orb3000: What’s your opinion of overall Android security?
pof: Android has been developed having security and privacy issues in mind, it has a rich security model with privilege-separated applications, per-URI permissions, signature-level app permissions, etc… However, it has a very weak point which is at the same time one of its greatest benefits: its openness. As anyone is allowed to publish anything on the market without any review prior to publishing it, this allows to put on the market malicious applications which users can install, so it’s very important to review which permissions we grant to the applications before installing them, and if unsure only install apps from trustworthy developers.
orb3000: Where do you think all this will lead to?
pof: Malware. We’ll see more and more android malware in the future, and it will be very hard to control because it’s not a design or system architecture flaw, it’s something Google can’t avoid if they want the app ecosystem open to third party developers.
orb3000: What do you think Google can do to strengthen and be more prepared for Android security?
pof: I think they have to implement a better reputation system, where user can trust (or not) an app based on the publisher’s reputation. Also it will help allowing the user to selectively choose which permissions he or she wants to approve from the capabilities the application requests when you install it; actually there’s already an app for this, ‘Permissions Denied’ by Stephen (Stericson), but it requires a rooted phone.
Well, thank you so much for making us understand a bit more of this complicated world for us non-developers. Now, we will appreciate even more the time and work that developers invest to make our devices.
Thanks to all our readers and please leave your comments below.
Would you want us to interview someone? Let us know!_________