Upcoming Security Changes for Android Market

Hopefully, from a security perspective, Google will move their Android market to more of the walled garden similar to Apple’s App Store. The developer and application vetting that Apple does seems to be working reasonably well in practice. The first reference link below is a statement from Google announcing some upcoming changes they intend to make to the Android Market due to recent problems (DroidDream) with malicious content being posted. Google has already removed those applications (putting REMOVE_ASSET to good use). And interestingly we see a beneficial use of INSTALL_ASSET, where Google used that facility to undo damage done to affected Android devices by the DroidDream malware.

Google is saying that Android 2.2.2 was not affected by the DroidDream problem, but if you allow Android in your environment you should allow nothing less than Android 2.3 (see second reference link below).

References:
https://market.android.com/support/bin/answer.py?answer=1207928
http://blog.sharpesecurity.com/2011/03/01/commercial-root-exploit-exists-for-google-android-2-2/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Leave a Reply