The Wieless Industry News Portal Advertise on Wireless Industry News and reach over 300,000 potential new buyers. Click here to learn more.
Post a News Story        Resources        News Archives        Home
Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.


Wireless Industry News is read by over 300,000 people a month. Learn how you can increase your sales by advertising on our news portal -- Click here.


The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.

Get your Linux or Windows dedicated server today.

Google removes two free apps from its Android OS

Add to del.icio.us     Digg this story Digg this

June 26, 2010

According to a company spokesman, Google has confirmed that it remotely removed two free apps from several hundred Android smartphones simply because the apps greatly misrepresented their purpose and in turn violated Google's Android Terms of Use.

This is reportedly the first time Google has used the Remote Application Removal Feature that allows it to delete specific mobile applications for ToS violations or security reasons that have been installed through Android Market Place.

"An attacker who develops legitimate-looking apps and distributes them on the Android Market could gather a large install base and if there was a vulnerability within the Android operating system or Linux upon which Android is based. The attacker can then phone home to see if there is an exploit to download and push it out to all the Android phones he controls and take complete control of the phone via the Linux kernel," said John Oberheide, who works at a new mobile security firm called Scio Security.

The Android apps that were removed consisted of software designed to test the feasibility of distributing a program that could later be used to take control of the device in an attack, according to Oberheide, the developer who wrote and distributed the mobile apps in the first place.

The first one, dubbed RootStrap, executed code that merely printed a message on the phone that says "Hello World," while the second app did the exact same stunt but was disguised as a preview of the "Twilight Saga: Eclipse" movie, said Oberheide.

There were about fifty downloads of the RootStrap app and roughly about 304 of the Twilight app, though some people later uninstalled them, he said.

Under the Android Market Content Policy for Mobile Developers, "programmers should not upload or otherwise make available mobile apps that offer wrongful or misleading information about an application's real purpose."

Oberheide has also developed a program that could be used to bootstrap a rootkit, effectively allowing someone to remotely take control of a phone by having an app already installed on it phone home to fetch code that could exploit a vulnerability on the Android phone, he said.

Click here to order the best dedicated server and at a great price.

He removed the apps voluntarily from the Android Market after being asked to by Google, Oberheide said.

The apps "weren't designed to be used maliciously, and did not have permission to access private data or system resources beyond accessing the Web," said Rich Cannings of Google's Android Security Group.

In other mobile security related news, earlier this month, AT&T has confirmed that it has repaired a critical security flaw that has allowed hackers to access the e-mail addresses of more than 100,000 iPad 3G owners.

A hacker group used a vulnerability on AT&T's website to harvest the e-mail addresses iPad buyers provided to activate their devices, which went on sale about a month ago. AT&T rapidly took action in repairing the security flaw, but without commenting on the rather large scope of the attacks.

This isn't the first time there's been a security incident with the iPad. On April 8, using a variation of the iPhone method and demonstrating just how much the two devices have in common, some hackers were able to exploit some serious security holes in the iPad.

Not only that, but the attacks were completed in less than 24 hours after the iPad was launched Saturday with much fanfare. Apple managed to sell 300,000 iPads on its launch date.

The security hole that was discovered enables the potential hacker to install everything from Wi-Fi scanners to porn (pornography is prohibited by Apple) although for the moment it just allows a remote terminal connection. But some Internet security observers say it's rather simple to cause more damage if the hacker is more knowledgeable.

Worse, the iPad security hole that was discovered even allows Palm OS applications to run on it.

For now, it still seems that few iPad owners are rushing out to buy newspaper subscriptions. PaidContent reports that the newspaper and magazine subscriptions through which the iPad was supposed to change the world, are curiously absent from the lists of most popular paid applications.

Some suspect this could be caused by early adopters being used to getting content for free.

So far, more than 140,000 mobile apps have been developed for the iPhone, and the number is growing rapidly. And since Google and Microsoft have now entered the mobile phone market as well with the Android and Windows Mobile 7, there’s just no telling how much faster the number of mobile apps will grow to.

Add to del.icio.us     Digg this story Digg this

Source: Google.




home | news archives | resources | advertise with us

Copyright © Wireless Industry News. All rights reserved.