UPDATED 14:39 EST / MARCH 10 2011

Android Takes Another Security Blow, Must Deal With 3rd Party Markets

Android Market Security Tool, the security update Google pushed out at the beginning of this month to repair the damage done by Android.Rootcager, has been compromised, and a fake version is making its way through third party marketplaces for Chinese users in particular. Google is still undergoing analysis of the application and Symantec notes that most alarming is that the ‘threat’s code seems to be based on a project hosted on Google Code and licensed under the Apache License found here.

This is not the type of attention Google has been trying to draw, but it seems that hackers are bestirred by the growing popularity of the Android operating system. Android.Rootcager’s counterpart, DroidDream, was detected in over 50 apps from the Android Market as it was stealing information such as the phone’s International Mobile Equipment Identity (IMEI) number and the SIM card’s International Mobile Subscriber Identity (IMSI) number, and sent it to a server located in Fremont, California.

As there is a demand from customers for better access and apps, there is an offer also, coming from third party marketplaces. Third party marketplaces indeed fill in gaps where Google has not yet established an Android marketplace, but at the same time they are not regulated by Google, which in turn increases the chances of getting malware and often pirated content.  “In some cases its legit, but other cases it’s a vector for malware and spyware,” Lookout CTO Kevin Mahaffey says.  “It’s something we want to bring to the attention of users.”

Considering the increasing number of malware attacks, data breach costs are rising as well. A report from security provider Symantec reveals that data breaches can cost companies on average $7.2 million per year and an average of $214 per compromised record. The main vulnerabilities of companies revolve around negligence, namely lack of training and awareness within organizations covering up 41% of all data breaches.

In order to keep its status as a company that highly values security of the OS and prevent security breaches, Apple is now requiring password entry for every in-app purchase starting with the last update to its iOS software 4.3. Apple is thus addressing complaints coming from parents raged and amazed by their children’s acquisitions of virtual goods leading to alarming bills. During the 15 minutes of the process of purchase, having no re-entering purchase password, a user, i.e. a child, could make as many purchases as possible.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU