interessting question, but how? how they should know what you are doing? Take a look inside the blogs of big android security firms, what they do all the time is writing about big bot nets of apps installable in playstore and in the end its just another ad-network which has the right permissions and looked like a botnet (because of sending IMEI, able to handle some commands etc...)
so i think google is aware of this fact, that there is so much crap in the market but they cant do much about it... because if they filter now for lets say requestion the IMEI, they will probably find 30% of all apps in the market dangerous... i think the biggest changes they probably want to make in 4.2 are a system notification for premium sms and a malware scanner (i personally think on basis of virustotal). regards! On Tue, 23 Oct 2012 00:25:33 -0700 (PDT), JUF <[email protected]> wrote: > Interesting article from the BBC: > http://www.bbc.com/news/technology-20025973 [1] > > AFAIK (and I would love to be told I am wrong) Google does not audit apps > that are published via the play store for security defects (whether > malicious or unintended). > Since the granularity of permissions in the Android is so coarse as to be > practically useless, it seems to me that the security model is badly > broken. > Users who want to install apps have to grant all kinds of permissions to > access their data and/or the network. Most people will just click "yes" > because they want the app. Since the apps are not checked they could be > doing anything. > I think that Google has a duty of care here. They should audit the apps > on the play store to ensure that these are safe for consumers to download > and install, and that the app is only asking for permissions and data > that it really needs to function. It is in Google's interests to do this > - if they don't then Android (and Google) will wind up getting badly > damaged. > At the moment the only safe option seems to be not to install any apps, > which somewhat undermines the value of having a smartphone or tablet! > > -- > You received this message because you are subscribed to the Google > Groups "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/VEk4yxVDOY4J > [2]. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > > Links: > ------ > [1] http://www.bbc.com/news/technology-20025973 > [2] > https://groups.google.com/d/msg/android-security-discuss/-/VEk4yxVDOY4J -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
