Since the advent of the Android operating system, the common wisdom has been that its open model encourages malware and, in general, its security is problematic.
Nothing really has changed in terms of that perception or the kernel – or more – of reality upon which it is based. An example is smartphone viruses that now are coming preinstalled in cheap phones. ZDNet reports that the Chinese Trojan DeathRing imitates a ringtone app but can download SMS and WAP onto the user’s device and collect personal information through phony text messages. The story says that Lookout identified 11 phones that are affected.
That is only one example. There are others, of course. For instance, ADTmag, in a report on Trend Micro’s quarterly security report, said that 75 percent of Android users were affected by the Fake ID vulnerability and browser flaws. This, the firm said, means that “a big challenge to developers” remains.
Google, of course, knows that dealing with this problem is a top agenda item and is taking steps. One example is at the enterprise level. Ironically, it is leveraging the strength of a company it helped dislodge from the top of the mobile game. Android’s needs are well matched to those of BlackBerry’s. Digital Trends says that BlackBerry, which still is renowned for its security, is helping Android security:
With that strategy now at the forefront of its operation, BlackBerry has done a deal with Samsung that will help to deliver an end-to-end secure Android mobility solution by integrating its new BlackBerry Enterprise Server 12 mobile management system with Samsung’s business-focused Knox platform, which lets smartphone users safely operate a single mobile device for both personal and work use.
Hopefully, such initiatives will accelerate. This story at LinkedIn is a rather frightening look at the sophistication of the underground world of malware. iBanking is malware that masquerades as antimalware software. Its goal is to steal SMS communications between banks and their customers that contain passwords used for two-factor authentication.
The scary part is the businesslike manner in which this is being done:
For $5,000 you can subscribe to the software which is supported by updates and tech support just like any good SaaS offering and the creators are also willing to structure OEM-style deals for a share of the profits. How’s that for bullish?
Security always has been one of the questionable elements about Android. Nothing has changed: It still is a problem, but the OS has embedded itself deeply into the mobile landscape. Hopefully, this war of attrition gradually will swing in the favor of those who follow the law.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.