Android malware: How open is too open?

Poor governance could allow malware to run amok in smartphone app stores, eroding customer confidence

As competition heats up, smartphone vendors are scrambling to woo developers to their respective OS platforms. But some developers are more desirable than others. The discovery of suspected malware in the Android Market online app store is evidence that mobile platforms are becoming as attractive to criminals as they are to legitimate software vendors.

More than 50 Android apps have been flagged as potential hazards since December, all of them published by a developer identified only as "09Droid." The apps were advertised as online banking tools, each targeted at a specific financial institution. Their true purpose, security researchers now believe, was phishing and identity theft.

[ Stay up on tech news and reviews from your smartphone at | Get the best iPhone apps for pros with our business iPhone apps finder. | See which smartphone is right for you in our mobile "deathmatch" calculator. ]

Google has since removed the 09Droid apps from the Android Market, but the fact that they were listed in the first place raises serious questions about the safety of the app-store software delivery model, as practiced by Google and other vendors. If mobile infrastructure providers don't act quickly to restore customer confidence, this incident could cast a lasting pall over the mobile apps market, even as it's just getting started.

Apple: Hero or tyrant?
While all smartphone vendors offer online markets for third-party software, their approaches to security vary. Apple's App Store was the first such market and it remains the largest, with more than 100,000 apps available for download and 3 billion apps sold since the store opened in 2008. It also has the tightest security model. Software is carefully vetted by Apple examiners before being approved for sale on the App Store, and the process is no mere rubber stamp. Indeed, the company's intransigence on some issues has inspired much puzzlement and lively online debate.

That's not to say there have been no malware incidents on the iPhone platform. One early example changed iPhone users' wallpaper to a photo of '80s singer Rick Astley. Since then, security experts have discovered at least one case of malware in the wild that can steal contacts, e-mail, and other data from iPhone handsets. But these exploits only work on "jailbroken" iPhones, so called because they have been intentionally hacked to accept apps from sources other than the App Store. Because of the obvious security risk, jailbreaking an iPhone voids its warranty.

But Apple's model is not without its critics. As the number of developers submitting software to the App Store has increased, the approval process has slowed, leading some developers to accuse Apple of undermining their time-to-market advantage. And some iPhone owners insist they have no choice but to jailbreak their phones, claiming Apple blocks legitimate apps from the App Store for arbitrary, specious, or obscure reasons.

1 2 Page 1
Page 1 of 2