Most recently, a vulnerability that could impact Android devices was pointed out in February but was still capable of exploitation in May.
The particular vulnerability had to do with the fact that some of Google’s other cloud-based services -- like Google Calendar -- are not encrypted as are other services like Gmail. Other apps at the time, like Facebook’s Android app, had similar issues. Network eavesdroppers could gain access to all of that data through the air, via unsecured Android devices.
There are about 70 million Android-based devices that ship annually, with double-digit growth. That’s a lot of devices with some big vulnerabilities.
And at the same time, many apps -- including these 20 - will help to increase security on Android-platform based devices.
But while Android devices have achieved stunning popularity in the consumer space, executives from at least one major mobility vendor tell us they are going to tread very carefully before they introduce Android devices into enterprise hardware. And it appears that caution is with good reason.
Take, for example, this latest analysis from security vendor McAfee on Google’s Google Wallet e-commerce and payment app:
"Android apps are relatively easy to reverse-engineer, so that would probably be the first step an attacker would take. Google says that only authorized apps will have access to the 'secure element' chip, and the chip uses asymmetric encryption to authenticate access to stored secrets (credit card credentials). This implies that an attacker has a good chance of extracting the authentication key from the Google Wallet app. The next step would be to create a malicious application that emulates the official Wallet app to fool the 'secure element' chip into giving up your credentials. From here, the attacker can collect account information for sale or for attempts at cloning the data to new NFC cards."
A digital mugging might be less physically harmful than a real one, but a mugging is a mugging nonetheless. McAfee appears to be sounding an important alarm.
Android boosters will rightly point out that, hey, Windows has had vulnerabilities for years. Tons more data has been compromised or lost via Windows-based PCs over the years than anything that has come from Google or the Android community. That’s true, but that’s not the point. The marketplace, over years, developed core best practices that have elevated security in the Windows world to the point where enterprises -- business of all sizes, government agencies of all sizes -- now have a checklist they can constantly examine to make sure they are in the best position possible to protect data.
Android is a relative Wild West. Where are the best practices for Android-based IT?
Google needs to do a better job of getting out front on security issues regarding Android. Google executives can choose to become the public face of mobile security, or they can risk becoming the public face of vulnerability.
- Three Big Questions On Apple’s Mountain Lion
- Do We Even Need A Google Drive?
- How Windows 8 Beta Could Underwhelm Us
- Three New Features For Business We Want In iPad 3
- How Meg Whitman Can Save WebOS
- 'Extra-PC Era' Describes It Better
- LibreOffice’s Bold Course for the Tablet
- Leaving Your iPhone In The Back Of A Cab
- Analysis: Ubuntu's 'Open for Business' Sign To Developers
- Firefox Memory Leaks Once Again Causing Frustrations
- Microsoft’s Windows 8 To Do List Short, But Serious
- The Door Cracks Open for the BlackBerry PlayBook
- Today’s Daily App: Maven Web Browser for iPad
- Will Ubuntu Again Benefit From Industry Turmoil?
- Samsung Takes Swipe At Google With Its Windows 7 Slate
- Intel Inside Android, via McAfee Security
- Why Michael Dell Is Right About PCs, And HP Could Be Wrong
- Why 2011 Is The Year Of Open Source
- What If They Had A Tablet Price War And Nobody Came?
- Why Google Needs to Get a Grip on Security