Android Market Security Alert: Vulnerability Market allowed Hackers Unauthorized Installation of Apps
by Antonio Wells
Mar 8, 2011 12:35 PM –
It seems all the talk in the Android world these days are the vulnerabilities in malicious Android apps but now with the web version of the Android Market. Google has closed a cross-site scripting (XSS) hole in the Android Market. The vulnerability was discover by security specialist Jon Oberheide who prematurely blogged of it prompting Google to fix it; the goal was to win $15K in a hacker challenge called Pwn2Own.
The hole allowed a hacker to take advantage of Android Market’s ability to download an app directly to Android devices without the users knowledge or consent once logged in. The scenario is that a hacker could inject JavaScript to download a malicious app onto their device with no need to be physically present. This again is an eye-opener for Google and consumers, it’s a good this the exploit was for the greater good of mobile security than malice and was quickly remedied.
Your thoughts on Android security… let’s chat in the comments about it!
[Source Jon Oberheide via H-online via Android Community]
Tags:
Android Apps,
Android Apps Security Alert,
Android Market,
Android Market Security Alert,
Android Market XSS Cross-Site Scripting Hole Patch,
Android Security,
Pwn2Own Hacker Challenge
Categorised in: Apps Blog, Featured, News
Submit apps for review,
promote apps, get more installs with better
app videos.