With approximately 550,000 new activations per day, Google's Android is rapidly carving out its own piece of the smartphone market and gaining a reputation as a highly flexible, infinitely customizable and innovative open-source mobile device platform. Having acquired a full one-third market share by the end of 2010, it is putting the pressure on Apple, Inc., the makers of iPhone, and Research In Motion (RIM), the makers of BlackBerry. However, offering open access to the operating system's active source code is creating another name for Android – the most hacked mobile device.

The Android platform is based on the Linux kernel and provides public access to all currently released versions. New versions are developed privately. Applications developed for use with this platform are largely based on Java and can be developed by anyone with enough programming knowledge. These apps are made available through third-party websites or Google's online software store, the Android Market. Because anyone with the knowledge can develop applications, hackers have flocked to the platform like flies to a manure pile in an effort to take advantage of lacking antivirus protection. The result – massive mobile device infections.

Android applications are designed to run in an isolated environment on the device called a sandbox. This prevents the application from accessing the device's resources unless the user gives permission. This is where the problem starts. When asking for permission, most apps do not identify why they are asking for certain permissions, and most users blindly grant permission simply because the app asked for it. This makes the devices even more vulnerable to attacks.

The most recent vulnerability discovered in the Android platform surrounds the authentication protocol ClientLogin. The protocol issues an authentication token that's good for 14 days instead of requiring authentication each time the device accesses a Google application. This increases performance, but the tokens can be intercepted and used to access the sensitive personal information contained in the device during the two-week period. Although the authentication data is transmitted less frequently using this method, once the token is intercepted, the vulnerability allows hackers to make changes to contact lists, access email accounts, delete data, access photo albums or any other Google applications. Access is not limited to just those installed on the device. Once acquired, the tokens provide access to all the user's Google apps.

Applications that have been uploaded to the Android Market and identified as containing viruses or malware have been removed from the site by Google, but more than 300,000 apps are currently available, with more are being added each day. Devices running version 2.3.3 or earlier are most vulnerable to attack. Unfortunately, this includes more than 84 percent of the 190 million devices currently in use.

Security software developers are releasing anti-virus software designed specifically for mobile devices and are including the Android platform more often as its market share continues to grow. Android users are encouraged to install anti-virus software on their devices and to use caution when downloading apps. Just like a home computer or laptop, mobile phones are becoming the target of malicious attacks, and hackers are focusing on the wealth of information available on these tiny devices.

At TopTenREVIEWS We Do the Research So You Don't Have To.™