More bad news for Android owners. A huge Russian malware operation is infecting Android apps in the the Google Play Store. The malware – hopefully now removed – hijacks your personal details, and sends premium rate text messages to drive profits for its owners.
This is the price we pay for Android’s open access policy. iPhone users can smirk all they want – but I like being able to run anything I desire on my phone, rather than be restricted to the puritanical walled garden of Apple’s App Store.
The late lamented Symbian OS did many things wrong – but it had an interesting approach to keeping users secure from malicious apps.
The first time an app wanted to access a feature – like Internet, SMS, phonebook – the phone would prompt the user to grant the app permission.
Is this what is needed for Android? the first time an app tries to access, say, the dialer – should Android say “Are you sure you want Angry Birds to make a phone call?”
Or, should Android take a leaf out of BlackBerry 10? When installing the app, the user can choose whether to grant certain permissions.
Finally, what about personal responsibility? The Android permission model is quite opaque to most users, it’s true, but there are some basic precautions users can take.
I was recently hit by a “drive by installation”. A malicious website automatically downloaded an app to my Android phone. When I clicked on it to install, this is what I got:
If you think a Battery app needs all those permissions… I’m not sure encasing you in bubble-wrap is enough to keep you safe from yourself!
The price of freedom is eternal vigilance. Android needs to do more to allow users to enjoy their freedom.
Going down the Symbian path of insisting every app be signed by a third party and repetitively interrupting the user is probably not the right way to do things. What is clear from the current crop of malware is that simply telling the user of the permissions an app is requesting at installation time is insufficient.
Until Google makes things better for its users, it’s worth installing an app like Permissions Denied which will allow you to see which apps have more access than they need – and restrict them if necessary.