調查稱中國本土Android應用商店安全隱患問題嚴重
谷歌Android Market目前還沒有在中國開業,于是不少中國運營商、手機制造商和第三方公司就爭先打造了自己的“Android Market”版應用商店。雖然這一結果確實給大量的中國用戶帶來了更多選擇,但也存在不少安全隱患的問題。
Android-china
Android平臺在中國市場擁有巨大的發展潛力,如果這一平臺能夠綁定Android Market出擊中國市場,那么一定能夠造福許多希望進軍中國的開發商。但在此之前,Android平臺還面臨許多需要克服的問題。據游戲邦了解,Lookout Mobile Security公司最近針對中國的Andrid應用市場進行了調查,發現其中的兩大應用商店雖然支持合法的漢化版應用,但同時也提供盜版和重新包裝的產品。
Android-china
Android-china
調查發現,在這些應用商店中,61%的產品是漢化版的特殊手機應用,有11%的應用存在重新包裝的痕跡,或者是由非原創開發商發布的產品。
Lookout聯合創始人Kevin Mahaffey指出,只要有人從谷歌Andorid Market下載了一款應用,產品就已存在被重新包裝的可能。這些第三方開發者有可能更改原始應用的代碼,然后將其投放到本土Android應用商店中。他們可能在原始應用中植入惡意軟件,也有可能嵌入自己的廣告代碼,然后這些廣告收益就流向了這些不法開發者的手中,原始開發商卻無法分得一杯羹。
游戲獲悉,在這些重新包裝的產品中,有些產品向用戶彈出請求對話框的頻率比原始應用更高(游戲邦注:Andorid應用一般都會向手機用戶發出相關授權請求,比如說獲取用戶的聯系人列表等信息),被安插的惡意軟件的應用更是如此。
iOS-china-apps
除此之外,中國本土的iOS應用商店也存在不少盜版問題,這一市場上85%的應用都屬于這種類型。手機用戶經常會通過越獄,或者繞過蘋果應用審核程序,從這些第三方iOS應用商店中下載內容。調查發現,在其中的一個第三方應用商店中,約有8%(或者說2000款應用)的產品盜版了蘋果App Store的同款應用。
據游戲邦了解,Lookout還發現約三分之一(34%)的App Store免費應用,以及28%的Android Market免費產品,可以獲取用戶所在地理位置。還有7.5%的Android免費應用和11%的蘋果同類產品可以獲取用戶的聯系人信息。
與此同時,該調查還指出在過去6個月中,可獲取用戶地理位置及聯系人信息的手機應用數量已經呈現下降的趨勢。這一現象有可能與開發商普遍提高了保護用戶隱私的意識有關。
Lookout的調查還發現了一款名為HongTouTou的木馬應用程序(或稱為ADRD木馬),它在漢化版的重新包裝應用中最為普遍,該木馬目前存在于14種重新包裝游戲和墻紙應用中。(本文為游戲邦/gamerboom.com編譯,轉載請注明來源:游戲邦)
Google hasn’t opened an Android Market in China, so a number of Chinese carriers, phone makers, and independent companies have opened their own versions of the Android Market there. The result is a lot of app choices for Chinese users, but there are also more security risks.
Android has a lot of potential in the Chinese market. If the marketplace for apps can come together, then China could become a land of huge opportunities for app developers. But there are a lot of problems to fix still. That’s one of the conclusions I draw from the latest data from the App Genome Project, a massive study of apps undertaken by Lookout Mobile Security.
Lookout studied two alternative Android markets for Chinese users. While these markets serve a legitimate need for localized Chinese language apps, they also hosted pirated and repackaged apps.
Some 61 percent of the apps in these stores were unique, most likely because they were converted into the Chinese language. About 11 percent of the apps available on the markets were repackaged and likely submitted by someone other than the original developer.
Kevin Mahaffey, co-founder of Lookout, said in an interview that repackaging happens when someone downloads an app from Google’s Android Market. They can then inject their own code into the app and then upload it to an alternative Android Market. Sometimes they inject malware. Sometimes they inject their own ad code so that advertising dollars flow not to the original app maker but to the person repackaged the app.
Of the repackaged apps, a quarter request more permissions than the original app. (On Google Android phones, users are often prompted to give their permission for an app to access certain functions within the phone, such as accessing their contact lists). That’s ominous, considering malware often triggers permission requests.
Alternative app stores for Apple’s iOS (iPhone, iPad and iPod Touch) also exist. Lookout found that one of the markets existed mainly for pirates, as 85 percent of its apps were pirated. Users who “jail break” their phones, or circumvent Apple’s security software, can download pirated apps from these alternative stores. Roughly 8 percent of the paid apps in the Apple App Store, or nearly 20,000 apps, were found in pirated form on one alternative iOS market. That’s got to be depressing for app developers.
Lookout also found that about a third of the free apps in both the Apple App Store (34 percent) and the Android Market (28 percent) have the ability to access a user’s location. About 7.5 percent of free apps in the Android Market and 11 percent of free apps in the Apple App Store can access contact information.
That’s not alarming by itself, but it’s a potential red flag for privacy violations. Lookout found that there was some good news here, as the number of apps having access to location or contacts has fallen in the past six months. That may be due to more developer sophistication and a heightened awareness of privacy concerns after a big scare on the Android phones last summer.
Speaking of scares, Lookout identified a new trojan, HongTouTou, or the ADRD trojan, in popular repackaged apps targeted at Chinese-speaking users. The malware has 14 different versions so far repackaged in game and wallpaper apps.(source:venturebeat)
【編輯推薦】
