《愤怒鸟》（Angry Birds）等热门游戏刺激了大量休闲游戏玩家转向手机平台，但信息安全调查专家及Scio Security公司首席技术官Jon Oberheide日前指出，在手机游戏这一新领域，Android用户尤其容易受到病毒及流氓应用的侵犯。

Oberheide的一项试验结果表明，Android操作系统的安全性令人担忧，因为流氓应用很容易就能绕过Android平台的标准安全控制措施。

在试验过程中，Oberheide将一款伪造的《愤怒鸟》升级应用投放到了Android Market，它会在未经用户许可的情况下，擅自让用户附带下载该应用商店的数款其他产品。

android-market

这款“愤怒鸟木马”还仅仅是Oberheide和Zach Lanier（Intrepidus Group公司高级顾问）联合推出的“杰作”之一，可以成功绕过Android的标准安全性审核程序，比如说询问用户是否同意该应用访问手机操作系统的某个位置，或下载额外的应用软件这类程序。

这样一来，用户如果安装了这种类型的游戏，就会发现自己的手机充斥着大量未获批准的流氓应用，占用了不少内存。

相比苹果App Store的严防死守，Android Market则缺乏完善的应用审核程序，这一点已经备受开发商诟病。

不过，据《福布斯》消息报道，谷歌已经在6小时之内将这些伪《愤怒鸟》应用清理出户，其新闻发言人宣称将在本周五（11月19日）对应用商店的漏洞进行修复。

但这项《愤怒鸟》试验，却并不是首个让Android安全性问题引起关注的案例，今年6月，Oberheide还上传了一款与《Twilight》系列相关的应用，通过窃取用户的Googe Talk帐号资料和联系人列表，增加自己的下载安装数量。（本文为游戏邦/gamerboom.com编译，转载请注明来源：游戏邦）

Angry Birds hoax exposes security issues with Android

While the likes of Angry Birds have been catalysts for bringing casual gamers into the mobile loop, the inexperienced nature of this new audience means they’re susceptible to attack.

That’s the assertion made by security researcher and Scio Security CTO Jon Oberheide.
 
In an experiment designed to expose Android’s vulnerability, Oberheide has alleged it’s especially easy to bypass the platform’s standard security controls.

Bogus birds

Oberheide released a fake Angry Birds bonus level app on Android Market that, without the user’s content, authorised the downloading of several other apps from the marketplace.

The Angry Birds trojan – just one of the apps Oberheide and Zach Lanier, a senior consultant at Intrepidus Group, put live on Android Market – skipped Android’s standard security checks, such as asking users to give permission for apps to access certain areas of the OS or download additional titles.

As such, any users who installed the supposed game could have found their handset overrun with other rogue apps making use of info on their phones without their consent.

Reviewing the review process

It’s the lack of the kind of formal review process as practised – and, indeed, much criticised by some developers – on the App Store that allows such apps to make their way onto Android Market.

However, Forbes reports Google removed the fake Angry Birds apps within six hours of its release, with a spokesperson claiming a fix for the issue will be rolled out this Friday November 19.

Nevertheless, Oberheide and Lanier’s Angry Birds experiment isn’t the first to highlight security concerns with Android.

Back in June, Oberdeide also uploaded an app based on the Twilight series that used users’ Google Talk account details and contact lists to push itself out to a large install base.（source:pocketgamer）