Thursday, March 3, 2011

Google yanks apps that could take over your phone

Following a malware outbreak on the Android Marketplace, EA Principal Consultant David Campbell is interviewed on American Public Media radio.

Abstract of the interview follows:


 A malicious app can take several forms. Some of them will be apps for seemingly innocuous things, stuff like wallpaper, but then they'll find attempt to manipulate the user into giving a variety of permissions that give the app (and the app developer) more and more control of the device.

Then there are the apps that get installed and manage to "root" the device, essentially giving total control over it to someone on the outside. In that scenario, everything you do, from texting to online banking to phone calls to emails, can be monitored and recorded by someone else. That person can also send out messages, install new apps, do whatever they want.

We talk to Kevin Mahaffey of the security firm Lookout about how these bad guys are able to get into your phone.

We also talk with David Campbell of the security company Electric Alchemy. He points out the differences between Apple and Google in the way that apps are vetted for iPhone and Android. David says Apple inspects apps ahead of time and for the moment they seem to be the best platform for users concerned about security. But over the long term, he favors Android because the apps are easier to inspect and peer review will become stronger.