IT Security & Network Security News & Reviews: Fortifying Android Market Application Security: 11 Ways to Do It
Sophos Backs Raising the Bar for Developers
Vanja Svajcer, one of the principal malware researchers at Sophos Labs, said Google should make it more difficult for people to become approved developers who can publish programs on the Android Market. Google currently charges $25 for developers to publish applications in the Market. "If it was $100 or $500, that would be more comparable to Apple, and may put off some of the mischief makers who are trying to introduce malware to the Android market," Svajcer told eWEEK.
Google faced one of its more serious attacks when developers laced 58 applications in the Android Market with malicious code. The programs, which Google quickly removed March 1, were intended to grab codes that identify mobile devices and determine the OS version running on a device. Google not only notified police of the attacks and suspended the developer accounts responsible for the suspicious "DroidDream" malware, but took the unusual step of engaging its kill switch. That is, the search engine remotely removed the offending applications from users' devices. It's only the second time Google has taken such a step. As an open-source platform where Google lets developers write code with great freedom and flexibility, Android is an ideal target for malicious developers and hackers attempting to dupe people or simply mess around with the Android Market applications. Security experts weighed in with their thoughts on the matter. For this slide show, eWEEK talked to some of those experts, including software developers from security firms and analysts, to learn how Google can improve security in its Android Market for mobile phone and tablet users.