Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Don’t click it: The app button at bottom left—which arrived with a free game from a Chinese Android marketplace— steals data if clicked. Roughly translated, the Chinese characters mean “system setting shortcut.”

Google and Lookout’s moves are a reaction to the relatively recent trend of malware writers intensively focusing on the official Android Market, and not just third-party app-dealing sites. “Since the vast majority of users rely on the official Android Market, it’s understandable that there’s increased focus there. At the same time, there are all kinds of other places where users can potentially acquire malware,” says Halliday.

Meanwhile, new research is finding that Android phones themselves are often vulnerable out of the box. At the Network and Distributed System Security Symposium in San Diego this week, one research paper painted a bleak picture, reporting that many major brands come with factory settings that amount to a preweakened immune system, with various settings fixed to allow apps to access personal data, such as GPS position or stored contacts.

Xuxian Jiang, a computer scientist at North Carolina State University, said that his group studied eight mass-market phones—the HTC Legend, Evo 4G and Wildfire S, the Motorola Droid and Droid X, the Samsung Epic 4G, and the Google Nexus One and Nexus 4S.  All but the two Google phones came out of the box with permissions pregranted for apps to access data that isn’t needed for those apps to function, undercutting a pillar of Android’s permission-based security model. The researchers say they have notified the phone makers about the findings.     

 “There is a trend where malware is going to grow, and is going to evolve,” Jiang says. “Google’s Bouncer will be helpful to move in the right direction, but more work needs to be done to contain the malware growth.” And part of that should include making phones more conservative in what they allow apps to do by default, he adds. The effort also requires more and better screening tools; his group is working on one tool called Droid Ranger.

Permissive factory settings on phones are no accident, says Radu Sion, a computer scientist and security researcher at Stony Brook University. The hotly competitive commercial landscape rewards makers of devices that are easiest for average consumers to use. “The usability of devices becomes more and more important. Most vendors will err on the side of usability—then they will sell more.”

But creating an easy plug-and-play experience means not making the user individually authorize various data releases—which makes the devices more vulnerable to malware.  

So far, the malware problem has been an annoyance rather than a major threat, but the pieces are in place for the situation to grow worse quickly, Sion says: “Android is not going to be safe anytime soon until we have some high-profile attacks. Right now, the malware is not a huge problem. Guys in Ukraine have not zoomed in on Android yet, but it’s very easy to come in there. It’s going to become a big problem.”

1 comment. Share your thoughts »

Credit: Xuxian Jiang

Tagged: Computing, Communications, security, smart phones, Android devices, Android Market

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me