Earlier in part 1 of the post, we discussed about the threat posed by the newly launched android market to your smart phone. However, I certainly feel that the suspected threat is fictitious, in my view. In this post we will look at what makes this attack groundless!
Firstly if your Google account is hacked, you have already compromised on your security. With Google account, the hacker can do limitless things including purchasing apps from the market. He can play number of tricks like uploading an app to the market, setting a high price of it and later purchasing it with your account. With Google account, he has access to your services like Gmail, Youtube, Orkut, Blogger, Google Calendar AdSense, Google Docs etc. the list continues! Having said that, we cannot say “remote installation” poses any new threat to your security.
To prevent hacking, you must keep strong passwords a combination of characters and numbers. Temper your passwords, slightly, regularly. On a windows system, keep regular check on your system and free it from virus, malwares and spyware; on Linux however, you do not need to worry about virus etc.
Secondly even if we take up the fact that your Google account is hacked it is difficult to find a malicious app in the android market that perfectly follows your desired goals, like spoofing your calls, sending data like contacts, sms files etc to any distant server. For that I must say that Google authorities must take care of the fact that malicious apps are not uploaded to the market.
Thirdly, Okay, further assume, the hacker makes one such malicious app and somehow uploads it to the market. And then with your Google account remotely installs that application to your android phone. You won’t find any confirmation notification, and the app will certainly be downloaded instantly on your phone.
Fine, then?
If you are using the phone at that very instant you are lucky! You can easily spot the installation and delete the application from the settings menu. But if you are not using then what happens? Even then, you are not unlucky. It simply impossible to ignore the download icon that appears on the notification bar on the home screen. You will always see a notification for “successful installation”, whenever you turn you turn to your phone.
The application will also appear in the menu, if not specially programmed. Even if you happen to ignore the installation icon in the notification bar and the app icon is hidden in the menu (that is hardly possible), you certainly might be running applications such as “Task killer/Task manger/ App organizer”. Such applications will always detect apps on your phone. Additionally as there is no way to remotely uninstall the application, there is certainly no chance to install and run the app, steal the data and remotely uninstall it.
Therefore we can say, there are so many if and then in this story of attacking on the smartphone via remote installation that it is seems to be somewhat fictitious. Remote installation is not a threat directly, but it can be a security hole.