Does Android Mobile Fragmentation Pose a Security Risk ?

The Mobile SmartPhone industry is concerned about the rampant growth and pervasiveness of Android beyond the processes and structures that Google currently has in place for fragmentation challenges. Consumer Electronics companies looking to leverage Android to be part of the growth of the “Smart Connected Home” would open a host of security challenges. Google faces with Android is that leaving Android as open and accessible to all manner of industries allows for rampant growth.

Symantec in the past had discovered a massive Trojan botnet malware packaged into games in the official Google Android market. Symantec identified more than a dozen free games from three different publishers that contained the “Android.Counterclank” which may have infected 5 Mn pieces. We believe part of the challenge of the Google Android market is that, without a stringent control process for DRM or certification the vulnerabilities to attack are very high.

Security challenges within Android are unlikely to be corrected anytime in the near term and may not even be accidentally halted by the hyper-fragmentation of Android into multiple splinters in China. In our own test, we downloaded one of the Counterstrike games highlighted by Symantec onto a Chinese Android phone and it not only executed as a program, it also attempted to alter both location and browser settings to serve ads.

Ease of Malware Propogation
It is relatively simple to “repackage” apps on the Google Android market, it also becomes quite easy to repack an existing game with malware. Hackers and Crackers will not stop their efforts in the near term as many hackers “repack” apps to monetize through ad-serving within the game. Having a commercial incentive drives the hacker community to be aligned to the larger advertising model.

However, Google as technology company takes security loopholes very seriously and addresses them on a war footing evident from their Stop Badware initiative on the Desktop / Laptop browsers with FREE API access to make the Web Secure for access. In the same context, they have already addressed part of this issue with the introduction of Address Space Layout Randomization of Android 4.1 / Jelly Bean and all future versions of the Operating System.