Android Security Roundup: Beware Malicious Apps in Google Play, Buggy 3rd-Party Software Updates and Other Risks

Security

Android SecuredSometimes you can do all the right things and take all the right precautions and still end up the victim of a security incident, as highlighted by two recent stories in Android Secured. One of them, Lookout Finds 13 Malicious Apps in Google Play Store, is about threat actors finding a way to plant malware-laden Android apps in Google’s official mobile application store.

This is not the first time this has happened. It certainly won’t be the last. Google and security analysts often remind people they can avoid a vast majority of the Android malware out there simply by making sure to download apps only from Google Play or other official vendor app stores. Generally, that still remains true. However, the fact that the bad guys have figured out how to stick malware, disguised as legit apps, in a legit app store is worrisome because it means users have to be that much more careful about the stuff they download on their mobile devices, especially if they also happen to use the same devices at work.

The other cautionary story is about SentinelOne finding a remote takeover bug in Silent Circle’s Blackphone. (For more details, read SentinelOne Discovers Remote Takeover Flaw In Super Secure Blackphone.) Blackphones are generally considered among the most secure Android smartphones out there (along with BlackBerry’s PRIV) because of their support for encrypted communications, secure conference calls, secure file transfer capabilities and other controls. The fact that even such a device can become vulnerable because of a buggy third-party update serves as another reminder that there’s no such thing as an infallible product. Given enough time, anything can be broken into. The best you can do is to make it as hard as possible for the bad guys to do that.

Following are among the other recent stories of interest on Android Secured.

smart phoneConsumers Worried About Mobile App Security – and That’s a Good Thing, according to a new survey by Mobile Ecosystem Forum and AVG Technologies, which shows that consumers are pretty concerned about the security and privacy implications of using mobile apps. A substantial number of respondents in the survey are reluctant to download more apps, and to share personal data with the apps they do download, because of concerns over how their private data will be used. These concerns are a good thing for security managers because hopefully it means that users are being more careful about what they install on their smartphones and tablets. The problem, as another recent survey revealed, is that such concerns don’t appear to be making users any more reluctant about using their personal devices for work-related purposes.

Read EU Privacy Watchdog Recommends Case-By-Case Risk/Benefits Analysis for Personal Device Use at Work if you want to get a sense of the European Data Protection Supervisor’s recommendations for mobile security for EU organizations. Though the recommendations are not exactly groundbreaking, they do offer a helpful level of detail for organizations looking for pointers on how to implement a secure enterprise mobility strategy.

Check out our story titled Useful Trumps Revolutionary in Enterprise Mobile App Deployments if you want to know which mobile apps are really making a difference in the enterprise. Hint: It isn’t the innovative or the disruptive ones.

Learn how to take the pain out of securing business data on your employees’ Android devices. Join Google and BlackBerry at a free, half-day seminar, Bring Android to Work with BlackBerry Software, hosted at Google offices in Toronto, Chicago, San Francisco, Washington DC and New York City.

About Jaikumar Vijayan

Vijayan is a freelance journalist and technology content writing specialist with 20+ years of award-winning experience in IT trade journalism. He is a former Senior Editor at Computerworld Inc.and is a frequent contributor to Christian Science Monitor Passcode, Computerworld, Dark Reading, eWEEK and other publications. Vijayan is the author of BlackBerry's "The Definitive Guide to Mobile Security: Strategies and Tactics for Business & IT Decisionmakers" e-book on mobile security and an author of security white papers for the SANS Institute.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus