Android Allows Forced Pop-Ups and Phishing
Android is said to allow unwanted app switches and pop-up adds.
New research presented at the DefCon event this weekend revealed that a core design feature of Android could be used to annoy and possibly cheat the users.
Trustwave’s SpiderLabs head, Nicholas Percoco, warned the public that a standard Android API does not only push an app to the front and steal focus from another — but disable the standard back button command. It might create pop-ups within an ad, and CNET saw examples of apps that would appear legitimate but quickly becomes fraid to phish information.
An example could be a game that pushes ads mid-session, and a Facebook app that shows the legitimate log in page to quickly substitute the harvest log in. By the API’s nature, ads could overlap another ads, creating the unusual condition competition for the users’ attention.
SpiderLab talked to Google about the said issue in the run-up to DefCon, and was told that the company was hoping for a solution that wouldn’t affect the Android’s functionality. Jumping between apps is one of the most significant feature for sharing data, and would have to go away if Google wanted to shut the feature off entirely.
For now, Google promised that it will pull apps that will be caught using the functionality abusively from Android Market — even if this won’t stop problems in third-party stores or prevent the initial damage.View Article Source »