Dec 17th, 2009

So far 2009 has proven to be a great year for Android but, according to Kaspersky, 2010 could be a more trying time. Not because of a lack of awesome devices. Not because the Android OS won’t move forward significantly. But because hackers will be targeting Android users with malware and viruses.

kaspersky-logo

From a Kaspersky Press Release issued yesterday:

An increase in attacks on iPhone and Android mobile platforms. 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

sick-robotOf course Kaspersky is in the business of protecting against malware and viruses so they actually stand to GAIN if this theory is true. Still… they’ve got a point that can’t be ignored.

You know that little check box that allows downloading from unknown sources? You know the little “permissions” that show what the application can do, enabling access to your address book, dialer, and potentially whatever else they want? What if a stupid little game/application was designed that went viral which, unknowingly to unsuspecting users, features some “permissions” that weren’t really needed. And what if those permissions were used for… less than holy purposes?

Google themselves give apps in Android Market a rather long leash and there is a possibility something could get through… but surely the developer would be easily found and punished accordingly. It’s the out-of-market apps that probably pose the biggest threat. Of course flaws in the OS itself could open up some holes for hackers to attack but this is a much harder route.

In any case, users should get in the habit of checking the source/developer of the applications they download and making sure they understand what permissions the application asks for… and if something looks fishy and permissions that aren’t needed are being requested, look into it.