From: NewsFactor

By Byron Acohido

DARPA is asking Invincea, a web browser security firm, to lock down data on Android devices. The agency’s $21 million grant supports development of technology that isolates malicious web apps disguised as Android-based games, text messages and social-networking add-ons. The idea is to beef up security by Android devices used by soldiers.

Android mobile devices, under heavy assault by cybercriminals, may eventually be less vulnerable because of a grant from the military.

The Defense Advanced Research Projects Agency has commissioned Web browser security firm Invincea to security-harden ordinary Android tablet PCs and smartphones so soldiers can use them securely in combat and in the barracks.

Invincea has been testing software that locks down data on Android devices used by 3,000 soldiers in Afghanistan, so information on lost or captured devices can’t be accessed.

The $21 million grant supports development of technology that isolates malicious Web apps disguised as Android-based games, text messages and social-networking add-ons. Typically, such bad apps enable the attacker to take control of the device.

“Our technology limits any app running in our bubble from gaining access to data or things like the GPS, microphone or camera,” says Anup Ghosh, company founder and chief executive,

The research comes as security firms are tracking an explosion of malicious Android apps spreading across the Web.

Malicious Android apps tracked by security firm Webroot rose 250% to more than 1,400 samples in January, up from 400 in July 2011. That’s been followed by a 900% rise in the first six months of 2012 to the roughly 12,000 bad apps that Webroot tracks today.

“Crooks realize there’s valuable data they can access once they break into your device,” says Grayson Milbourne, Web-root’s director of threat research. Android devices are “the golden key to being able to leverage stolen personal data.”

What’s more, many, if not most, mobile device users are ignorant about the rising threat. Fewer than 50% use data security features that come with the apps they install on their devices; 72% routinely make connections to insecure Wi-Fi networks, according to a Juniper Networks survey of 4,000 mobile device users.

“Education for users is the first step to reducing their threat exposure,” says Vic Alston, chief executive of network testing firm Ixia. Being diligent about using device and app passwords is a good place to start, he says.

Because many users do what’s most convenient, the military research could be a big help. Invincea hopes to introduce Android security software for consumers, based on its military work, in one to two years, Ghosh says.