Android Malware May Have Infected 5 Million Users 280
bonch writes "A massive Android malware campaign may be responsible for duping as many as 5 million users into downloading the Android.Counterclan infection from the Google Android Market. The trojan collects the user's personal information, modifies the home page, and displays unwanted advertisements. It is packaged in 13 different applications, some of which have been on the store for at least a month. Several of the malicious apps are still available on the Android Market as of 3 P.M. ET. Symantec has posted the full list of infected applications."
Opps... (Score:2)
n/t
Those Counter-Strike "Clones" (Score:5, Interesting)
I've always thought it was odd that those games that literally copied Counter-Strike were allowed on the Google Market.
I know, you're about to say "copying gameplay, while unethical, is completely legal". Problem is, they didn't copy the gameplay - they're boring rail shooters. The copied stuff is the art - the textures, models, even some of the maps. And that's blatant copyright infringement. It's obvious even from the previews, if you've played the game enough. And since, at one point, people playing cs_italy were responsible for more bandwidth usage than actual people in Italy, I'm pretty sure I'm not the first to notice it.
I figured Valve, being pretty savvy about this sort of thing, figured that suing them would give them too much publicity - Streisand Effect and all that, not worth the huge amount of publicity that anything Valve does. Now, I'm thinking that iApps7 was just ignoring the cease-and-desists, because when you're already distributing malware and committing actual, commercial copyright theft, you're probably not too afraid of lawyers.
Re:Those Counter-Strike "Clones" (Score:5, Funny)
I've always thought it was odd that those games that literally copied Counter-Strike were allowed on the Google Market.
I know, you're about to say "copying gameplay, while unethical, is completely legal".
Apparently, it's only red double decker buses on a black and white picture that can be not made similar.
Re: (Score:2)
And next logical step from playing Quake III and Counter-Strike is going to school with a gun.
Your "logical" misses actual logic.
Google Needs To Get Their Ass In Gear (Score:5, Insightful)
Although I seriously doubt Symantec's 5 million number is right, the fact that malware keep showing up on the market is disturbing. Actually, we're beyond disturbing, it's getting downright annoying. Google needs to do better than removing bad applications after the fact, and while this doesn't need to be a Jobsian walled garden, at a minimum Google needs to start reviewing all applications (and updates!) before posting them to make sure they're clean.
Phones are appliances, and trying to handle malware the same way we handle it on computers (which is to say, after the fact) is not going to work.
Re:Google Needs To Get Their Ass In Gear (Score:5, Insightful)
What they could do is provide the same sort of "reviewed application" market that Apple does, but as an option (as I believe Apple should). I see that as the best of both worlds. If you want to lower the odds of malware, use that market. If you don't mind a little risk use something else, like the current Android market.
Re: (Score:2)
I'd also like to add that my phone is no more an appliance than my home computer. Some phones are appliances because their functionality has been reduced to that. I'm still hoping for an updated version of the N900 (or something similar) to hit the market.
Re: (Score:2, Informative)
AC [slashdot.org] writes:
Nerds seeking a feeling of control in their lives turn to computers. They hate the idea of appliances, because the feeling of mastery over something gives them a sense of control that they lack in their daily lives.
bonch [slashdot.org] writes:
I think some of the Apple hatred stems from the fact that many techies absorb themselves in computers because it gives them a feeling of control that they lack in their daily lives. Mastering a system is gratifying on many levels.
Overly Critical Guy [slashdot.org] writes:
I think the cause of reactions like yours is that some people don't have control in their lives, so they seek it in PCs, because mastering the upkeep required for a PC gives you that missing feeling of control. Having that feeling taken away from you by non-PCs threatens you on a core level, reminding you of the lack of control in your real life, so you snap back to protect it.
You don't even really try, do you?
Re: (Score:2)
AC [slashdot.org] writes:
Nerds seeking a feeling of control in their lives turn to computers. They hate the idea of appliances, because the feeling of mastery over something gives them a sense of control that they lack in their daily lives.
bonch [slashdot.org] writes:
I think some of the Apple hatred stems from the fact that many techies absorb themselves in computers because it gives them a feeling of control that they lack in their daily lives. Mastering a system is gratifying on many levels.
