调查称中国本土Android应用商店安全隐患问题严重

企业动态
谷歌Android Market目前还没有在中国开业,于是不少中国运营商、手机制造商和第三方公司就争先打造了自己的“Android Market”版应用商店。

谷歌Android Market目前还没有在中国开业,于是不少中国运营商、手机制造商和第三方公司就争先打造了自己的“Android Market”版应用商店。虽然这一结果确实给大量的中国用户带来了更多选择,但也存在不少安全隐患的问题。

[[18992]]


Android-china

Android平台在中国市场拥有巨大的发展潜力,如果这一平台能够绑定Android Market出击中国市场,那么一定能够造福许多希望进军中国的开发商。但在此之前,Android平台还面临许多需要克服的问题。据游戏邦了解,Lookout Mobile Security公司最近针对中国的Andrid应用市场进行了调查,发现其中的两大应用商店虽然支持合法的汉化版应用,但同时也提供盗版和重新包装的产品。

Android-china

Android-china

Android-china

Android-china

调查发现,在这些应用商店中,61%的产品是汉化版的特殊手机应用,有11%的应用存在重新包装的痕迹,或者是由非原创开发商发布的产品。

Lookout联合创始人Kevin Mahaffey指出,只要有人从谷歌Andorid Market下载了一款应用,产品就已存在被重新包装的可能。这些第三方开发者有可能更改原始应用的代码,然后将其投放到本土Android应用商店中。他们可能在原始应用中植入恶意软件,也有可能嵌入自己的广告代码,然后这些广告收益就流向了这些不法开发者的手中,原始开发商却无法分得一杯羹。

游戏获悉,在这些重新包装的产品中,有些产品向用户弹出请求对话框的频率比原始应用更高(游戏邦注:Andorid应用一般都会向手机用户发出相关授权请求,比如说获取用户的联系人列表等信息),被安插的恶意软件的应用更是如此。

iOS-china-apps

除此之外,中国本土的iOS应用商店也存在不少盗版问题,这一市场上85%的应用都属于这种类型。手机用户经常会通过越狱,或者绕过苹果应用审核程序,从这些第三方iOS应用商店中下载内容。调查发现,在其中的一个第三方应用商店中,约有8%(或者说2000款应用)的产品盗版了苹果App Store的同款应用。

据游戏邦了解,Lookout还发现约三分之一(34%)的App Store免费应用,以及28%的Android Market免费产品,可以获取用户所在地理位置。还有7.5%的Android免费应用和11%的苹果同类产品可以获取用户的联系人信息。

与此同时,该调查还指出在过去6个月中,可获取用户地理位置及联系人信息的手机应用数量已经呈现下降的趋势。这一现象有可能与开发商普遍提高了保护用户隐私的意识有关。

Lookout的调查还发现了一款名为HongTouTou的木马应用程序(或称为ADRD木马),它在汉化版的重新包装应用中最为普遍,该木马目前存在于14种重新包装游戏和墙纸应用中。(本文为游戏邦/gamerboom.com编译,转载请注明来源:游戏邦)

Google hasn’t opened an Android Market in China, so a number of Chinese carriers, phone makers, and independent companies have opened their own versions of the Android Market there. The result is a lot of app choices for Chinese users, but there are also more security risks.

Android has a lot of potential in the Chinese market. If the marketplace for apps can come together, then China could become a land of huge opportunities for app developers. But there are a lot of problems to fix still. That’s one of the conclusions I draw from the latest data from the App Genome Project, a massive study of apps undertaken by Lookout Mobile Security.

Lookout studied two alternative Android markets for Chinese users. While these markets serve a legitimate need for localized Chinese language apps, they also hosted pirated and repackaged apps.

Some 61 percent of the apps in these stores were unique, most likely because they were converted into the Chinese language. About 11 percent of the apps available on the markets were repackaged and likely submitted by someone other than the original developer.

Kevin Mahaffey, co-founder of Lookout, said in an interview that repackaging happens when someone downloads an app from Google’s Android Market. They can then inject their own code into the app and then upload it to an alternative Android Market. Sometimes they inject malware. Sometimes they inject their own ad code so that advertising dollars flow not to the original app maker but to the person repackaged the app.

Of the repackaged apps, a quarter request more permissions than the original app. (On Google Android phones, users are often prompted to give their permission for an app to access certain functions within the phone, such as accessing their contact lists). That’s ominous, considering malware often triggers permission requests.

Alternative app stores for Apple’s iOS (iPhone, iPad and iPod Touch) also exist. Lookout found that one of the markets existed mainly for pirates, as 85 percent of its apps were pirated. Users who “jail break” their phones, or circumvent Apple’s security software, can download pirated apps from these alternative stores. Roughly 8 percent of the paid apps in the Apple App Store, or nearly 20,000 apps, were found in pirated form on one alternative iOS market. That’s got to be depressing for app developers.

Lookout also found that about a third of the free apps in both the Apple App Store (34 percent) and the Android Market (28 percent) have the ability to access a user’s location. About 7.5 percent of free apps in the Android Market and 11 percent of free apps in the Apple App Store can access contact information.

That’s not alarming by itself, but it’s a potential red flag for privacy violations. Lookout found that there was some good news here, as the number of apps having access to location or contacts has fallen in the past six months. That may be due to more developer sophistication and a heightened awareness of privacy concerns after a big scare on the Android phones last summer.

Speaking of scares, Lookout identified a new trojan, HongTouTou, or the ADRD trojan, in popular repackaged apps targeted at Chinese-speaking users. The malware has 14 different versions so far repackaged in game and wallpaper apps.(source:venturebeat)

【编辑推荐】

  1. 我国下一代超级计算机2010年完成 将用八核龙芯
  2. 我国下一代超级计算机2010年完成 将用八核龙芯
  3. 我国下一代超级计算机2010年完成 将用八核龙芯
责任编辑:张攀 来源: 游戏帮
相关推荐

2011-02-07 13:17:36

Android MarAndroid应用商店

2014-07-03 11:01:13

mongoDB安全隐患

2010-09-17 14:29:23

2011-11-10 10:37:15

SAP云计算

2014-08-27 14:26:29

2024-01-26 16:16:48

InforERP

2009-07-06 13:38:02

2017-02-24 08:11:09

Docker数据安全容器

2012-06-25 09:18:36

2012-02-21 10:05:59

2010-12-27 11:05:04

李开复

2009-09-07 16:56:02

2019-07-23 08:56:46

IoT物联网安全

2016-09-29 22:09:26

2022-11-12 08:33:59

边缘计算

2010-09-16 12:55:36

2015-04-22 09:57:54

2016-04-13 12:45:56

2012-06-26 09:35:03

Firefox浏览器

2014-04-14 13:19:41

初志科技电子文档
点赞
收藏

51CTO技术栈公众号