Skip Links

How Google and Android users can make secure mobile market

After the Google DroidDream debacle, some ideas for security changes

By Brad Reed, Network World
March 08, 2011 02:55 PM ET

Network World - Android has a lot going for it, but as the last week has shown its approach to selling and distributing applications is going to need some improvement. Ever since launching Android in 2007, Google has gone out of its way to making the mobile operating system the most accessible and app-friendly in the industry. 

One way it has tried to do this has been in taking an "anything goes" approach to screening applications for sale on its Android Market. Basically, Google itself doesn't screen any of the apps that go up on its store but rather relies on users to flag potentially malicious apps so they can be removed after they've already posted on the store.

ROUNDUP: 8 must-have Android security apps

While this has led to a wide array of different apps available on the market, it has also predictably created some serious security issues. The most high-profile problem came last week when Google removed around 50 applications from the Android Market that contained malicious code. With so many Android users exposed to risks, is it time for Google to change how it approves and monitors applications on its market? 

Scott Webster, the editor in chief for the popular Android Guys blog, says he'd like to see some upgrades to security on the market. "I would love to see them perhaps partner with a company like Lookout, AVG [or] McAfee and have a cleansing process," he says. "Perhaps a slight delay while the app gets approved and scrubbed ahead of hitting the market."

Webster also thinks that after a certain amount of time, Google could create a "white list" for certain developers who have shown to be reliable and whose apps have been entirely free of malware. Developers on this list would then be exempt from any waiting period to get their apps online and could go about their business just as they did before the DroidDream malware struck.

Aaron Gingrich, a writer at Android Police whose article on DroidDream was the first big piece to bring attention to the malware, thinks that it's time for Google to "come up with some sort of high-quality detection algorithm ... that looks for certain clues that an app may be malicious." While he says this will take some additional effort on Google's part, it's nothing compared to the effort put into cleaning up malicious applications after they've already been downloaded by thousands of users.

"Apps that show signs could ... be manually reviewed by somebody who knows what to look for," says Gingrich. "It sounds labor intensive, but when we found DroidDream, it took our developer about 10 minutes total to figure out what the virus was doing. And the better the detection, the less code will have to be reviewed by a person."

But even if Google implements these sorts of suggestions, users still won't be entirely protected from malicious apps. Khoi Nguyen, the group product manager with Symantec's Mobile Security Group, says that IT departments that have adopted Android-based smartphones or tablets should go out of their way to educate their users about the do's and don'ts of buying and installing applications on their mobile devices. The most important thing any users should do when downloading an application, he says, is to closely examine what permissions it is seeking.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News