OMG security scare!

As soon as the schedule for Google I/O 2012's developer sessions was announced, I knew the Security and Privacy in Android Apps session was going to be a must-attend session. The Internet and its FUD machine gives Android security a lot of bad press, and while some of it is warranted, some of it is just sensationalism. Android is a big name and big names in big headlines sell papers. 

I'm so glad I felt forced to attend this one. The presenters (Android security engineer Jon Larimer, and Android framework and security engineer Kenny Root) did a wonderful job. It was developer-oriented for sure, but laid out in a way that even novice coders (or rusty old ones) would understand. The gist of it all was typically Google, and typically open -- the tools and methods to provide a very secure Android application are there, developers have to use them correctly. Android's open-market model means there is no one to review every app before it goes in Google Play, and with easy sideloading just about any code can find its way on your device. (Hopefully with your knowledge.) It's up to developers to use the tools to make a safe, secure, and useful application. It might sound like Google is passing the buck on security here, but we have to remember that the alternative is a locked-down garden of corporate evil  model like Apple where they control everything that goes in or out of a phone you paid for. I prefer the open model, and I imagine that most of you reading will agree.

The basics, like Android's sandbox, were covered, as well as some outside-the-box thinking, like the risk of Web containers and home-made encryption. We saw examples of how to use the correct app permissions (and only use the correct permissions), developer account security to keep your good name safe and untarnished in Google Play, and even the insecure nature of being online was covered. Larimer and Root did a great job telling the attendees (the room was so crowded they had to turn folks away to meet fire-safety code) about the hazards that exist and the tools to combat them. It was the perfect example of why Google I/O is important to all of us -- developers need to hear this stuff. The short of it:

  • Our mobile devices are full of very important (to us) and private data.
  • Applications must be designed to protect data.
  • Any and all data exposed to your application must be kept secure.
  • Android uses application sandboxing and the Linux security and permissions model, so you have to be wary of what other apps are going to ask your app to do for them.
  • Permissions are of the utmost importance. Learn what each one does, and only use the ones you must.
  • Intents and APIs should be used instead of global permissions.
  • Your (the developers) name is on the tin. Spend the time to make sure your product is secure and user info is kept private.

It's a relatively simple set of guidelines, with about a million ways to go wrong. Luckily Google is ready and willing to help with sessions like this as well as various code-jams and developer hangouts across the globe. 

What was initially something I thought I had to attend, like it or not, turned out to be the highlight of the entire event for me. Google is serious about application security and your privacy, and they want to help every developer write great apps that keep users data safe and sound. If you're not an Android dev, you can feel good that Google knows what the issues are, and is doing everything they can to keep you safe. If you are a developer, you need to watch this session. We've got the video (about an hour) and a gallery of some highlights after the break. 


Reader comments

Android developers demystify application security (the sky is not falling!)


"alternative is a locked-down garden of corporate evil model like Apple where they control everything that goes in or out of a phone you paid for."

I'm sorry Jerry. I don't agree. You could have a walled garden with a gate that can by unlocked by the end user. Just about every Android phone on the market has the unknown sources checkmark. Your average user does not know about this and will never use it. They could easily expand that to have a checkmark that allows only verified apps on the market. Each app has a signature that Google applies to the app after its gone through a rudimentary screening. If you want to live on the dangerous side have a checkbox that will show all apps.

Think of it this way. Everyone remembers TSA security before 9|11. basic metal detectors, and the occasional pat down and scan. Now today we have full body scans. But Android's market doesn't even have metal detectors. there is no reason why Google can't offer the ability to have the app checked for iffy behavior and published under a basic seal of approval with the addendum that Google is not responsible for apps that may slip through the net. (Because you know that someone would sue them the first time something made it through the screening.)

My point being is I'm not trying to provide an end all be all solution, but to point out the fact that there are options other then each end of the security spectrum. there has to be a happy medium.

When installing an app you should have to approve the permissions it requested, if you don't approve specific permissions such as access to network or contacts for something that doesn't really need it (at least the way you want to use it) then you should be able to turn that off and expect the app to handle that as gracefully as possible.

The ideal in my opinion (I didn't read all of addict's post), would be Google only allows reviewed apps into the store, but we can side load to our heart's content. The way Google does it looks too much like Steve Jobs told Eric Schmidt to do Android that way, just so the walled garden approach looks better.

Yes, I do think Android was a nefarious plot by Steve Jobs to kill Palm and Windows phones, yet build it on a foundation that would collapse, leaving Apple the only choice in modern tech. Why do you think Google didn't get a license from Sun?

It sounds like a business opportunity for a company to set up an alternate app market with the following rules:

1) All apps have their source code reviewed for malware/spyware, to confirm that the app does what the description says it does, and to confirm that it's not a pirated version of another app.
2) Any app that is not malicious or fraudulent is approved, regardless of content or quality.
3) Developers get to keep the same 70% of profit that they do from Google Play.
4) App market company (instead of carrier) gets the remaining 30%, and uses this to pay for their code reviews, etc.
5) Profit!

Instead of a walled garden or wild field, call it an open garden with the obvious weeds removed.