18 Apr 2012

Mobile Security Mistakes Point to Android Developer Negligence

Developer negligence causes security flaws in smartphone applications, and they won’t likely be addressed until users start to point the finger at mobile app developers, said Jacob West, director of software security research for HP.

In an open debate on mobile security mistakes for iOS and Android in this year’s OWASP Appsec Asia Pacific Conference, West addressed development practices most commonly used by developers that don’t take into consideration permissions and privileges. He said hijacking “intents” in Android apps is something that can be achieved easily.

"This is one of the big distinctions between iOS and Google Android today; the idea that iOS applications effectively don't communicate with each other, but, in the Android world, not only are applications permitted to communicate with each other, but encouraged to do so,” he said. “Basically, development best practices say that many applications are going to be built as multiple components that share 'intents' or actions between one another in order to implement a multi-tier application effectively."

West also told ZDNet that, although neither developers nor providers can be held accountable for these security flaws, app developers won’t correct their coding flaws “until users begin to [point the finger]. It's not going to be important to the providers because it's not costing them anything."