Symantec Uncovers Android Apps Security Threat

Mechanical man has chop-chop climbed to the top of the mobile OS wads, and IT owes practically of its success to being a more open political platform than rivals same iOS. However, that receptiveness is a replicate-stinging sword that also exposes Mechanical man to voltage danger–equal the Android Class Loading Hijacking threat discovered past Symantec.

A Symantec voice explains that the Humanoid Class Freight Hijacking scourge resembles a Windows DLL hijacking attack. "It relies on the fact that Android provides APIs that allow an app to dynamically load code to be executed. For example, an lotion may support plug-ins that are downloaded and then loaded at a later time. Unluckily, if these plug-ins are stored in an insecure location, this process can be hijacked."

Android apps — Some Humanoid apps may pose a security menace.

Symantec stresses that the Android Class Loading Hijacking terror is non a exposure in the Android OS itself, just a flaw in the way some apps are coded that can buoy be made use of to hijack permissions.

Oliver Lavery, Conductor of Security and Development for nCircle, explains, "This weakness, and others like IT that haven't been discovered yet, are an unfortunate side-effect of Android's openness. While open platforms are adept, the history of browser vulnerabilities has shown us sentence and time once again how important it is to have telling 'sandboxing' for content that comes from the internet."

Lavery says that Humanoid security is not importantly better operating theatre worsened than the security of any other all unsealed computing device, like a desktop OR laptop computer. "The 'walled garden' approach iOS uses is almost certainly more secure, but that proportional layer of additive surety comes at the be of openness and extensibility."

Steamy Abrams, Director of Technical Education for ESET, says that the Symantec inquiry is interesting, only that cyber criminals in truth don't have to work that unvoiced. Abrams warns that the liberal permissions Android apps are routinely given make an attack like stealing a Gmail verification encrypt text message as simple as convincing the user to install an app that has access to text messages.

"Users habitually grant such permissions to applications without a second thought," laments Abrams. "Thither is far overmuch opportunity for cross application defilement by design to gift in the real, but esoteric approaches that Symantec discusses."

At that place are always tradeoffs of functionality or flexibility vs. security. Android errs along the side of functionality over security, and that means that app developers have to be more diligent, and users need to follow more wakeful to guard against security threats.