It looks like hackers are taking advantage of Android's open source platform. I spoke a few weeks ago about the astonishing increase in exploits Android has seen over the past year. At the end of January, there were articles that talked about an exploit through a USB connection and a drive-by exploit. Today, I saw a blog post that suggested the new Android Market Web store could actually be opening up another door for hackers.
The Naked Security post said that the on-line store provided all the necessary information to allow users to make an informed and secure decision about downloading the app. But, said writer Vanja Svajcer:
... the next step in the installation is where a big red security flag is raised. Once the user clicks on the install button on the website, the mobile device will automatically start downloading the application in the background.
This probably happens using the INSTALL_ASSET intent discovered last year by Jon Oberheide when Google used the Android's GTalkService mechanism to remotely remove a test Trojan application created by the researcher.
The bottom line, according to the blog, is if someone has your Google password, they may have the ability to trick your phone into downloading software.
The blog recommended making Google passwords tough to crack, which is a good idea. What I'd like to see is Google take a tougher stand on security for its Android OS. With Android tablets on their way, the easy-to-hack platform is going to become even more problematic.