Paranoid About Android:Is Google's Platform Secure?

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Live Science Newsletter

Get the world’s most fascinating discoveries delivered straight to your inbox.

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Delivered Daily

Daily Newsletter

Sign up for the latest discoveries, groundbreaking research and fascinating breakthroughs that impact you and the wider world direct to your inbox.

Signup +

Once a week

Life's Little Mysteries

Feed your curiosity with an exclusive mystery every week, solved with science and delivered direct to your inbox before it's seen anywhere else.

Signup +

Once a week

How It Works

Sign up to our free science & technology newsletter for your weekly fix of fascinating articles, quick quizzes, amazing images, and more

Signup +

Delivered daily

Space.com Newsletter

Breaking space news, the latest updates on rocket launches, skywatching events and more!

Signup +

Once a month

Watch This Space

Sign up to our monthly entertainment newsletter to keep up with all our coverage of the latest sci-fi and space movies, tv shows, games and books.

Signup +

Once a week

Night Sky This Week

Discover this week's must-see night sky events, moon phases, and stunning astrophotos. Sign up for our skywatching newsletter and explore the universe with us!

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

As Google's Android smartphone software continues to gain market share, it's also gaining attention as a frequent target of malware and hacker attacks. But are recent attacks really an indication that Android phones are inherently more vulnerable than, say, Apple's iPhones?

Among the latest concerns was the discovery last month of the so-called Geinimi Trojan on Android phones, leading to Trend Micro's comments that the Android platform may be more vulnerable than Apple's iOS.

The critical difference between the two is that Android owners can download apps from nearly anywhere on the Internet, while iPhone owners may download only pre-approved apps (unless, of course, they "jailbreak" their phones). This is part of the charm of an open platform such as Android, but also a pitfall in that it allowed Geinimi infections.

Android's perceived vulnerabilities are all the more serious as it looks poised to become the dominant smartphone platform, much in the way Microsoft Windows became the dominant desktop platform and thus made itself a target for hackers.

In the space of three months from September through November 2010, Android's U.S. market share rose from 19.6 percent to 26 percent, surpassing Apple's smartphone numbers, according to the Reston, Va.-based online marketing research firm ComScore.

In the same period, Apple's market growth was nearly stagnant, rising from 24.2 percent to just 25 percent.

Nielsen reported a similar trend, with more than 40 percent of smartphone buyers choosing an Android model in November.

ComScore also noted that smartphone ownership had reached 61.5 million users in the U.S. by the end of November, with 67.1 percent of subscribers sending text messages, 35.3 percent using the phone's Web browser and 33.4 percent downloading apps.

Along with such market penetration has come the increased use of phones for mobile banking, storing personal information and even filing taxes, making security a paramount issue.

But app developers haven't kept up.

"Applications that aggregate financial information offer both tremendous power and tremendous risk if the information is not secured properly," said Andrew Hoog, chief investigative officer at the Chicago-based digital security firm viaForensics.

The company has tested scores of apps on the Android and iPhone platforms and discovered that programs such as Mint, a popular financial-management service, do not encrypt personal-identification-number (PIN) information, leaving bank accounts open to attack.

Furthermore, significant information about a consumer's purchasing habits and financial accounts (including full account numbers) can be harvested from the transaction details left unencrypted on phones.

Indeed, this is precisely the kind of information Trojans like Geinimi were designed to harvest.

Other applications that leave users vulnerable, according viaForsensics' research, include Groupon for Android, as well as the eBay, BestBuy and TD Ameritrade apps, which do not encrypt all application information on either the Android or iPhone platforms. (A complete list of insecure apps is available at http://viaforensics.com/appwatchdog/.)

"So I don't believe Android is more vulnerable than iOS; we have uncovered significant vulnerabilities in both platforms," Hoog said.

He believes that eventually Android may become more secure as developers uncover security gaps and make them public in order to fix them.

In the meantime, Research In Motion's (RIM) BlackBerry platform remains the most secure, with its dedicated data centers and strong encryption polices.

Unfortunately for security purposes, RIM has been steadily losing market share to Apple and Google.

Hoog worries that in the great app rush to get programs to market, there's been insufficient testing, which can lead to serious security lapses.

"Over the next 18 months," he said, "expect to see an increase in malware directly targeting smartphones (many proof of concepts already exist), which will likely lead to a large and publicly disclosed theft of smartphone data."