All about Google Chrome & Google Chrome OS

02 May 12 Android Apps Slurp Excessive Data

10 Ways To Get More From Your Android Device
(click image for larger view and for slideshow)

More than one-third of Android apps request “excessive permissions,” giving them access to more data than they require.

That finding comes from a study conducted by South Korean antivirus vendor AhnLab, which scanned 178 “best rated” Android applications using its cloud-based Android security scanning service.

All told, of the apps scanned, AhnLab found that 43% requested excessive device information, 39% requested unusual levels of location information, 33% requested excessive access to personal information, and 8% wanted excessive information about service plans.

[ Google's StreetView put data collection above people's security. See Google Wardriving: How Engineering Trumped Privacy. ]

According to HoWoong Lee, director of the AhnLab Security E-Response Center, mobile applications that access excessive amounts of data are a concern because they may have access to banking data and personal emails, or be able to retrieve information that would allow attackers to clone smartphones or sign up mobile subscribers for premium services. Some apps, meanwhile, not only access but also store this sensitive information, oftentimes in unencrypted form. Furthermore, users may not notice any malware that targets sensitive stored information running in the background, surreptitiously siphoning away stored data.

But having legitimate applications access more data than they require would appear to be quite common. That goes not just for legitimate Android apps, as well as malware, but also for iOS apps.

Many social networking applications, including Path and Hipster, were called out earlier this year over revelations that they sent unencrypted copies of iOS users’ address books back to their servers. While the developers behind Path defended the practice as a way of helping them connect users who already knew each other, the resulting outcry led the app developer to make the address book sharing “opt in.”

Apple likewise weighed in, saying that slurping people’s contact information without their permissions would be against its development guidelines. Apple apparently hadn’t been testing iOS apps for such behavior as part of its App Store review process.

Not long after, Twitter, Yelp, and Foursquare also came clean, saying that they likewise transmitted users’ contact information whenever people selected features with labels such as “find friends.” But such information was often stored in unencrypted format, again creating an information security risk.

Apps running on Android or iOS that request, store, or share excessive amounts of information add to already pervasive business concerns over the security of mobile handsets. So, what can be done to address the problem?

One solution for businesses is application whitelisting, which means ensuring that any Android device that wants to connect to the corporate network runs only approved apps. While the practice is controversial, many security experts see it as the best solution for keeping malware and untrusted apps–such as those requesting excessive data access rights–off of Android handsets.

Put an end to insider theft and accidental data disclosure with network and host controls–and don’t forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone’s concern, and lessons learned from the Global Payments breach. (Free registration required.)

Article source:

Tags: , , ,

09 Apr 12 RIM Moves Against Pirated Android Apps On PlayBook

10 Things Tablets Still Can't Do
(click image for larger view and for slideshow)

PlayBook OS 2.0, which was distributed by Research In Motion in February, allows tablet owners to install and run Android applications. Those apps need to be repackaged by developers, and run in an emulator environment on the tablet. They can be downloaded from the BlackBerry App World store. Well, the official versions, anyway.

Not all Android developers are ready to repackage their applications for RIM’s PlayBook. While PlayBook owners wait for official app releases, unofficial versions of some Android apps for PlayBook OS have become available. These are apps that have been repackaged by people other than the original developer and are being distributed outside the Android Market and BlackBerry App World.

They are, in other words, pirated apps.

Since the pirated apps skip the official distribution channels, that means for-pay applications aren’t earning any income for the original developer. RIM has taken notice of the issue. This isn’t a case of “no harm, no foul,” said Alec Saunders, RIM’s VP of developer relations, in a Twitter exchange with a developer. “Have seen apps from devs uploaded by others, and charged for by people who don’t own.”

[ Will RIM's "do or die" plan work? See RIM CEO Pledges Enterprise Focus, But Clock Ticks. ]

So RIM is going to do something about it.

“We’re removing sideloading for consumers,” said Saunders. “Piracy is a huge problem for Android devs, and we don’t want to duplicate the chaotic cesspool of Android Market. Pretty sure we’ve got a solution for devs.”

RIM will push a software update to the PlayBook in the near future that blocks the ability to sideload applications. This means apps will only be available through the official, RIM-sanctioned BlackBerry App World.

Sound familiar to you? That’s because RIM is apparently adopting Apple’s iPhone, iPad, and iPod Touch application policy. Apple, too, restricts application access to the App Store, which it controls. The only way to install non-approved applications on an iPhone is to jailbreak it. Saunders didn’t say if the forthcoming PlayBook update would also break the ability to jailbreak the PlayBook, which has been possible now for several months.

Google takes a different approach. While hundreds of thousands of applications are available to Android devices via the Google Play Store, owners of Android devices can choose to install apps from non-approved sources if they so wish. No hacking is required to enable this functionality. Instead, users must simply check a little box in the settings menu. Google warns that in so doing, however, customers are taking a risk with respect to security and privacy.

Is RIM’s change in stance here a big deal for end users? No, it isn’t. It is the right thing for RIM to do if it wants to protect its relationship with its developer community. Right now, RIM needs to be highly protective of its developers. Without devs, there are no apps, and without apps, its BlackBerry OS 10, slated for release late this year, will die before it reaches the market.

Put an end to insider theft and accidental data disclosure with network and host controls–and don’t forget to keep employees on their toes. Also in the new, all-digital Stop Data Leaks issue of Dark Reading: Why security must be everyone’s concern, and lessons learned from the Global Payments breach. (Free registration required.)

Article source:

Tags: , , , , ,