Android Market Web Store Has Dangerous Security Hole

The Android Market Web Store- announced earlier this week- has a potentially ruinous security hole. Hackers who find their way to your Gmail password can now- potentially- purchase apps for your devices without your knowledge.

 

The new web store’s most vaunted feature is the ability to browse and purchase apps online and have them push directly to your device. Security blogger Vanja Svajcer took a look at what goes on behind the scenes when that request is made. He believes the web store uses the INSTALL_ASSET intent (first used by Google to remove trojans placed by a researcher) to remotely push applications to the handset.

This means that your Google account information is the only thing necessary for someone to start buying applications on your device. Imagine what would happen if, say, an angry ex “guessed” their partner’s Gmail password and decided to start browsing apps by “most expensive” and downloading them all?

Spammers could also use it as an opportunity to force downloads of malware. Svajcer suggested that requiring the handset user to approve each download manually would help. That would upset the neat, one-step app-buying experience Google showed us on Wednesday. But they should at least enable it as an option for those of us who want a little extra security.

In the mean time, change your password and be super nice to everyone you think knows you well enough to guess it.

[Via Naked Security]

 

About ipodrohan

Rohan Sood, I am 14 years old. I am all about Technology and Gadgets! I am currently at New Delhi, India. Future plans are going to USA and working at one of the awesomest companies APPLE Inc. As you might know, “TECHNOLOGY” is present everywhere. Let’s together understand this word and make the World a better place. I believe in “Sharing KNOWLEDGE”. I created this Blog to share as much Knowledge as possible. I hope you find my Blog interesting and self-sufficient. I will keep you UP-TO-DATE about the Technology News around the Globe!

Posted on February 4, 2011, in Android, Google, Information, News and tagged , , , , , , , , , . Bookmark the permalink. 1 Comment.

  1. hey buddy, I recently found this web page from google and look over several of your several other pages. They are nice. Pleasee keep them coming!!!! Greets,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: