Once again Google comes up with a new look for itself. But Google is no purposeless fashionista. The latest change to its tool bar is not for decorative purposes. It may seem like an unnoticeable addition but to those of us who like to consider ourselves permanent residents of the virtual world, it’s a noticeable thing. Especially since this toolbar addition ties into a huge bungle involving Russian email apps and Samsung Androids and phones and possible security loopholes.
On its toolbar (not to be confused with a browser toolbar) Google has added a link to its Google Play Store. So now if you wish to visit the Google Play store, you can quite easily. It may be unashamed self promotion, but hey, you can’t really blame them.
Now let us talk about Samsung’s role in the whole affair for a bit. In a strange series of events, a foreign bug has been finding its way into Samsung’s handsets. The bug ties itself to a Russian company known as OJSC Mobile Telesystems since its mailing app is what is appearing on these handsets. The name of the app appears as “MTC Мобильная Почта” and leaves the users baffled as to both its purpose and origin, many probably fearing an attack of some malware or possibly even mobile spy. But thankfully, this wasn’t the work of an angry teenager, jilted lover or terrorist organization.
So how did this come to be? The Russian company named their app the same package name as Samsung’s email app. But where does the Google Play link come in? Well it isn’t as fancy or complicated as it seems upon first hearing of it. The Play Store uses the names of the package to auto update the apps. The phone mistakenly began replacing the Samsung mail app with the Russian app in an attempt to update it. Since everyone assumed that it was a system app, its removal without a root user function just did not happen.
Mobile malware (and in this case even the fear of Android spyware) is a serious problem and it is no wonder that users are weary of alien looking apps on their phones. But this seems to be a genuine glitch, as deduced by XDA developers upon looking into the application package (APK).
So though we can brush the incident aside as an honest mistake the deeper issue of Google’s security remains. If a simple package name mix up can have such far reaching effects then how far similar troublesome issues of mobile spy and Android spyware will go is worrisome. It brings home how vulnerable Google is to malware when it comes to automatic update installation. And the simple reason for being unable to detect the duplicate package name was that Samsung’s email app was not a part of the Play Store. Hence Google only reads those packages which are a part of their promotion campaign, thought provoking if not disturbing.
But what about the Russian company? They never intended to have their apps used by Google in such a way. They’re giving partners apps with the same package name because it was not intended to be used on the Google Play Store. Simply providing their partners with unique package names for each distribution of the email app would do the trick to ensure nothing like this happens again. The Russian company OJSC has removed their application from the Google Store but those who don’t have the root option have no way to get rid of the app unless there is an uninstall updates option available.
But Google’s vulnerability to attack by malware has been highlighted by this seemingly innocent mix up. Also how different apps from different companies can be compromised by simple processes like auto updates complicates the matter even further. Perhaps we will have to wait for more incidents to know how many more thorns lie on the trail.
Author Bio: Natalia David, an author significantly contributes towards PC and cell phone monitoring, mobile phone spy and android spyware . She recently read some good piece of work on news and hence her interest shifted towards technology news. If you want to know more about Natalia you can follow her on twitter @NataliaDavid4. For more android news google play games and apps visit Android Blog at AndroidPit.com.