Security firm Sophos says Android Market's instant-download feature has a flaw that could open up Android devices to malicious downloads from attackers Android Market’s instant-download feature for applications that customers buy has a flaw: It could open up Android devices to malicious downloads from attackers, according to security firm Sophos.The problem is that when customers buy applications for their Android devices, they are downloaded to the devices right away – without the customer having to approve the actual installation of the software, Sophos virus researcher Vanja Svajcer says in a blog post. [ iPhone, BlackBerry, or Android? Whatever handheld you use or manage, turn to InfoWorld for the latest developments. Subscribe to InfoWorld’s Mobilize newsletter today. ] Learn more: Smackdown: Android Market vs. iPhone App StoreThat could leave the device open to anyone who manages to steal its owner’s Google password, says the security firm. “In summary,” Svajcer says, “if someone managed to steal your Google password they could trick your Android smartphone into installing software, without you having to grant permission on the device itself.”The blog notes that when the applications are downloaded, it is done in the background, so customers would likely not be aware. “The result of all this is that a Google password suddenly becomes even more valuable for potential attackers, and I would not be surprised to see even more Gmail phishing attacks as a consequence,” Svajcer says.Sophos recommends that Google change the procedure so customers have to approve the downloads. In the meantime, the company recommends that customers make sure they have strong passwords that are not easily guessable for their Google applications accounts.Read more about wide area networking in Network World’s Wide Area Network section. Technology IndustryMalware