When Android was announced as an operating system (eighteen months ago), I predicted that that it could lead to serious security attacks (Read the last paragraph in my blog). In a recent (much publicised) incident, this is exactly what happened. A rouge application that utilise phishing techniques to steal banking details appeared for Android-based mobile phones. While this is the first known incident, expect many more to follow. Android as an operating system is just ideal for developing applications with ill intent.I believe that there are two sides to this story:
a. This is the end of the promise of secure mobile banking (at least on Android-driven) phones. All the potential of not repeating the challenges of browser-based banking has now disappeared. Developers of mobile banking solutions (and operational executives) will have to consider this reality whenever they launch products or design business processes.
b. Android is here to stay. It is a reality that we as mobile banking professionals will have to live with. It is important that solutions are designed in such a way so as to take cognisance of the holes in Android, but more importantly: that consumers are educated on how to work with necessary new security mechanisms (like memorable items)