Google Android Malware Threatens Brand Reputation, Consumer Data
An open architecture aimed at building a variety of useful applications for Android-running mobile phones and devices has been Google's advantage to adoption and growth in the Android Market.
Estimates put more than 1,000 applications uploaded to the marketplace daily. Now the company faces challenges with malware infecting apps on phones, as well as privacy implications. The apps not only capture and send unsecure stored data on the phone to servers where thieves can use it, but wreak havoc on a brand's reputation.
Allen Adamson, managing director of brand development consultancy Landor Associates in New York, says it's never good when a brand's reputation gets derailed, even through a free application.
Most people are concerned about cookies and IP addresses, which they don't understand, but wait until they figure out there's malware in ads, widgets and applications that put keyloggers on computer and mobile devices to take passwords, says Michael Caruso, CEO and cofounder at ClickFacts. "We've seen malware that hit infrastructure, derailing trains, and took down a Spanish plane in 2008," he says, which hurts more than the brand.
Google acknowledges removing "several" applications infected with malware from both the Android Market and Android devices, but the security firm Lookout claims to have found many more. Reports suggest more than 50 infected applications. It appears the original applications uploaded by developers were virus free, but later pirated versions of the software injected with malware were republished. The malicious activity could easily ruin, or at the least tarnish, a brand's reputation.
Historically, this type of malware surfaced in third-party marketplaces or a Chinese Android Web site, but not Google's Android Market, which prompts experts like Tom Parsons, senior manager with Symantec Security Response, to call the event "significant." He says thieves follow the money. Symantec released a mobile security mobile application, Norton Mobile Security, a few weeks ago. The beta version available in the Android Market protects personal data on the phone.
Industry experts and analysts have predicted this invasion for years, and suggest the proliferation of mobile handsets, tablet devices, and cloud computing will only prove to accelerate the outbreak, especially on devices running open-source applications. Apple has not seen the same invasion, according to experts, pointing to a closed system as a means of protection.
For IT managers at companies beginning to adopt mobile applications, it's a matter of concern. More people have begun to use mobile applications in corporate environments, and it has become and issue to safeguard not only the data on these devices, but also the information and data stored in the cloud, according to Paul Wood, MessageLabs analyst at Symantec.
Today, Symantec does not see any significant volume of mobile ads being infected, but that has been a popular means through which legitimate Web sites can become compromised, Wood says. In fact, in 2010, approximately 90% of malicious Web traffic blocked by Symantec's services were for malware hosted on legitimate Web sites, and with one of the most popular applications of mobile devices being social networking, the attacks are expected to rise. Social media is being used to target such devices, perhaps with rogue third-party apps specifically designed for social networking environments.
"We have seen this already with PC-based malware, and it is only a matter of time before mobile devices are a sufficiently attractive ecosystem for a major criminal network, with customized versions of botnet malware that can rootkit mobile devices in sufficiently large numbers," Wood says.
Who should take responsibility to protect consumers from malicious apps and malware-infected mobile ads? Google and others declined to answer that question, but did acknowledge the need for refreshing processes. Wood says cloud-based security solutions are evolving to protect mobile devices, but he believes the focus needs to turn toward safeguarding the data in the cloud. "Security protection will need to extend beyond the PC as it becomes more important to focus security on people and information they access, independent of the device they may be using," he says.
Symantec posted a list of affected applications. It asserts that Android.Rootcager in particular roots the phone without user consent to perform various activities. DownloadProvidersManager.apk is dropped by the malware to monitor installed applications and download additional packages of code as a background service. The post explains that the malware also attempts to record IMEI and IMSI numbers, which are used to identify mobile phones, and upload the data to an external Web site.