Android Security Roundup: Handset Maker Sued For Slow Patching, Threats From Rogue App Stores


android-securedAndroid handset makers and carriers might want to pay attention to a lawsuit filed by a Dutch consumer group against Samsung last week because it could be a sign of things to come. (See our story in Android Secured, In Sign Of Things To Come, Dutch Consumer Group Sues Samsung Over Android Security Updates, for more details).

Basically, the consumer group wants to hold Samsung accountable for allegedly not having proper processes in place for issuing Android software updates and security patches. The complaint reflects the heightened concerns around the relative lack of formal security patching process among many major Android hardware makers. Last summer’s disclosure of the StageFright vulnerability has drawn attention to the issue in a big way. The lawsuit suggests that if the industry doesn’t proactively address the problem, consumers will try and make sure they do – via the courts.

Meanwhile, here are some of the other important stories in Android Secured over the last week:

Tel Aviv-based security firm Perception Point’s warning about a zero-day vulnerability in versions 3.8 and above of the Linux kernel evoked shades of a StageFright-like issue. The security firm declared nearly two-thirds of all Android devices were exposed to the problem. But as our story Google Issues Patch For Linux Kernel Flaw, Downplays Threat explains, Google had a somewhat different assessment of the problem and (somewhat predictably) claimed the actual number of vulnerable devices is a lot less. The Linux kernel security team has patched the problem and so has Google. Now to see how quickly handset makers and carriers will do the same.

AppSecurityWe’ve said this before and we’ll say it again: downloading applications from an unofficial app store is a BAD idea. Our story Rogue App Stores A Growing Threat To Banks is based on a report in American Banker about the threat posed to banks by the growth of mobile application stores filled with thousands upon thousands of malicious apps. Many of the apps in these stores are disguised to look like legit ones and some even use digital certificates to attest to their authenticity.

Check out Mobile Users Would Block More Apps’ Hidden Data Requests, If They Could, to know what users really think about mobile apps accessing their personal data. When users are given enough contextual information on when a mobile app accesses sensitive data, how often that access happens and the reasons why, they tend to become a lot stingier about granting app permissions. Researchers at the University of California Berkeley and the University of British Columbia found that Android users on average would deny 35% of all app requests to personal data if given a choice. That number is not entirely surprising, considering that 75% of the requests that apps make to access personal data happen when the user is not even interacting with the app in the first place.

Learn how to take the pain out of securing business data on your employees’ Android devices. Join Google and BlackBerry at a free, half-day seminar, Bring Android to Work with BlackBerry Software, hosted at Google offices in Toronto, Chicago, San Francisco, Washington DC and New York City.

About Jaikumar Vijayan

Vijayan is a freelance journalist and technology content writing specialist with 20+ years of award-winning experience in IT trade journalism. He is a former Senior Editor at Computerworld Inc.and is a frequent contributor to Christian Science Monitor Passcode, Computerworld, Dark Reading, eWEEK and other publications. Vijayan is the author of BlackBerry's "The Definitive Guide to Mobile Security: Strategies and Tactics for Business & IT Decisionmakers" e-book on mobile security and an author of security white papers for the SANS Institute.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus