CYBER NEWS

O Amazon Metro App Store comprometer a segurança Android?

O sistema operacional Android tem uma restrição para bloquear a instalação de aplicativos fora da Play Store. Mudar para “fontes desconhecidas” é uma idéia muito ruim em relação à segurança do dispositivo, e quaisquer muitos especialistas em segurança iria confirmar esta.

Curiosamente, this is exactly how Amazon has been proceeding, asking its app store customers to do so for a long time. Despite that it is not considered safe to open up an Android device to apps outside Google’s own store as this makes the device vulnerable to malware.

Story relacionado: Google to Punish Play Store Apps that Don’t Abide the User Data Policy

(Not to forget that sometimes even Play Store lets malicious apps sneak in, De uma forma ou de outra).


How and Why Amazon Imperils Android’s Security

It is indeed Amazon’s requirement to allow installations from unknown sources. Why is this? Even though almost all of Amazon’s apps are found on the Play Store, the company’s own third-part app store – Underground – is not allowed there, ZDNet points out. And that’s a fact that’s been known for a while. Some researchers acknowledged this security gap back in 2015. This is when Amazon Underground was actually launched.

Amazon then confirmed that their store has since been installed on millions of devices running Android. The spokesperson noted thatcustomers should take care only to download content from sources they trust, como a Amazônia.”

De fato, the problem is not in Amazon Underground but in the security gap that opens up when a user decides to install it. As Amazon and its services are quite popular among users all over the world, ZDNet researchers decided to contact several “prominent security researchers and experts” to comment on the “unknown sources” security issue.


What Do Security Experts Think of Amazon Underground’s Practice?

Joshua Drake, VP of Platform Research and Exploitation at Zimperium, said that the act of installing apps from unknown sources is alwaysa significant source of malware in the Android ecosystem,” and other security gurus joined his opinion.

Andrew Blaich, a security researcher at Lookout, adicionado:

By allowing unknown sources, a user is removing the first line of defense in stopping themselves from installing a malicious app that can be delivered from a number of sources, including malicious website links, phishing attempts and others of which we’ve seen happen in targeted attacks like ViperRat and other broader non-targeted attacks.

Chester Wisniewski, principal research scientist at cybersecurity firm Sophos, commented thatthere are a lot of nasty Android apps out there and only downloading apps from official sources is key to a safe mobile computing experience.”

Story relacionado: Amazon Phishing Scam Vítimas iscas com preços imbatíveis

Because of the monopoly created by service providers such as Apple and Google, it is indeed quite hard for other players and competitors to get to users. A fact that explains Amazon’s resolution to beg its customers to relinquish security features in order to get to its own app store.


Android O to Change the Game?

Curiosamente, Zimperium’s Drake told ZDNet that Google’s forthcoming Android O will allow third-party app stores on the platform without the need of switching it to unknown sources. Google hasn’t commented yet.

Amazonas, por outro lado, recently put an end to the program of allowing Amazon Underground users to download apps and games for free. The company is however not ending its app store.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...