Absolutely John

View Original

An approved Android app that steals all my data? Gee thanks, Google!

In the rush for primacy in the sheer magnitude of number of approved apps in the Android app store comes this gem: Google’s much-publicized automated Bouncer approved apps willy-nilly.

In news that should give anyone pause, two members of SpiderLabs, a Trustwave company, created an app designed to test the efficacy of Google’s Bouncer system.

The results were quite telling.

Why?

Their app showed that not only was the Bouncer not as smart as proclaimed, but there were vulnerabilities inherent in the Android OS that need to be addressed.

From the article:

Google's automated "Bouncer" for apps, which should prevent harmful mobile software from appearing in the company's app store, appears to have serious blind spots. The system repeatedly scanned but let pass an app that stealthily steals personal data such as photos and contacts, reported two researchers from computer security company Trustwave at the Black Hat security conference in Las Vegas yesterday.

Nicolas Percoco and Sean Schulte are members of Trustwave's "ethical hacking" research group, known as SpiderLabs, and they created the app to probe Google's ability to vet the software uploaded to its app store. The pair said the results shows that Google needs to improve both its app-scanning system and its Android operating system.

A full read of the article, Google approves an app that steals all your data should make anyone vested in that OS take Google’s words about security with a whole tablespoon of sea salt!

Caveat emptor, they say…

lw - 300px - NO VERBIAGE - EDITED 05-24-2012-