RSS Feed
12.52
mobileinfo
In spite of revelations, more malicious apps had appeared on its Google Android market, sticking to its original developer agreement framework, which does not involve safety study apps before they are published. Analyst invited to give a better app download authentication system to reduce risks, its open app ecosystem, but.
Previously, it was reported that Google had pulled 58 malicious apps out of its Android market, but not before it was retrieved by around 260,000 units. The company said it was remote killed apps in all of these units, and, although harmful, only device-specific information such as a phone IMEI number was compromised. No personal data or account information was leaked. Apps targeted known vulnerabilities existing in units installed with Android 2.2.1 or earlier, the report noted.
Despite the attack, Google told ZDNet Asia via email, it had no plans to pre-screen apps before you publish it on the Android market and abide by its original developer distribution agreement guidelines. It also said defective security patch, which caused the malicious apps event, had been fixed in versions 2.2.2 corporate profits tax.
Myla Pilao, Director of core technology marketing at Trend Micro, said that the incident at the end of the day was "not so serious".
"With an open ecosystem Android offers a less restrictive platform that has the potential to publish innovative apps to market faster. Apply restrictions in the app release would defeat the open ecosystem Android trying to achieve. Each system has its benefits and risks, "she commented in an e-mail message.
That said, the recent wave of Android Trojan horse means cybercriminals now recognise the potential of Android phones as objective, Pilao added.
Some of these Trojan horses include ANDROIDOS_ DROIDSMS.(A), which was disguised as a Windows Media Player, and is used to send text messages to premium mobile numbers, while the pressure tubing was programmed to send a user-GPS location to a remote controller. This allows the controller to monitor the infected user device residence.
Permission-based approval process
Deal with these risks, Canalys main analyst Daryl Chiam suggested that Google could strengthen its authentication process, depending on the apps ' need for user datådgang.
"Apps, which requires only basic access as the location can be approved quickly. For those who need access to user data and address of the phone book, from the control before making them available on the market, "he suggested in an interview from the phone.
Pilao, considered, however the current explicit "permission" system that displays information for the app will need to have access to before users download an app, Android allows to fulfil its responsibility towards the users.
"This way, users will not only have an idea of what the app does, but they can also have an idea of what it should not do. The user can then decide based on permissions to install the app or not, "she noted.
Users, developers, responsible for
Google is based not on its laurels, invites developers to be responsible merchants to their customers. It said: "on all computing devices users necessarily confer at least some of their information to the developer of the program they use. Android has taken steps to inform users of this trust relationship, and limit the amount of confidence in a user must authorize any given application developer. "
Google stressed that developers must comply with their developer distribution agreement for the transfer of an application for Android market.
"If users believe that an application is harmful or inappropriate, you can flag it, give it a low rating, leave a detailed comment and, of course, remove it from their device. Applications shall be deemed to be in violation of our policies has been removed from the market. Abuse developers can also be blocked from using Android market for repeated or extreme violations of our policies, "the spokesman commented.
These efforts, said Chiam that Google can do more for the user awareness. But phone owners also have to take the initiative to learn more about an app before downloading, he added.
He and Pilao stressed to read "as much information as possible" about a particular program before it is recommended to install it, and users should take note of the application permissions to control the use of which will have access to only the information required to perform its tasks.
"If it is a chess game, you play against the computer, there is no reason to obtain access to your address book. Also, it is a weather app, then the location can be anything, it requires "Canalys analyst said.
"Download the applications from the official Google Android market can only be safely help filter out potentially malicious programs. Have a mobile security suite installed to help protect users against threats, which can be received through various vectors, "added Pilao.
0 komentar:
Posting Komentar