It ges worse for Android: IBM uncovers Android banking vulnerability

The message for Android is increasingly bleak in the context of security. I really do wonder whether the average normob (“normal mobile user”) is beginning to form the view that ‘Android is insecure’.

I don’t know if the message has penetrated widely enough and often enough in mainstream media yet. But I’m sure some damage is being done.

The pivotable moment will be when an institution or company (e.g. bank or supermarket) with millions of customers reports a meaningful exception (e.g. “1 million of our customers that use our [platform name] app have lost £5 due to hacking”).

One-in-ten banking apps are wide open to a malicious drive-by hacking exploit that exposes user credentials when visiting bug-laden websites. The vulnerability – discovered by the IBM Security X-Force Research team – lies in Android applications built on the Apache Cordova previously PhoneGap platform. According to AppBrain, this affects 5.8% of all Android apps and roughly one-in-ten mobile banking apps.

via Finextra: IBM uncovers Android banking vulnerability; consumers turned off by security fears.