What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

New Security Vulnerability in Android Market, Caught and Squashed by Google

dgstorm

Editor in Chief
Staff member
Premium Member
starshiptroopers.jpg

Last week, we shared with you a story from AndroidPolice regarding a piece of nasty malware that could fairly easily infect your smartphone. Since then, Google has responded quickly and eliminated the DroidDream Malware. They also removed several other apps from the market-place that were potentially damaging.

Just yesterday, AndroidPolice reported a new security problem. There was a quickly squashed security hole found in the new implementation of the Android Market. Jon Oberheide, Co-founder and chief technology officer at Duo Security, found the security flaw last month and reported it to Google. They worked diligently to 'plug the hole' and applied the fix about a week ago.

The frightening thing about this vulnerability was how easily it could be exploited. The article had this to say,
Users would have merely had to click on a malicious link on either their phones or on their desktops to activate the unwanted installation of rogue software. Oberheide said he was surprised nobody had discovered the flaw before (which he called "low hanging fruit").
These new vulnerabilities and malware infections are a disturbing trend, and starkly visualize the "double-edged sword" that is the openness of the Android OS. In the long run each of these issues were taken care of quickly, and the openness of Android is a greater boon than a bane. However, we, as users, also need to be more diligent about our own security as well, and do everything we can to support developers of security software.

We can't completely stop unscrupulous people from taking advantage of others with malicious software, but we also can't hide in fear of what may happen. I'm even more appreciative of Xeudoxus' work now, and am looking forward to purchasing his Privacy Blocker app for my Android smartphone. These guys are our "Starship Troopers", fighting the bugs on the front-lines for the rest of us. I just wanted to shout out a huge thanks to them!

Source: AndroidPolice
 
Google is turning into Microsoft with this security vulnerabilities every week hahaa...

Not really. Software is only as good as the programmer. The hole was found and promptly fixed. Google took steps to remove the malware and did so. How about all the Apple issues that go unfixed until the next firmware update, and even not in the update at times. Franly, as a former iPHone user, i know of MANY more security issues with the iPhone than Android. Not to mention, Android is modified by phoen manufacturers and can make those holes themselves. A security hole from Apple is done by Apple.
 
Google is turning into Microsoft with this security vulnerabilities every week hahaa...

Not really. Software is only as good as the programmer. The hole was found and promptly fixed. Google took steps to remove the malware and did so. How about all the Apple issues that go unfixed until the next firmware update, and even not in the update at times. Franly, as a former iPHone user, i know of MANY more security issues with the iPhone than Android. Not to mention, Android is modified by phoen manufacturers and can make those holes themselves. A security hole from Apple is done by Apple.

Did you read the OP? It was a security hole in the Market, not some third party app. So the programmers that you mentioned are Google programmers and not some malicious hacker out there. So this security hole was done by Google and not anyone else. They can do wrong, believe me. Accepting that they are not infallible is the first step to recovery.

Secondly, who cares about Apple? Why does Apple have to be even brought into this conversation? No one mentioned Apple, and as much as everyone here doesn't want to admit it, the constant mention of Apple only further proves that they are the company to beat. If Apple has security issues, that's their problems. I'm talking about Google and was comparing it to Microsoft. Nothing to do with Apple.

This was a case of poor programming on Google's part, hence the reference to Windows. I remember when I used to use windows and everyday I'd get the "This fixes a vulnerability where a user can take control of your computer..." blah blah crap. It was a joke, I wasn't saying Google is the new Microsoft. Lighten up.
 
There are far more people trying to kills and fill the security holes than malicious people trying to exploit them.
Open is better in this regard.
 
Back
Top