Study into the Implications of Smartphone Operating System Security
Study into the Implications of Smartphone Operating System Security
Study into the Implications of Smartphone Operating System Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Study</strong> <strong>into</strong> <strong>the</strong> implications <strong>of</strong> <strong>Smartphone</strong> operating system security<br />
Google invoked this function in March 2011 when 58 MM-infected Apps were found on<br />
Android Market. It was claimed that around 260,000 Android devices had downloaded <strong>the</strong><br />
MM and Google invoked <strong>the</strong> Kill Switch in an attempt to remove it. In blog posting on its<br />
Google Mobile Blog, <strong>the</strong> company announced:<br />
“We are pushing an Android Market security update to all affected devices that undoes <strong>the</strong><br />
exploits to prevent <strong>the</strong> attacker(s) from accessing any more information from affected<br />
devices. If your device has been affected, you will receive an email from android-marketsupport@google.com<br />
over <strong>the</strong> next 72 hours. You will also receive a notification on your<br />
device that “Android Market <strong>Security</strong> Tool March 2011” has been installed. You may also<br />
receive notification(s) on your device that an Application has been removed. You are not<br />
required to take any action from <strong>the</strong>re; <strong>the</strong> update will automatically undo <strong>the</strong> exploit. Within<br />
24 hours <strong>of</strong> <strong>the</strong> exploit being undone, you will receive a second email.” 108<br />
Third-party Android App stores<br />
Third-party Android app stores operate around <strong>the</strong> world and in some regions, Russia,<br />
Taiwan and China in particular; <strong>the</strong>y are more popular than <strong>the</strong> <strong>of</strong>ficial Google Play app<br />
store.<br />
Third-party Android app stores are operated by a variety <strong>of</strong> organisation that includes mobile<br />
device manufacturers, MNOs and independent organisations including Amazon (both an<br />
ecommerce retailer and an Android handset manufacturer with its Kindle Fire).<br />
The Wireless Industry Partnership (WIP) has a list <strong>of</strong> third-party Android app stores that is an<br />
excellent reference point and highlights what a vibrant market this is.<br />
Popular Chinese-based Android app stores include:<br />
AppChina<br />
GoMarket<br />
For many un<strong>of</strong>ficial Android app stores <strong>the</strong>re is a lack <strong>of</strong> control mechanism and security<br />
checks. These include:<br />
Weak registration checks including non-existent identity checks<br />
No DRM<br />
No App signing<br />
Weak submission rules<br />
No MM detection<br />
No App revocation (including use <strong>of</strong> <strong>the</strong> “Kill Switch”)<br />
Allowing Fake and Repackaged Apps to be submitted<br />
No policy for illegitimate or illegal content<br />
Allowing hard-core adult content (<strong>the</strong>re are even specialist app stores for this)<br />
108 http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html<br />
Goode Intelligence © 2013 P a g e | 121 www.goodeintelligence.com
Change language