Google threatens to ban insecure apps on Android: News: Google to ban all Android apps

Google threatens apps that exploit excessive access rights; not security system that allowed them


Apple came under fire Wednesday after the New York Times reported a flaw in the iPhone's iOS security that allows any app given the right to access data on the phone was also able to read and send to remote servers the user's entire address book and photo collection.

Today the Times follows up with a story showing Google's Android has an even bigger security hole in its process for managing pictures: Any app that has permission to access the internet – most of them do, if only for updates or patches to their own code – also has permission to access and, if ordered to, send the user's photo collection to a remote server of its (or a hacker's) own choosing.

Android security software maker Lookout confirmed the results "on all devices we've tested," according to quotes in the NYT story from Lookout CTO Kevin Mahaffey.

A Google spokesperson told the NYT that Android's photo-storage rules were originally designed with the assumption users would store photos on removable SD cards. Android photo permissions are structured to make it easier for users to switch SD cards between phones and laptops or other devices without producing errors stemming from the conflict of Android and Windows security.

"As phones and tablets have evolved to rely more on built-in, nonremovable memory, we’re taking another look at this and considering adding a permission for apps to access images. We’ve always had policies in place to remove any apps on Android Market that improperly access your data," the Google spokesperson's email to the NYT read.

That's a relief, or would be if I weren't an Android user who occasionally downloads new apps from the Android Market. Removing "offending" apps that obey access rules laid down by Google in the first place makes complete sense.

Certainly it's a more elegant solution than rewriting Android's security structure to reverse its polarity – switching it from a firewall that's mostly holes to one that's mostly firewall.

Banning apps is also easier than reversing the widely publicized changed in Google's central privacy policy that makes it simpler to conglomerate user data from multiple Google services, including Android phones.

Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question