Androids Software Architecture is Fundamentally Dangerous

18 June, 2011 07:21AM · 2 minute read

Google have an “open” Android App Market where users can download apps freely but unlike the Apple App Store developers can upload any software they like without any kind of curation/testing from Google that the software works as advertised or is not malware. This is second time a high profile group of applications/malware have been removed from the Android App Market. Unlike the previous lot of malware, this used another “feature” of Android where an Application can download additional components from outside the App Market after it has installed.

The interesting situation is that Google has known about an exploit where an App, once installed, can download additional content from any server on the internet.  The reason why Google haven’t closed this exploit for the operating system is that it can’t patch all of the devices in the field without support from carriers and manufacturers. Their Malware Removal Tool is great for existing Malware and they can pull Malware titles once users discover them but until this exploit is fixed more Malware will use it and more users will be exposed to loss of private information or failure of their mobile device.

Since Google doesn’t curate its store it can never stop this from occurring and can never be proactive - only ever reactive. Eventually when the market realises this, they will make a U-Turn and follow Apple’s approach. Of course, then they will have to stop calling their “open” system open, and start calling it what it is: a security nightmare.