As a computer buff with many years history behind me I knew it was only a matter of time before Google Android attracted its first security risks – but what does it mean to the mobile phone using community and should they be concerned by them?The Google Android operating system is open source – that means that all the code that goes into making a Google Android phone work, and supposedly secure, is open to the public. Not only the good and honest public, but those senseless people that think it’s a great idea to cause havoc and deprive people of the devices and services they pay a lot of money for.
For it to be worth their effort an operating system generally has to be widely used before they’ll start writing viruses and worms to attack it, so it was only a matter of time before we saw the first mass attack of Android phones.
Not only were these recently discovered applications able to take information from the phones and send it recipients who could perform whatever processes they wanted on it, but their authors could also take control of the phones they infected. Whilst Google was quick to respond and withdraw the applications from the Google Apps store, it would have no control over someone distributing these infected applications from their own web sites.
That Google believes its latest operating system is not vulnerable to these attacks may be true, but it won’t stop these people creating malicious applications that will infect these later Google handsets.
Furthermore, Google has been able to remotely uninstall the infected applications from affected phones – that’s pretty worrying too since I would not be too happy knowing that Google can remote-control my phone without my knowledge. Does that mean my phone company can too? And what if this remote control access was to become available to hackers?
Finally, that Google has removed the infected applications does not mean that any malicious software installed by these infected applications has been removed and their may be time-bombs sitting on these Google handsets waiting to go off and something else at some predetermined time in the future.
In fact, Trend Micro’s Rick Ferguson is reported as saying that some infected handsets may need replacing and others may require a complete operating system reinstall to eradicate any problems.
So what of the mobile phone companies who have put so much faith in handsets that use an open source operating system. Yes, it’s enabled them to produce much cheaper smart phones, but have they really thought through the repercussions of such a mass attack by hackers. Who is ultimately responsible if my mobile phone stops working as a result of using such an infected application?
I think I would have to seriously think twice now about buying an Android mobile phone.
Lots of people poured scorn on Nokia for not producing an Android handset – maybe they will have the last laugh.