Way back in the last millennium, when I was previously focused on Mobile phone application development a representative from Nokia came to one of my Tech Ed Chalk and Talk sessions to discuss the Armageddon scenario of a virus targeted at a single mobile phone OS. His nightmare was conceived around the idea that mobile operators would ‘instantly’ turn off network access to any device that used the targeted OS and how such action would effectively take that mobile phone producer out of business. It was an interesting theoretical discussion.
One of my US colleagues emailed this alert from his bank to me today:
Android Mobile Device Users - Phishing Attack Launched from the Android Marketplace Impacted Over 50 Financial Institutions
The Credit Union has been advised that in the first and second weeks of
December 2009, a developer using the Android platform deployed shells of
mobile banking applications to try and gain access to banking customer’s financial
information. This phishing attack was launched from the Android Marketplace
and impacted over 50 financial institutions worldwide, including those that
currently do not offer mobile banking solutions, much less an Android download.
As of December 15, 2009, Google completed their investigation of this phishing
concern and has removed the specific applications from the Android Marketplace.
This includes all applications published by the developer ‘Droid09’ and/or
Now the Windows Phone Marketplace requires all applications to complete a level of application testing, and individuals or companies wishing to participate in publishing applications from the Windows Phone Marketplace, have to complete validation by GeoTrust before a code signing certificate is provided for their applications automated signing in the Windows Phone Marketplace publishing process. Through these processes MS works to ensure ‘bad’ applications don’t get published.
It appears to me that there are significant risks for all involved in Google’s Android devices.