Android’s unique strength and selling point–openness–continues to be a major security issue. From ArsTechnica:
Researchers have uncovered a new type of Android adware that’s virtually impossible to uninstall, exposes phones to potentially dangerous root exploits, and masquerades as one of thousands of different apps from providers such as Twitter, Facebook, and even Okta, a two-factor authentication service.
The researchers have found more than 20,000 samples of trojanized apps that repackage the code or other features found in official apps available in Google Play and then are posted to third-party markets.
…
Under a model known as sandboxing, for instance, Android apps aren’t permitted to access passwords or most other data available to other apps. System applications with root, by contrast, have super-user permissions that allow them to break out of such sandboxes. From there, root-level apps can read or modify data and resources that would be off limits to normal apps.
One can’t help but wonder if this would be bigger news if it were Apple or Microsoft’s mobile offerings instead of Google’s.