Google's Android: Beware the malware?

New threats ahead, warns security researcher

New threats ahead, warns security researcher

Google's mobile operating system Android could spell the advent of new security threats, according to security experts.

Senior staff at security company Symantec warned that the open nature of the OS could see Android's users exposing themselves to malicious applications.

The OS could also expose users to new types of fraud, such as apps that fool the handset into texting premium rate numbers, Symantec threat researcher Candid Wuest said.

Google released the first version of the Android SDK earlier this year, allowing developers to write their own apps for the platform - apps which will be fully integrated with the OS itself.

Speaking to silicon.com at the Symantec Vision + ManageFusion EMEA 08 conference last week, Wuest said: "It is an open source approach and there are going to be some tough ones.

"If somebody can reach the whole OS then there is nothing stopping you from writing a new text message driver that every time you send a text message, it sends one to a premium high cost number."

Speaking at a recent roundtable discussion in London, Symantec COO Enrique Salem agreed that the open nature of the OS will present new vulnerabilities for users.

"Absolutely, any application development platform has to be secured in some fashion. You have to have the ability to scan and determine what is a trusted application," he said.

"People will decide what they want to use based on whether they trust the creator of the application - that's one of the risks.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

"At the end of the day it's hard for them to vet everybody who posts an app. That's where we have to come in to do some scanning."

He said Google should consider implementing a system where users have to confirm multiple times before installing apps or updates to make sure they are aware of what software they are loading onto their phones.

A Google spokesperson said users will have to take care about which apps they download to Android handsets: "As an open platform, Android allows users to load software from any developer onto a device.

"As with a home PC, the user must be aware of who is providing the software they are downloading and must decide whether they want to grant the application the capabilities it requests.

"This decision can be informed by the user's judgement of the software developer's trustworthiness, and where the software came from."