Angry Birds hoax exposes security issues with Android

While the likes of Angry Birds have been catalysts for bringing casual gamers into the mobile loop, the inexperienced nature of this new audience means they're susceptible to attack.

That's the assertion made by security researcher and Scio Security CTO Jon Oberheide.

In an experiment designed to expose Android's vulnerability, Oberheide has alleged it's especially easy to bypass the platform's standard security controls.

Bogus birdsOberheide released a fake Angry Birds bonus level app on Android Market that, without the user's content, authorised the downloading of several other apps from the marketplace.

The Angry Birds trojan just one of the apps Oberheide and Zach Lanier, a senior consultant at Intrepidus Group, put live on Android Market skipped Android's standard security checks, such as asking users to give permission for apps to access certain areas of the OS or download additional titles.

As such, any users who installed the supposed game could have found their handset overrun with other rogue apps making use of info on their phones without their consent.

Reviewing the review process

It's the lack of the kind of formal review process as practised and, indeed, much criticised by some developers on the App Store that allows such apps to make their way onto Android Market.

However, Forbes reports Google removed the fake Angry Birds apps within six hours of its release, with a spokesperson claiming a fix for the issue will be rolled out this Friday November 19.

Nevertheless, Oberheide and Lanier's Angry Birds experiment isn't the first to highlight security concerns with Android.

Back in June, Oberdeide also uploaded an app based on the Twilight series that used users' Google Talk account details and contact lists to push itself out to a large install base.

[source: InformationWeek]