If you're familiar with the goings on with Google as of late, you know that Android has just received a significant bump with a fully functional browser-based store. Up until now, Android users had to rely on the tiny Android Marketplace based on their handheld devices - this new store allows apps to be downloaded simultaneously to each and every one of these devices (if the user has several) all at once, direct from the cloud. What's the problem with this? Doesn't this all seem like flowers and candy? How about if someone grabs your password?
That's right, this security hole isn't some intricate set of hacks flown in from Anonymous, it's a simple password protection situation, one that us human beings must be as careful as possible about. The danger in this situation is if indeed someone does get the password to your Google account, they'll be able to download applications to your devices from wherever they are in the world - since Google has these apps downloaded straight to your devices from the cloud, if someone has access to your Google account, they'll be able to insert whatever apps they wish into your phone. Harsh reality.
What Vanja Svajcer suggests, and we agree, is that there should be at least one more step in this process, that being a simple "accept download yes or no" notification that pops up on the user's device whenever an app is attempting to transfer from the cloud. Simple enough!
[Via Naked Security]