Google have been underwhelmed by the sales figures for Android apps and have decided to do something about it. In an attempt to streamline the process of app purchase and installation, they have added the direct streaming of apps and automatic over-the-air installation.
However, security researchers at Sophos are urging Google to remove this feature, saying it is likely to increase silent malware intrusions. "Google should make changes to the remote installation mechanism as soon as possible," Sophos' Vanja Svajcer warned. "As a minimum, a dialogue should be displayed on the receiving device so that the user must personally accept the application that is being installed."
Security has never been Android's strong point, with most privacy decisions left up to end-users at the time they download apps. However, this new feature will make it much easier for malware developers to bypass these decisions, by simply installing apps automatically without the knowledge of users.
While malicious third parties would still have to guess or crack users' passwords, if they did, they could remotely install apps, track users, access calling information, and collect other sensitive information on their phone to upload to other servers.
There is already not much checking at the Google end in terms of apps entering the marketplace, and this new automatic installation procedure is likely to take some of the safeguards away at the users' end as well.
While there is a lot to be said about having an open attitude, and it is a nice change from the control of the Apple App store, it seems that Android users will have to be more vigilant then ever before if they want to stay safe in app land.
