Another Report Dubs Android an Insecure Platform
Google's Android mobile operating system is one of the biggest successes in open source over the last couple of years, but many people forget how young it is. As recently as March of 2009, there were many reasons to wonder whether Android would see any limited success at all. Also, although the mobile OS is grabbing up market share now, remember that it only took shape at the very end of 2008--young by anyone's metrics. Now, with Android competing neck-and-neck with Apple's iOS in the smartphone market, the next big hurdle for Android is to conquer the business smartphone market. To do so, though, Android must be perceived to be a secure platform, and one researcher's current report firmly implies that it isn't.
According to Dasient CTO Neil Daswani, his company has analyzed 10,000 applications from Android Market, and found that eight percent of them are leaking private information. Daswani also reports that the number of malware incidences on Android has doubled in the last year. According to Dark Reading:
"In the study, Dasient analyzed the live behavior of Android apps to determine their security posture. Of the 10,000 applications evaluated, more than 800 were found to be leaking personal data, Daswani says."
Dasient will be presenting related data in a talk at the upcoming Black Hat conference in Las Vegas. Daswani's report joins many recent reports of Android-based malware in painting a picture of Android as a platform that IT administrators cannot necessarily depend on to be secure. Many organizations already refuse to support or develop for Android due to security concerns.
Moreover, the charges about Android leaking personal data are directly in line with free software advocate Richard Stallman's contention that smartphones compromise personal security. Stallman doesn't carry a smartphone.
The onus is actually on Google to change perceptions about Android as an insecure platform, because the hardware manufacturers who support it don't form a unified body, and can't destroy the perception from their disparate mounts. Studying the apps in Android market from a security perspective would be a start.