Android Market infested by rogue apps, says Symantec report

Symantec revealed the extent of the rogue software in Google's popular online marketplace as part of a study of the security of Google's Android and Apple's iOS mobile operating systems.

The study, titled 'A Window into Mobile Device Security', carried out in-depth evaluation of the two mobile platforms.

"The latest mobile platforms were designed with security in mind – both teams of engineers attempted to build security features directly into the operating system to limit attacks from the outset. However, while these security provisions raise the bar, they may be insufficient to protect the enterprise assets that regularly find their way onto devices."

The report found mobile devices without development ecosystems controlled by business users can heighten security risks: "They connect and synchronize out-of-the-box with third-party cloud services and computers whose security posture is potentially unknown and outside of the enterprise's control," said Symantec's report.

Tom Parsons, Symantec Response Center manager, said the explosive growth in the use of smart mobile devices has put the security of the applications they run under the spotlight. Symantec said there was a 43% increase in mobile vulnerabilities in 2010.

Unlike PCs, the mobile operating systems have security built-in: "They have done security from the start, which is good news, but it is far from perfect for Android and Apple iOS," Parsons said.

He added that because applications in the Android Market are not vetted, the risks are higher.

But Apple iOS users are taking risks when using services such as iTunes: "The problem is, where is the personal information and where will it end up? Data could end in places where the business does not want it," said Parsons.

However, businesses are under pressure to enable staff to use their smartphones at work, Parsons conceded.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?