The new Android Market opened its doors last week, and security experts have already discovered a feature that makes users downloading apps via a smart phone particularly vulnerable to cybercrime.
Android’s revamped market allows for remote download and installation of any app to a mobile device — all the user needs is a Gmail account linked to the device, the security company Kaspersky Lab said in a blog.
With access just a click away, the market offers what could be viewed as a convenient online shopping experience.
Convenience comes with a steep price, however. Users must agree to the permissions requested by the app, but once selected, the Android app begins downloading and is installed without any further security verifications needed.
This gives a dangerous amount of freedom to anyone who gains access to your Gmail account. More than just having access to your e-mails, the cybercriminals can then remotely purchase — with your money — and install any app, including ones that can be used to maliciously attack your Android smartphone.
Kaspersky Lab said there is currently no way to disable the remote installation feature.
While the Android security problem persists, security experts advise Android and Gmail users to create strong passwords, and to be skeptical of apps that request a level of access you don’t feel comfortable giving.