Jump to content


Photo

The Dark Side of the New Android Market


  • Please log in to reply
1 reply to this topic

#1 Terryala

Terryala

    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 05 February 2011 - 06:55 PM

The Dark Side of the New Android Market

QUOTE
By Denis Maslennikov

A new version of the Android Market has just been launched, making it possible for every device owner to look for applications, buy or even remotely install apps to an Android device directly from the browser on a desktop computer. Wait, remotely install? Have we misheard something?

No, it?s an official feature of the brand new market. If you use an Android device, it means that you have a GMail account associated with your device, and now you can remotely install any application from the Android store. You just need to:

log in to the market with your GMail account associated with your smartphone;

[attachment=14213:1.png]

choose any application you would like to install;
click to the ?Install? link;

carefully read all the permissions required by the application;

[attachment=14214:2.png]

click on the ?Install? link again.

If your smartphone is connected to the Internet, you will immediately notice that on the device?s screen an install is already taking place. Why is this problem? When installing apps via the market on your phone, you must agree to all the permissions being requested before the app will actually install on your phone. With this new incarnation of the Android Market, those permission are only displayed on the app page within the web interface of the Android Market. After agreeing to these permissions the app is installed without any notifications on your mobile device.

So what? Isn?t that convenient? Yes, for you and for anyone who may gain unauthorized access to your Gmail account. This would allow the attacker the ability to purchase and install any app available within the Android Market.

Apps within the Android Market feature a lot of options, many of which could be used maliciously by an unauthorized third party.

This is just one more reason to create strong passwords, and be ever vigilant about access to your accounts and devices.

We have reached out to Google to discuss this security risk.

We can?t seem to find a way to disable these remote installs from the browser. At the minimum, it?s important that Android users have the ability to turn off this feature.


http://threatpost.co...d-market-020411

#2 Terryala

Terryala

    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 05 February 2011 - 06:58 PM

New Android Market web store could open backdoor for phone hackers

QUOTE
by Vanja Svajcer on February 4, 2011

Filed Under: Featured, Malware, Mobile, SophosLabs

If you follow the Google Android operating system scene, you will probably have heard about the new, web-based Android Market store which was launched a few days ago.

The Android Market website allows the user to browse, search and install Android apps using an alternative to the standard device Android Market app that comes on smartphones.

The user is simply required to sign in with their standard Google credentials and the application will retrieve the details of Android devices registered in your name as well as the details of all the Market applications you have already installed.

Once the user signs in to Android Market the application install is available at the click of a button.


Screen Shots & Information Here

http://nakedsecurity...-phone-hackers/