Everyone is excited about the new Google phone – Nexus One. I am actually considering making the jump from iPhone to an Android-based phone. The Android Market is the Google’s answer to iTunes App store.
In an interesting twist of events, a rogue app called “Droid09” was uploaded to Android Market, claiming to be an official online banking app from First Tech FCU. The fake app then attempted to collect user login information – thus becoming the first phishing app for Android.
It makes me wonder whether there is any way for an Android-phone user to know whether a downloaded app is authentic or not. While we usually go to the websites of the companies we know and trust to download software patches and upgrades, both Apple and Google are essentially the middle men in delivering web apps from various service providers. You can’t just go to the Electronic Arts’ website and download a game for iPhone. Consumers will be at risk as long as there is no mutual authentication mechanism that would authenticate the service provider (and/or their app) before the user is asked for their security credentials.