Interesting article from the BBC: http://www.bbc.com/news/technology-20025973
AFAIK (and I would love to be told I am wrong) Google does not audit apps that are published via the play store for security defects (whether malicious or unintended). Since the granularity of permissions in the Android is so coarse as to be practically useless, it seems to me that the security model is badly broken. Users who want to install apps have to grant all kinds of permissions to access their data and/or the network. Most people will just click "yes" because they want the app. Since the apps are not checked they could be doing anything. I think that Google has a duty of care here. They should audit the apps on the play store to ensure that these are safe for consumers to download and install, and that the app is only asking for permissions and data that it really needs to function. It is in Google's interests to do this - if they don't then Android (and Google) will wind up getting badly damaged. At the moment the only safe option seems to be not to install any apps, which somewhat undermines the value of having a smartphone or tablet! -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/VEk4yxVDOY4J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
