I read a thought-provoking article yesterday on the Android and Me site regarding the dangers of blindly rooting your phone. I highly recommend giving it a read as it raises some good points about rooting and how it’s possibly too easy for those who don’t truly know what they’re doing to root their phone, opening up a whole can of potential security issues, not to mention the voiding of your warranty. The article got me thinking- with the Android Apps Market being so open, it’s surely a tempting prospect for those nefarious malware writers to delve in to. With Android mobiles growing increasingly in popularity I’d imagine we’ll see malware being uploaded sooner rather than later. Unlike the Apple apps market, there’s no screening of uploaded apps, which definitely has it’s advantages in that there’s no big brother telling you what you can and can’t install on your device. But Apple’s method has it’s merits too; apps can be screened, firstly for their suitability for the device (will it run without regularly crashing the system? is it a buggy beta release that is essentially useless?) and secondly for any malicious or inappropriate content.
If you have an Android device already, try this little example. Open up the Apps Market and do a search for the phrase “sapphire”. You’ll notice that one developer, Sapphire Apps, seems to feature quite highly. Now, this ‘developer’ has been uploading apps (the majority of which are nothing more than a series of images of nubile young females) for a while now. But just take a look at how many apps this developer has uploaded – at present there are 261 results for a search of sapphire! All of them seem to be paid for apps too. Clearly this developer is taking advantage of the openness of the Android market and is spamming it with crap.
So, it seems the spamming has started already, so why not the viral apps, or spyware? Just think of the sort of information an unsrcupulous advertising company or worse, a criminal organisation (although some may say they’re one and the same!) could get out of a device that you can not only browse the web on, but make phone calls and email with….and that’s not even mentioning the GPS functionalities. Then there’s a new app which has appeared recently, which claims to root your phone with one click. Sounds great and from what I’ve heard it may even work, but, when you install the app, you’re asked to allow it permission to access your bluetooth connections. Bluetooth? What the hell does that have to do with rooting the device*? Unless it’s exploiting an already existing vulnerability….which would mean that there are vulnerabilities in Android that people out there are aware of.
When browsing the market and finding an app that tempts you, it’s all too easy to just accept whatever an app requests permission-wise when you install it. From now on, if you didn’t before, take a minute or two to think about what any app you’re installing will do with the permissions you give it. If it doesn’t seem fitting for the app – cancel the install and either research why it needs the permissions it does until you’re satisfied or find an alternative.
*actually, those who have rooted their phone may recall that you’re asked to allow similar access to bluetooth when rooting the manual way, but the point stands, it’s a suspicious permission