Android Market's instant app download a security threat, Sophos says

Android Market's instant-download feature for applications that customers buy has a flaw: It could open up Android devices to malicious downloads from attackers, according to security firm Sophos.

Learn more: Smackdown: Android Market vs. iPhone App Store

The problem is that when customers buy applications for their Android devices, they are downloaded to the devices right away - without the customer having to approve the actual installation of the software, Sophos virus researcher Vanja Svajcer says in a blog post. 

That could leave the device open to anyone who manages to steal its owner's Google password, says the security firm. "In summary," Svajcer says, "if someone managed to steal your Google password they could trick your Android smartphone into installing software, without you having to grant permission on the device itself."

The blog notes that when the applications are downloaded, it is done in the background, so customers would likely not be aware.

"The result of all this is that a Google password suddenly becomes even more valuable for potential attackers, and I would not be surprised to see even more Gmail phishing attacks as a consequence," Svajcer says.

Sophos recommends that Google change the procedure so customers have to approve the downloads. In the meantime, the company recommends that customers make sure they have strong passwords that are not easily guessable for their Google applications accounts.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareGooglesoftwareapplicationssophosanti-malware

More about GoogleLANSophos

Show Comments
[]