According to a report by CVG, Android Market downloads of games specifically designed to run on Sony Ericsson’s Xperia PLAY handset have been extremely low. As evidence in its case, the report hones in on five Play titles that all have under 1,000 total Market downloads: Cool Boarders 2, 100–500; Destruction Derby, 500–1,000; Jumping Flash, 50–100; MediEvil, 100–500; and Syphon Filter, 100–500. Despite this, the handset’s creator is undeterred. “There’s no concerns, it’s a revolutionary device, it’s shaking up the market, we’re very pleased with it,” said Dominic Heil- Read the rest of this entry
The Android Market Web Store- announced earlier this week- has a potentially ruinous security hole. Hackers who find their way to your Gmail password can now- potentially- purchase apps for your devices without your knowledge.
The new web store’s most vaunted feature is the ability to browse and purchase apps online and have them push directly to your device. Security blogger Vanja Svajcer took a look at what goes on behind the scenes when that request is made. He believes the web store uses the INSTALL_ASSET intent (first used by Google to remove trojans placed by a researcher) to remotely push applications to the handset.
This means that your Google account information is the only thing necessary for someone to start buying applications on your device. Imagine what would happen if, say, an angry ex “guessed” their partner’s Gmail password and decided to start browsing apps by “most expensive” and downloading them all?
Spammers could also use it as an opportunity to force downloads of malware. Svajcer suggested that requiring the handset user to approve each download manually would help. That would upset the neat, one-step app-buying experience Google showed us on Wednesday. But they should at least enable it as an option for those of us who want a little extra security.
In the mean time, change your password and be super nice to everyone you think knows you well enough to guess it.
[Via Naked Security]