Google removes banking apps from Android Marketplace

A programmer who goes by the nickname "09Droid" has just illuminated security concerns sure to come into sharper focus as tech and financial services corporations move to popularize mobile device banking.

Antivirus supplier F-Secure says 09Droid offered more than 50 mobile banking applications for sale through Google's Android Marketplace, the app store for smartphones based on the Android operating system. Google pulled the apps on Monday. Several banking firms included in 09Droid's apps issued warnings for their patrons not to use them.

F-Secure Chief Research Officer Mikko Hyppönen says no one in the security community had a chance to reverse engineer 09Droid's first-of-its-kind banking app, so it could simply be a program that redirected users to the bank's online website.

On the other hand, 09Droid could have rather easily programmed in stealthy code to silently steal account log-ins. The programmer did sell some number of apps prior to Google yanking them. Hyppönen notes that Android apps do not go through an approval process, akin to the certification process required of apps made available through the iPhone App Store or through Signed by Symbian programs.

As a rule of thumb, he recommends avoiding any third-party banking apps on any platform unless you know for certain it is expressly approved by your bank. To date, F-Secure has not seen any malicious apps sold through iPhone App Store, Palm App Catalog, BlackBerry App World or Windows Mobile Marketplace. However, the security company has seen the "Signed by Symbian" certification process subverted a couple of times.

Posted by Hadouch | op 10:53

0 reacties:

Een reactie posten