MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
13 November 2007

Android SDK Officially Released

After much ballyhoo and anticipation, yesterday marked the release of the Android SDK. The Android SDK is a project sponsored by the Open Handset Alliance which allows for applications to be built on top of the Android Platform which is a software stack for mobile devices. This will allow developers to create feature rich, interactive mobile applications in Java on top of a Linux kernel. Based on the libraries that are included as part of the SDK, the possibilities of the types of applications that can be developed are virtually limitless. This would be a great opportunity for organizations who are trying to give more tools to the mobile or traveling employee so that they can be more productive, but also more efficient outside of the office.

For all of the positive aspects of the SDK, one element of the SDK that has me concerned regards the implementation of the SDK's security model. According to the web site, "At application install time, permissions requested by the application are granted to it by the package installer, based on checks with trusted authorities and interaction with the user. No checks with the user are done while an application is running: it either was granted a particular permission when installed, and can use that feature as desired, or the permission was not granted and any attempt to use the feature will fail without prompting the user."

Eek!

Essentially what this means is that if a user is tricked into installing some kind of malicious application, once it is installed it basically has the run of the system.

Is anyone else concerned by this?

Ok, so this isn't much different than what we have today where if you attempt to install an application on top of Windows (for example). If you confirm to the UAC that you want to let the application install, it does so and you could potentially have introduced any level of malcode to your system.

If this is no different than what we have today, then why care?

As we continue to open more technologies and platforms to make them easier to use and more adaptable, let's make sure that we are not further perpetrating a poor security model. There is a natural general divergence between ease of use, the addition of features, and security. Even though it is impossible to please all of the people all of the time, it is a poor ongoing practice to not find a middle ground between these 3 and to continue to allow for the open use and distribution of new technology without also heavily considering the security model is irresponsible.

Categories: Hackers Google Android
Posted by smasiello at 10:47 AM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC