Google only announced its new Android Web Store last week but already security firm Sophos is urging Google to remove the automatic over-the-air installation of apps feature. Saying that it makes the silent addition of malware and spyware to Android users’ devices far too easy. With hackers who discover your Gmail password potentially being able to purchase apps for your devices without your knowledge.
The new web-based Android Market allows you to select and buy apps directly on the web site and then have the apps remotely installed onto your device, which Google is marketing as a unique feature. Totally different to the way Apple’s iTunes Preview website works, which allows users to browse for apps on the web but then directs them to iTunes to securely complete their purchase.
Vanja Svajcer from Security firm Sophos explains :
“The result of all this is that a Google password suddenly becomes even more valuable for potential attackers, and I would not be surprised to see even more Gmail phishing attacks as a consequence. The phishers’ intention may not be to use stolen account credentials for the purposes of sending spam but to install malware on the user’s Android devices instead.”
Via Apple Insider