A major software attack on mobile phones has put pressure on Google Inc. to do more to secure its online store for smartphone applications.
The company behind the now ubiquitous Android operating system came under fire after computer-security experts last week uncovered more than 50 malicious applications that were uploaded to and distributed from Google’s Android Market.
Some security experts said the incident shows Google, which doesn’t inspect Android apps before they are published, needs to do more to try to ensure the apps are safe before they are offered to smartphone users.
Google largely relies on users to rate apps and raise the alarm about any problems with them. It also requires consumers to give their consent for an app to access their personal data. But that approach isn’t enough, according to Chris Wysopal, chief technology officer of computer-security firm Veracode. “App stores need to get serious about vetting code before it is available for customer download,” Mr. Wysopal wrote on his blog.
Google has said 58 malicious apps were uploaded to Android Market and then downloaded to around 260,000 devices before Google removed the affected apps last Tuesday evening. It isn’t clear how many users activated the applications, a Google spokesman said.
Unlike Apple Inc. or BlackBerry maker Research In Motion Ltd., Google doesn’t have employees dedicated to approving apps submitted to its store. Google said it removes apps that violate its policies, and has some internal measures to identify offenders.
While that may leave Google’s Android Market more vulnerable in some respects, security experts say all mobile operating systems are open to similar kinds of attacks. In the past, Apple has also pulled apps from its App Store after they were discovered to send information about users and their phones to outside parties without the users’ knowledge or consent.
Follow this link to read more: https://tinyurl.com/48m99wx
