Google Takes Heat Over App Security

A major software attack on mobile phones has put pressure on Google to do more to secure its online store for smartphone applications. The company behind the now ubiquitous Android operating system came under fire after computer-security experts last week uncovered more than 50 malicious applications that were uploaded to and distributed from Google's Android Market.

Some security experts said the incident shows Google, which doesn't inspect Android apps before they are published, needs to do more to try to ensure the apps are safe before they are offered to smartphone users. Google largely relies on users to rate apps and raise the alarm about any problems with them. It also requires consumers to give their consent for an app to access their personal data. But that approach isn't enough, according to Chris Wysopal, chief technology officer of computer-security firm Veracode. "App stores need to get serious about vetting code before it is available for customer download," Mr. Wysopal wrote on his blog. Google has said 58 malicious apps were uploaded to Android Market and then downloaded to around 260,000 devices before Google removed the affected apps last Tuesday evening. It isn't clear how many users activated the applications, a Google spokesman said.