Did Google Make the Right Move to Protect the Android Market?
Just last week, Wired’s Gadget Lab wrote about Google’s Android security improvements, and how they plan to make the platform more secure for users. As noted in the post, the draw for the Android platform lies in its openness, but at the same time, this presents a number of security challenges for the operating system.
So how does Google plan to make Android more secure? The company unveiled a new security service for Android that aims to auto-scan uploaded Android applications to detect potentially malicious apps more quickly – ideally before users download them. The service searches for threats without requiring any pre-approval process so that the platform can remain as “open” as always.
Some of my initial thoughts about this announcement are skeptical in all honesty. In “controlling” the security of the platform, Google is taking the stance that they know more about mobile security than anyone else, including the security professionals who’ve been detecting threats, and stopping attacks for 30+ years.
By creating the “sandbox security” model within Android, Google has in fact raised the bar for WHO can create malware for Android, and what the potential is for that malware, but in doing this, they’ve completely locked out the good guys. Consider the case where either Android or iOS have a security hole (all the methods for jail-breaking fit in this category). Bad actors can run at full speed until Android or iOS block the hole. Meanwhile, security pros are locked out from doing anything on the device that would detect this.
Ultimately it is clear that both Google and Apple had the foresight to recognize that AV and other signature detection is dead, but they closed the door on allowing newer, more innovative solutions. This is a problem for many security professionals unless you’re under the assumption that the client is untrustworthy no matter the platform. Only the server-side can be trusted when it comes to detecting threats, and that is the mentality and direction that the market needs to go in order to effectively “secure” mobile (and all other types of) platforms.
No comments yet.
Leave a Reply
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- May 2012 (5)
- April 2012 (7)
- March 2012 (13)
- February 2012 (6)
- January 2012 (4)
- December 2011 (7)
- November 2011 (8)
- October 2011 (9)
- September 2011 (5)
- August 2011 (7)
- July 2011 (7)
- June 2011 (6)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- predictive analytics
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
