Google has responded to the alarm raised by an Android security expert of a bug related to the Android Market that could have caused a lot of trouble. The security hole was related to the recent implementation of the Android Web Market, and would have given hackers the ability to install malicious software fairly easily.
Co-founder and chief technology officer at Duo Security Jon Oberheide discovered the flaw last month and notified Google, who fixed it within "the last week or so." Users would have merely had to click on a malicious link on either their phones or on their desktops to activate the unwanted installation of rogue software. Oberheide said he was surprised nobody had discovered the flaw before (which he called "low hanging fruit").
After last week's scare with the DroidDream malware installed from Market apps (unrelated to this news today), Google is likely very relieved to have nipped this one in the bud before any damage was done. However, are we beginning to see the downside of Android's openness? What if this well-meaning security expert hadn't brought it up? While I hardly see this as cause for panic, perhaps the search king would be wise to amp up its detection and response to these kinds of threats (particularly if this latest bug was as easily detectable as the Duo chief claims it was).