Android and security risk has become synonymous lately. And this is coming from someone who likes Android.
This is more a situation where it's not so much an Android issue, as it is an app with a glaring security flaw. Regardless of which operating system an app is designed for, a poorly designed app can pose a serious security threat on any platform. Unfortunately for Android, in this case it happens to be an app written for their platform, so they'll suffer a stigma.
Originally Posted by dutchtender
yes but is it as big of security nightmare as the BB webkit browser?
So what if it is or isn't? Does that detract from the seriousness of a security issue with the Skype app? Or are you just hatin for the sake of hatin?
Windows Mobile had skype and there haven't been any big vulnurabilities found in it. WP7 doesn't have it yet, but it's coming. They were showing it off at MIX.
All WP7 applications are sandboxed and 3rd party applications do not have access to that much information from the system, so it will be hard to excercise these types of exploits there.
So, the Skype security risk is that they didn't encrypt their database, so another app can gain access to your Skype contact list.
It doesn't give access to your phone's contact list. It doesn't give access to your phone. The only information that isn't secure is the data in the Skype contact list, and only if you load another application that attempts to read the Skype contact database. I would say that Skype will encrypt the database in their next update.
This is more a situation where it's not so much an Android issue, as it is an app with a glaring security flaw. Regardless of which operating system an app is designed for, a poorly designed app can pose a serious security threat on any platform. Unfortunately for Android, in this case it happens to be an app written for their platform, so they'll suffer a stigma.
Full agree. But that's the potential problem of not carefully reviewing apps before they are available in your store. So that's what makes it an Android problem.... the lack of moderation around the app market. But again, I like Android but the "openess" of some things make it more susceptible to these types of attacks. Until they crack down on the market, these risks (small is many cases) will will there. It's one thing to have general OS risks that all OS have but when it's things that you allow in the market, that increases the chances.
Rather have market leaders releasing apps in a poorly monitored app store than not get those apps at all (or have to pay an arm and a leg for it i.e. $20 for Vlingo on Blackberry when the free Android app has all the functionality of the paid BB version and a ton more)...
Full agree. But that's the potential problem of not carefully reviewing apps before they are available in your store. So that's what makes it an Android problem.... the lack of moderation around the app market. But again, I like Android but the "openess" of some things make it more susceptible to these types of attacks. Until they crack down on the market, these risks (small is many cases) will will there. It's one thing to have general OS risks that all OS have but when it's things that you allow in the market, that increases the chances.
Android though has the most number of critical vulnerabilities. Some may not care, some may care. To some the number of vulnerabilities is at best an intellectual discussion.
That however, doesn't mean there isn't a real and present danger of drive-by attacks.
The openness of android is a two edged sword. It MAY make it easier to hack, but it also makes the vulnerability of apps come to the surface faster. They then receive fixes quicker. Skype is already fixed.
Has rim released a patch for their browser yet? With a closed system like bb, there are fewer developers to work on a fix and one has to rely on the hope that rim will some day plug the hole.
Posted from my CrackBerry at wapforums.crackberry.com
Since I don't have OS6 I don't know if a fix was released. Disabling javascript is a quick workaround and is the only "real" vulnerability, to my knowledge, that poses any clear and present danger.
Android has a laundry list of vulnerabilities. Don't shoot the messenger.