Angry Birds might have cost you hours of lost productivity, but downloading an avian add-on from the Android Marketplace could be infinitely more costly.
A couple of security researchers have found a bug in the Android operating system that allows apps to download onto your handset without requesting your permission, according to a report from Forbes. To illustrate the point, the researchers created an app masquerading as an Angry Birds add-on, and put it on the Android Marketplace.
The app claims to offer new Angry Birds levels, but instead, it stealthily downloads other apps behind your back, which can then access all your details. These ninja apps have the ability to track the phone, steal contact details and send expensive text messages.
In this case, the app isn’t harmful — though it has potential to be. Instead of sabotaging your handset, the spoof update downloads three other apps that have access to your private content, then shows a message warning the owner of the security breach.
This sort of attack certainly isn’t new, but previous cases required the owner to grant permission for the app to access personal information. In this case, it sneaks by without asking you.
Luckily, this bug hasn’t been seized upon by dirty criminal hackers. The experiment has garnered a good deal of attention, though. Rovio recently released a legitimate update to Angry Birds, offering new levels, bug fixes and QVGA graphics support. You can imagine how many people will search for the update, perhaps find this rogue app, and download it without checking it carefully.
It’s natural for this sort of thing to happen on a system like Android, which doesn’t have the same strict app store vetting process as Apple. It’s a price you pay for the ability to completely customise your phone, and for an open app market that would never exist in a Steve Jobs world.
Image credit: Droid Life