A mobile security expert discovered even more ways hackers can infiltrate Android devices, as it becomes increasingly difficult for Android users to protect their phones.
Riley Hassell, the founder of Privateer Labs, and colleague Shane Macaulay claim to have identified more than a dozen popular Android apps that make phones a target for hackers. Hassell explained developers often fail to follow security guidelines when they write apps, leaving phones open for attack.
“Some apps expose themselves to outside contact,” said Hassell. “If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message.”
Hassell also said he let Google know about his findings, but it doesn’t appear the company has any plans to combat the issue. A spokesman for Google said the company had spoken with Hassell and found none of the problems to be an issue with the Android operating system itself. Hassell will not identify any of the apps he found to be vulnerable because he fears hackers will exploit them.
Hassell’s findings are the latest in a string of bad news concerning Androids’ susceptibility to hackers and malware. Antivirus company Kaspersky recently identified 70 types of Android malware in March, a notable increase from the two it found in September.
The malware ranges from viruses like “HippoSMS” that cause smartphones to text premium numbers to rack up charges, to privacy invaders like “Golddream.A” that actually record users’ phone calls and upload conversations to remote servers controlled by hackers.
These viruses come attached to applications users download from the Android Market, and maybe avoided by users carefully monitoring what they were downloading or by installing an antivirus app. But if hackers begin exploiting already downloaded apps, defending Android phones from malware may get a lot more difficult.
Hassell says hackers could penetrate the apps he studied after users have downloaded them. This would mean people may download an app that is perfectly fine and passes through antivirus scans, only to have it be infected with malware by hackers at a later date.
Google’s statement on Hassell’s findings may indicate the company sees the rise of Android malware as a developer, and not a platform, issue. If developers don’t catch onto their mistakes, it’s likely only a matter of time until hackers do, and with no known defence from this new type of attack, Android users may be left vulnerable in the dark.