Google threatens to ban insecure apps on Android: News: Google to ban all Android apps

Google threatens apps that exploit excessive access rights; not security system that allowed them

Apple came under fire Wednesday after the New York Times reported a flaw in the iPhone's iOS security that allows any app given the right to access data on the phone was also able to read and send to remote servers the user's entire address book and photo collection.

Today the Times follows up with a story showing Google's Android has an even bigger security hole in its process for managing pictures: Any app that has permission to access the internet – most of them do, if only for updates or patches to their own code – also has permission to access and, if ordered to, send the user's photo collection to a remote server of its (or a hacker's) own choosing.

Android security software maker Lookout confirmed the results "on all devices we've tested," according to quotes in the NYT story from Lookout CTO Kevin Mahaffey.

A Google spokesperson told the NYT that Android's photo-storage rules were originally designed with the assumption users would store photos on removable SD cards. Android photo permissions are structured to make it easier for users to switch SD cards between phones and laptops or other devices without producing errors stemming from the conflict of Android and Windows security.

"As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data," the Google spokesperson's email to the NYT read.

That's a relief, or would be if I weren't an Android user who occasionally downloads new apps from the Android Market. Removing "offending" apps that obey access rules laid down by Google in the first place makes complete sense.

Certainly it's a more elegant solution than rewriting Android's security structure to reverse its polarity – switching it from a firewall that's mostly holes to one that's mostly firewall.

Banning apps is also easier than reversing the widely publicized changed in Google's central privacy policy that makes it simpler to conglomerate user data from multiple Google services, including Android phones.

Those changes might let Google redirect its energy toward repairing the platform on which all those apps work, rather than yelling at apps that fall through the giant holes for not being cautious enough about where they step. However, it would also acknowledge that Android's security isn't terribly good in the first place, and possibly mar Android's reputation for being only slightly less secure than the almost nonexistend security and privacy protections in Apple's iOS.

Pass the blame for bad security from OS to the app

The thing about Google's current response that makes me worry is that it might be telling the truth about culling the Android Market, leaving users in the lurch.

See, all the apps on the Android Market get access permissions from Android's built-in security, which is so flawed it can't stop applications from improperly accessing data even when they don't intend to.

So, if Google gets rid of all the apps Android would allow to access data improperly, it will be getting rid of all the apps.

Or maybe, rather than rushing out one new, updated version of the Android OS after another to keep pace with tablets and HTML5 and all the other new features that seem absolutely critical to anyone selling an operating system for smartphones (though not the users), Google could go back and do a rev or two on a security infrastructure more holey than security even in the justly derided iOS.

If Microsoft reversed its reputation for sloppiness and reluctance to repair security flaws starting in 2002with a memo from Bill Gates telling employees that's what the company needed to do, couldn't Google do the same?

If someone complains they got all wet because you sold them a sieve and called it a bucket, wouldn't it be better to replace the sieve with a bucket rather than blaming the customer for trying to hold liquid in something so holey or blame the water for refusing to pretend it was confined in a bucket.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon