My 3/13/11 Missoulian column
Part Two is here: Mobile Malware, Part Two
Smartphones are about the hottest things going these days in the high-tech world. Apple iPhones, BlackBerrys and the many different smartphones that run Google’s Android and Windows Phone operating systems are selling by the millions since being introduced, and the demand isn’t projected to wane.
But the gaining popularity of smartphones has made them targets. Malware developers have always targeted desktop PCs and laptops of all brands and operating systems for their scams and crimes.
Now, they’re following the money – and security vulnerabilities – to the smartphone market. As a criminal, why not look toward the fastest growing market for new people and devices to exploit?
This was brought to light last week when Google discovered some apps in their Android Market that were stealing information from user’s smartphones.
Apps from Google’s Market are programs that run under the Android operating system on compatible smartphones. (The Android OS runs on many different brands of smartphones, such as Droids, T-Mobiles and more.)
These apps took advantage of security problems in the Android operating system to grab user data and “root” the phone – acquire very low level access to the operating system – so that other software could be installed.
Google removed the apps from the market within minutes, they say, after being notified they were there. But Google didn’t discover the problem with the apps.
Google was told there was a problem by a developer who found that the malware app authors had stolen his code and used it for their own apps. He downloaded and checked the apps to examine the extent of the theft and found that his apps had not only been copied, but had malware added in, too.
It’s hard to say how long the apps would have been available in the market without the notification from the developer, who is quoted as saying he tried for a week to inform Google before finally getting through. But in the time they were available, they were downloaded hundreds of thousands of times.
Google doesn’t examine the apps in the Android Market for problems like malware. Anyone can learn some programming and put together an app and release it in the market.
Google said in e-mails to users that the vulnerabilities the apps exploited has been fixed in the newest versions of the Android OS, so the malware couldn’t work anyway, and Google was pushing a fix for older versions of Android.
But what’s really interesting in this story is the another step Google took: they remotely killed those malware apps on people’s phones. More next Sunday.
This week in Mac Q & A: Update an Old MacBook