Spy tool highlights Android app store security issues

It's hard to see how to avoid this without Apple's draconian review process. The principle of caveat emptor has always applied to PC software, so why is this unexpected with Android software? Unless someone dreams up a fantastically clever app-verification tool (probably impossible, certainly cutting-edge), there are going to be a lot more stories like this one.

By c6ten on 17 Aug 2010

User Responsibility

Isn't it about time that users were expected to look after themselves?

When you install an app it tells you what systems it will access. If a snake clone wants to access the GPS system then you should be suspicious.

One of the reasons I abandoned the iPhone for an Android was to get away from some big brother company telling me what I can and can't install on my property.

I would rather run the gauntlet of these sort of apps than go back to that.

Google have got the right idea and should continue to mind their own business.

By omnisvalidus on 17 Aug 2010

"a third party with access to a handset could download"

Odd, I thought there is an app for the iPhone that does much the same thing - of course it has to be activated by the user - but as the comments from F-secure says "a third party with access to a handset could download..."

If a third party has access, then app store style checking will not stop it

By greemble on 17 Aug 2010

repositories

why can't you have app store repositories (stores) as you do in Ubuntu then if you only add the repositories(Stores) that are maintained by google and your hand set supplier then you should be fine, if you want to add the repository(store) from SUPERPORNWEBFIEND then that's your look out.

(btw sorry if this has no relevance as am still living in S60 land)

By SimonCorlett on 17 Aug 2010

Four in three weeks. Not bad.

Four trojans in three weeks in Android Apps. That's not bad development. Don't imagine Android users have that much sensitive data on their phones anyways. But these people probably are the same muppets who complain about phishing and trojan attacks on their laptops and PCs and then you find out they didn't believe in paying for an antivirus subscription.

Could you imagine how battery draining it's going to be to have to run your phone with an antivirus App running permanently in the background, just because Google can't be bothered managing or taking responsibility for the implementation of their OS?

The poster above is correct. It's the user's responsibility to select the OS and Apps suitable for them. If they get attacked they only have themselves to blame.

By mbassoc on 18 Aug 2010

@mbassoc - your post contradicts itself. First of all, it's the user's fault for being the 'sort who don't have an AV sub'; then it's Google's fault for not policing Android; then it's the user's fault again for not selecting the right apps and OS.

By sexyjw on 19 Aug 2010

Android users savier in the main

That said some guidance and higher process visibility on the kind of things the store has in place to protect users like what 'really' happens when you do press the "panic" button at the bottom of each screen, is welcome.
The ecosystem can police it-self, so long as the Executors and Judges are someone they know and trust.
HTC Desire

By zaphodikus on 19 Aug 2010

Just like Windows?

I download an application on my Windows PC and find it's not what I thought it was...

How's that different to Android?

I'm sure Symantec will release "Norton SpyBot" or some such similar application.

Of course the problem is - would you trust Android Market to download it?!
;o)

Of course, the other thing is - who wrote the spy app - or put it onto Market? Was it an Apple employee...?

By Sercul on 19 Aug 2010