Google Inc. said it has beefed up security on its Android mobile-device software to better prevent "malicious" software from residing in its app store.
Hiroshi Lockheimer, Android's vice president of engineering, said in a post Thursday on the company's blog that Google last year began automatically scanning Android Market apps for malicious software, including "spyware" and "trojans."
The comments follow pronouncements by companies such as Juniper Networks Inc. and Lookout Inc.—both of which sell online-security services—that claimed last year that a growing number of malicious apps were appearing on the Android Market, where hundreds of thousands of apps are available for download. Google's comments also come after several instances where Google said it removed malicious apps from the Android Market after they had been downloaded to thousands of devices.
As a result of the latest security program, code-named "Bouncer," Google said the number of downloads of potentially malicious apps dropped 40% between the first and second half of 2011, though it didn't provide specific figures.
Malware could include apps that steal personal information about a smartphone user, including recordings of phone conversations or bank account passwords, among other things.
"While it's not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market—and we know the rate is declining significantly," Mr. Lockheimer wrote on the blog.
Alex Stamos, co-founder of online-security firm iSEC Partners Inc., said the "number of people affected by mobile malware at this point has been minimal, but the public association between Android and a handful of outbreaks will be difficult to break if things get much worse."
Unlike Apple Inc.'s iOS, which powers the iPhone, or BlackBerry maker Research In Motion Ltd., Google doesn't have employees dedicated to approving apps submitted to its store. Google has said it had measures in place to detect and remove malicious apps.
Mr. Stamos said Apple's app store is "almost totally free of malware." He added that if Google's security enhancements lead to a significant decline in malware on Android, it will boost Google's philosophy of maintaining an "open" app market where anyone can easily offer apps to the public.
Dan Wallach, a Rice University professor who has pointed out security flaws in Android, said that malware isn't the biggest problem on mobile operating systems like Android. For example, he said, many people download legitimate apps that ask for permission to access much of the data on their device and then could sell that data to third parties such as advertisers.
Many people simply don't pay attention to such permission requests, he said. "The core issue is understanding that when you install an app, there's a risk," he said.
A Wall Street Journal investigation last year showed that dozens of popular smartphone apps on both Android and iPhone devices transmitted the phone's unique device ID and personal details about the phone's owner to other companies without users' awareness or consent.
Google's Mr. Lockheimer said Android's current system works well because people can read customer reviews of apps before deciding whether to download them, and many reviews discuss the privacy permissions sought by the app.
As of the fourth quarter of 2011, about 47% of smartphone subscribers used an Android phone, while nearly 30% used an Apple device, according to research firm comScore Inc.
No comments:
Post a Comment