Android Trojans highlight basic problem with a non-curated Market

Jan 30, 2012
5
Android Trojans highlight basic problem with a non-curated Market

There's a whole lot of malware going down right now in the Android Marketplace, and aside from scaring the bajeesus out of new Android users everywhere, the situation has highlighted a basic mis-step on the part of both consumers and Google. What Google has fallen under fire for many more times than here and now is that their Android Market has next to no curation process for apps, this allowing the possibility for malicious apps to be dropped and run rampant as they are today. As far as consumers go, there's a fantastically large amount of people out there who have no idea what they're doing.

It's just as basic as that, when it comes down to it: if you've picked up a tablet for the first time, or a smartphone for the first time, and you want to grab some apps, you just head to the market and start downloading like a maniac. The step that exists between here and there that, unfortunately, is the only real level of security that exists for Android today is this: reviews by people like your humble narrator. And I don't do that many reviews of applications. Consumers must trust in well-known publications to tell them if applications are safe to use or not if they're on Android, giving them the links they need to find apps that don't cause havoc on their devices - but they don't, and therein lies the problem with Google's system.

Google has provided an awesome system in which developers do not need their permission to publish an application, allowing the open market to thrive and grow rampantly. The bad thing about this is that the warning that are embedded in every download, the gates that Google has actually put up to defend against malicious software, are not working. When a consumer downloads an app, there's a warning that comes up when they're about to install which tells them what the app is capable of. Have you seen it? Likely if you're an average citizen, you've pushed right past it and installed with fury.

There's a South Park episode about this situation, in a way, though it uses Apple and their iTunes user agreement as an example instead. The lesson they teach the character Stan in that episode is that you should always, always read the user agreement before agreeing to it. What the agreement amounts to though, instead of it being there for the consumer to know their rights, is a safeguard for the company that placed it - in this case, Google is not to blame as the text they've freely given consumers which says things like "Malicious applications can use this to erase or modify your Browser's data" has rid them of all legal blame.

NOTE also that this newest attack titled Android.Counterclank has been classified as several things: the first as a malware attack, but the most recent, listed by Lookout Mobile Security, as "an aggressive form of an ad network." Attaching to your device after it explicitly warned you that it was going to do so - fair deal!

[via Lookout]


Must Read Bits & Bytes