It ges worse for Android: IBM uncovers Android banking vulnerability

The message for Android is increasingly bleak in the context of security. I really do wonder whether the average normob (“normal mobile user”) is beginning to form the view that ‘Android is insecure’.

I don’t know if the message has penetrated widely enough and often enough in mainstream media yet. But I’m sure some damage is being done.

The pivotable moment will be when an institution or company (e.g. bank or supermarket) with millions of customers reports a meaningful exception (e.g. “1 million of our customers that use our [platform name] app have lost £5 due to hacking”).

One-in-ten banking apps are wide open to a malicious drive-by hacking exploit that exposes user credentials when visiting bug-laden websites. The vulnerability – discovered by the IBM Security X-Force Research team – lies in Android applications built on the Apache Cordova previously PhoneGap platform. According to AppBrain, this affects 5.8% of all Android apps and roughly one-in-ten mobile banking apps.

via Finextra: IBM uncovers Android banking vulnerability; consumers turned off by security fears.

By Ewan

Ewan is Founder and Editor of Mobile Industry Review. He writes about a wide variety of industry issues and is usually active on Twitter most days. You can read more about him or reach him with these details.

4 replies on “It ges worse for Android: IBM uncovers Android banking vulnerability”

Read the words Apache/Cordova, formerly known as Phonegap.. Only a totally Mickey Mouse bank, or perhaps HSBC, would think that was an appropriately secure development platform for a banking app.

This is not an Android security issue. It’s a third party software issue.

That’s a fair point about Android, however I keep reading AndroidAndroiAndroid and VulnerabilityVulnerabilityVulnerability together. Soon the mainstream are going to form a view on this, no?

I completely agree that the tabloid masses would get the impression that Android is insecure. In all fairness, there are hazards in the Android ecosystem that can catch out the ill informed and unlucky.
Do you really want the health and safety gone mad, walled off world, of mobile computing where all responsibility for user behaviour is removed by draconian all pervading security protocols? That would be both illusory, and very boring, no?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.