It ges worse for Android: IBM uncovers Android banking vulnerability

The message for Android is increasingly bleak in the context of security. I really do wonder whether the average normob (“normal mobile user”) is beginning to form the view that ‘Android is insecure’.

I don’t know if the message has penetrated widely enough and often enough in mainstream media yet. But I’m sure some damage is being done.

The pivotable moment will be when an institution or company (e.g. bank or supermarket) with millions of customers reports a meaningful exception (e.g. “1 million of our customers that use our [platform name] app have lost £5 due to hacking”).

One-in-ten banking apps are wide open to a malicious drive-by hacking exploit that exposes user credentials when visiting bug-laden websites. The vulnerability – discovered by the IBM Security X-Force Research team – lies in Android applications built on the Apache Cordova previously PhoneGap platform. According to AppBrain, this affects 5.8% of all Android apps and roughly one-in-ten mobile banking apps.

via Finextra: IBM uncovers Android banking vulnerability; consumers turned off by security fears.

, , , ,

  • https://twitter.com/DominicTravers DominicTravers

    Read the words Apache/Cordova, formerly known as Phonegap.. Only a totally Mickey Mouse bank, or perhaps HSBC, would think that was an appropriately secure development platform for a banking app.

    This is not an Android security issue. It’s a third party software issue.

  • http://www.mobileindustryreview.com Ewan

    That’s a fair point about Android, however I keep reading AndroidAndroiAndroid and VulnerabilityVulnerabilityVulnerability together. Soon the mainstream are going to form a view on this, no?

  • https://twitter.com/DominicTravers DominicTravers

    I completely agree that the tabloid masses would get the impression that Android is insecure. In all fairness, there are hazards in the Android ecosystem that can catch out the ill informed and unlucky.
    Do you really want the health and safety gone mad, walled off world, of mobile computing where all responsibility for user behaviour is removed by draconian all pervading security protocols? That would be both illusory, and very boring, no?

  • http://www.mobileindustryreview.com Ewan

    agreed!

Powered by WordPress. Designed by Woo Themes

Real Time Web Analytics

Clicky