Android in a bad light because they don't follow the Apple example. But the fact is that the iPhone is the least secure mobile platform by a huge margin. Any iPhone application can do whatever the hell it wants, and "jailbreaking" is just a fancy word for exploitation of the platform's numerous gaping security holes. Their attempt to socially enforce security rules by bottlenecking application distribution is just a whitewash over their horrible security record.
By contrast both Android and BlackBerry have functioning technical security defenses. They should be applauded for having these security features, even if in Android's case those features are faulty and in need of fixing.
Posted Feb 7, 2009 20:08 UTC (Sat)
by jake (editor, #205)
[Link] (2 responses)
well, i am sorry you see it that way. i don't think Apple is a positive example, nor do i think was portraying Android in a particularly bad light. i was simply pointing out a vulnerability. but, evidently, i didn't do it clearly enough.
the last sentences of the paragraph you quoted are possibly of interest:
"Given the problems with Apple's inconsistent and anti-competitive decisions on iPhone applications, Google's openness has some benefits. But it also has some pitfalls."
but i still find it very difficult to see how the article is spreading "fear, uncertainty, and doubt". YMMV
jake
Posted Feb 8, 2009 23:42 UTC (Sun)
by mikov (guest, #33179)
[Link] (1 responses)
jwb does have a very valid point that the Android has a functioning security system, while the iPhone has none. Even though I already knew that, it didn't spring to my mind while I was reading, so perhaps it should have been mentioned. For better or worse Apple really has no choice but to carefully vet every single application.
Perhaps the best solution is a combination of both. Allow both verified and un-verified applications to be distributed and installed, and it is up to the user to choose to install an unverified one. The question is who is doing the vetting, how expensive it is and does it make economic sense?
Posted Feb 9, 2009 11:48 UTC (Mon)
by massimiliano (subscriber, #3048)
[Link]
The question is who is doing the vetting, how expensive it is and does it make economic sense?
Well, IMHO one key point is the freedom of doing the vetting, and the freedom of setting up a vetting system that is acceptable for the users.
With the Apple model this simply is not possible. The Android model, on the other hand, gives users a choice. We should not accomplish security by denying choice (the freedom to instal any application he wants) to the user!
What I'd really like is seeing a healthy ecosystem of Free Sofware (or Open Source, as you like) applications available for Android. That would allow the review process to be public and distributed, which is the real reason why I trust my Linux distribution more that how I would trust a closed OS.
And it would be nice to educate the users to this kind of sensibility to freedom... which at least with Android is possible.
My 2c,
Posted Feb 17, 2009 12:33 UTC (Tue)
by robbe (guest, #16131)
[Link]
They can, of course, pull any program at any time ... and they have your
So Apple perhaps has more leverage in the legal domain, but truly
Posted Apr 8, 2009 16:58 UTC (Wed)
by anomalizer (guest, #53112)
[Link]
Like browser extensions?
Like browser extensions?
heh - asking the user to approve security dialogs... sounds like Windows User Access Control's to me :-)
Android application security => UAC?
Android application security
Android application security
Android application security
Android application security
Android application security
Android application security
Android application security
You say:
Android application security
Unlike the iPhone App Store, Android applications are not vetted before being placed into the Android Market.
Android application security
> a bad light because they don't follow the Apple example.
Android application security
Android application security
Massimiliano
Android application security
annually. While it is true that Apple needs to approve applications I
cannot imagine any serious security review for this kind of money.
name and signature on a contract that probably allows them to easily hold
you liable for any kind of mischief.
malignant behaviour would be illegal anyway, and Google can probably tell
the cops in which cafe to pick you up during your lunch break.
Android application security