Security researchers developed a working spyware app for Android that's disguised as a voice recorder. In reality, it settles into the background, listens to your phone calls, and knows when you speak a credit card number. The app then relays that info over the network:
Soundminer sits in the background and waits for a call to be placed.…When triggered by a call, the application listens out for the user entering credit card information or a PIN and silently records the information, performing the necessary analysis to turn it from a sound recording into a number.
The software works for both spoken numbers, as requested by some voice-activated IVR systems and by human operators, and numbers typed into the virtual dialpad on the phone - recognising the DTMF tones and translating them back into numbers again.
Yikes. For all the promise of ubiquitous computing, of little genius devices that know everything about you, there's a corresponding flood of evil geniuses ready to take advantage.
Apple's been mighty successful at keeping exploits like this off of iOS, but they've done it by strictly limiting what apps can do on the phone. Strong walls within the operating system mean that background apps can't do stuff like this, and of course every app gets a hard look by Apple's reviewers before getting into the App Store. Depending on your point of view, this is either a strength or a weakness. Android, of course, has a far more laissez-faire approach, allowing apps lots of flexibility and requiring no review to get into the Android Market.
The upside of the Android approach (or for that matter, of the iPhone jailbreak community) is that your phone is truly yours. You can put any kind of app you want on it, customize it to your heart's content. Pimp my phone. But the downside, demonstrated by the Soundminer app, is that you take more responsibility as a consumer for what you put on your phone. You have to go carefully. With great power comes great responsibility, blah blah blah. Inevitably, I suppose, that means managing the dreary administrivia of stuff like antivirus software for Android.
I'm not suggesting that Android is inherently insecure; it's just that you have to know how to use the thing. When Android launched, its early-adopter audience was mostly composed of tinkerers—a tech-savvy crowd who wanted the flexibility to turn their phone into whatever they wanted. But Android is growing fast, and as it extends its reach into relatively cheaper smartphones, its audience is turning correspondingly younger and less educated, too—a simple fact of available pocket money. Going forward, that means Android Nation will be less and less of a geek population. Yet safety on Android requires a threshold of nerd savvy, and that divergence worries me.
One promise of this new era of mobile computing is ease of use. Watch kids and other computer newcomers use an iPad, for example, and you get it. The iOS platform sacrifices flexibility for ease and safety, two important ingredients of delight. I like the Android platform, and I appreciate all that it can do, but you have to know what you're doing, or you can get into trouble. You have to work much harder to get into trouble with iOS.
More and more, I'm thinking about platforms as cultures. iOS is remarkable for crafting a warm, personal connection, while Android is more about efficiency and technology. (The difference is particularly stark in their TV ads.) Likewise, security vs freedom is a cultural decision—as you can see at any US airport—and one that now extends to our personal technology decisions. As designers and user experience pros, it's more and more important to help our audience understand those decision points.
There's room for all of these cultures, and there's no "right" or "wrong" platform. (And anyway, at the current rate of innovation, the notion that there will be a winner in the short term is naive at best.) You should have the option to pimp your phone if that's what you want. It's just that it's important to go into it knowing the responsibility this flexibility requires.
Comments
2 comment(s) on this page. Add your own comment below.
Do we actually know that this kind of exploit wouldn't be possible on the iPhone? Apple doesn't do code reviews. An iPhone app could behave just fine when Apple reviews it, but trigger a different behavior once it's in the store. iPhone apps can run in the background (in fact, the app could pose as an MP3 player, and legitimately run in the background). I'm not sure if iPhone apps can listen to the iPhone's mic while in the background, but do we know for sure that they can't?
I'd be the last to speculate that this definitely can't be done on iOS or that iPhone is absolutely ironclad safe. No doubt exploits will emerge on iPhone, too.
My point is simply that Android has a bigger surface area by design (if you give 'em permission, any app can crawl inside the calling app). With iOS, there's a different intent in the design: the system is meant to prevent any app from accessing the phone, ever. There certainly could be flaws or holes in that design, but its intent is to limit very tightly what background apps can do. Android meanwhile is specifically designed to allow apps to do much, much more in the background.
Apple doesn't do code reviews, but they do seem to run tests to detect private APIs etc. It's at least more strict than the Android Market, which does nothing at all.
No system can ever be perfectly safe. But cultural values of the system tend to make some "safer" than others—and shift the slider of personal responsibility for the consumer.
Add a Comment
Don't be shy.