Wednesday, September 21, 2011

android, stating the obvious


an android in the work place, originally uploaded by bR!@n.


The Android platform is quickly becoming the “Windows OS” for mobile in the sense that it is topping the list of targets for mobile malware (much like Windows is for the desktop/server world). Why are malware writers so keen to targeting this OS compared to other platforms? What can users and developers do to improve the situation?

It’s a popularity contest.

Much like in Windows, this principle has been regarded as the main driving force that malware writers are supposed to be following when selecting their target platform. The more users an OS has, the higher probability they have of a successful infection. Though there have been live attempts at multi-OS malware, history has proven (as of the moment) that the idea is too complex to be in practical use. The large population of Android users is just what the attackers are looking for; more infected devices means more profit.

Many can argue that iOS has more users, but popularity is not the only variable in the formula.

The loose Market.

The official Android Market is loosely monitored compared to its iOS counterpart. The Apple AppStore has been known to give developers a rigorous acceptance process before allowing their apps to be posted online. The Android Marketplace, shall we say, is more forgiving. Third party sites are also found everywhere in the internet giving the malware writers more places to offer their malicious apps.

Factor in to this the fact that Google has made the Android SDK open to the public. This gives any one patient enough to learn, the ability to scrutinize the platform’s inner workings and in the process identify vulnerabilities just waiting to be exploited.

The Android Market is relying heavily on end users to do their own filtering. Users are expected to read their application permissions before installing apps from the market, but to non-techie folks this is just one extra button to press “ok”. Google can do a better job of filtering these apps themselves or if this is just too much for them, at least switch those texts with simple icons informing users of the common permissions being used by the app (because pictures are just prettier to look at than letters ;p).

Rooting is acceptable.

Rooting your device has its good and bad points. A rooted device is capable of far more functions but this also compromises the OS’s security check points that protects it from malicious attacks. Apps are given higher priviledges and are allowed to do more critical tasks making it more vulnerable.

Rooting your device is now very much accepted compared to the earlier days of jailbreaking an iPhone. In fact, in most cases, it has become a necessity. The wide variety of android devices and its fast paced development has made rooting a viable option rather than purchasing a new divice just to get the latest Android release. Custom firmware that allows old devices to run updated Android versions can be seen everywhere.

...

Given the rise of mobile malware (the Android platform getting the bigger bite of the pie chart), users are advised to exercise precaution. Almost all entry vectors of these infections are user installed or are allowed by users. Mobile malware (at least for the time being) are relying heavily on social engineering to trick users into getting infected. At this point, prevention is still within the end user's powers and being critical about what gets into your device is key to ensuring that you will have less chance of getting infected.

You can get more information on Android-based threats here: http://blog.trendmicro.com/a-snapshot-of-android-threats-infographic/

No comments:

Post a Comment