Android developers have another challenge on their hands. Privateer Labs has reported that a certain component in the Android operating system can be exploited by malware to subvert antivirus software that renders antivirus scans on your Android device ineffective. Malware can even damage antivirus software and use it as a malicious application. Reiley Hassell, founder of the security firm Privateer Labs, declined to identify the component of the Android operating system that is vulnerable, as he is addressing it with Google.
While Android mobile apps have grown tremendously in scope and depth, they have also attracted a fair amount of threats. Android surpassed Symbian as the most malware-targeted mobile operating system in the second quarter, McAfee reported. Riley noted that the recent security vulnerability is “definitely an Android issue.” The market does not pre-check the Android development market software and users end up with malicious apps posing as the real thing.
“Application phishing” is another strategy by cybercriminals in which users are tricked into downloading and installing an application that looks genuine, but actually contains a Trojan horse, which alerts the developer when the user activates the application. In the case of a banking app, the developer can hijack the session by presenting a fake authentication screen that steals the login details, resulting in the loss of personal and financial data. The Zitmo Trojan malware, also known as ZeuS, acts as a legitimate bank activation application, accepting incoming SMS messages and forwarding them to a remote web server. Zitmo-like apps can steal the unique passcodes that banks send to users via SMS for two-factor authentication purposes.
Riley opined that this is a “difficult problem to solve” and added that this should be solved by the Android development community as a whole. Determining who should keep an eye on the sanctity of Android apps is a challenge in itself. Chris Wysopal of Veracode, an application security provider, has asked that Android mobile applications be scanned for malware before they appear on the market. A signature-based scan can be applied for malware. This year, Google has already revoked malicious apps from the market twice, once in March, when it removed more than 50 malicious apps, and again in June, it removed two dozen. This high wear and tear can slow down the growth of Android mobile applications.
Unlike the closed development ecosystem of the Apple operating system, Google has followed an open architecture model, where anyone can develop an Android application and put it on the market. Android development, both local and offshore, has taken off in a big way, resulting in a multitude of applications that are half-baked and incomplete. Some Android users download apps from unauthorized online stores that pose a threat to the open source Android development architecture.
An Android mobile app user can mitigate the risk of being attacked by malware by:
- Download apps only from trusted sources and from developers who are known by name and are qualified
- Check the permissions the application is requesting and compare them to its stated purpose
Be alert to any unusual behavior of the phone, such as installing unknown applications, sending SMS to unknown recipients or automatic placing of phone calls.