Overly Critical Guy [slashdot.org] writes:
I think the cause of reactions like yours is that some people don't have control in their lives, so they seek it in PCs, because mastering the upkeep required for a PC gives you that missing feeling of control. Having that feeling taken away from you by non-PCs threatens you on a core level, reminding you of the lack of control in your real life, so you snap back to protect it.
You don't even really try, do you?
Thanks for that. I thought that I had heard that sentiment on Slashdot a couple of times and it was bugging me.
Re: (Score:3)
What is this garbage? Why is such a blatant troll getting modded up?
I'm going to defer to this AC [slashdot.org] who seems to have done a good job of connecting the dots.
Re: (Score:3)
most people don't even manually shift gears
I presume you are in the 4% then? Most people do control their gears - just not in the USA. Canadians please comment. I don't know if you have allowed the US motor industry to remove control of your cars from you as well,
Re: (Score:3)
And I have to say, lying in bed with a computer that does all the things I and most people in the world use them for--browsing the web, casual games, watching movies, posting on social networks, listening to music--without all the maintenance and time investment of a girlfriend is really, really nice.
FTFY
Re: (Score:3, Insightful)
With a sample size like that, how could you be wrong?
For crying out loud, we're onto year three of the iPad, and it sold over 15 million last month. This is as much a "fad" as the mouse and GUI. If you don't see the inevitability of this, then frankly you are out of touch. Nobody wants to install and maintain a PC just to browse the web anymore. The same kind of streamlining already happened to gaming in the
Re: (Score:2)
With a statistical approach like that, he is well set for a long career in politics.
Re:Google Needs To Get Their Ass In Gear (Score:4, Insightful)
Yeah, and 76 million Tamagotchis have been sold world-wide. That doesn't make it less of a fad.
Re:Google Needs To Get Their Ass In Gear (Score:5, Interesting)
When netbooks came out they delivered remarkable utility with long battery life in a tiny package for low cost - using Linux and small SSD media. The netbook met a need for low-cost compromised UI with good performance. Then Microsoft convinced all the Linux netbook vendors to convert back to XP, consuming more storage (and driving the cost up) and delivering less-adequate performance. They sold more units, and lost money on every one. And then there was the crippled versions of W7 thing with even higher costs as the cost of full laptops dived below the price of netbooks. And the netbook market crashed because nobody was going to go back to the cheaper, quite awesome Linux variant when they could sell $300 laptops instead. But a funny thing happened. The price of a laptop also fell in response to this netbook threat - from $900 to under $300. Microsoft successfully killed the netbook by cutting the throats of their PC OEMs with budget laptops.
People forget that between the netbook and the tablet was a Smartbook - invented by Asus and showed briefly in 2009 at a summer trade show - and then suddenly yanked in mid show. It was a ARM/Linux platform. The very next week a very nervous looking Jerry Shen flanked by Steve Ballmer and a member of Microsoft Legal was talking up Asus W7 platforms on a stage in Taiwan. He seemed to be sending out very stressed body language - something like "help me".
So now we have ARM tablets, mostly thanks to Apple's huge margins and lack of commitment to the Windows ecosystem enabling them to innovate. But the netbook story isn't going to play out here again. The CE vendors are in this game now and Microsoft doesn't have the leverage over Samsung and HTC that they had over the PC vendors. The CE vendors can't make Apple tablets: only Apple can do that. So they're going to do the thing they CAN do, and make Android tablets as best they can. And they do. And they rock. And Google does the ecosystem thing for them, with 250M units in the field the developer need not worry about there being a market for his app if it's any good. With hundreds of thousands of apps customers need not fear the thing won't do what they want - in fact, if you've bought it for your phone you don't have to buy it again for your tablet. And some of the apps - particularly games - are quite incredible on a device with all-day battery life. And things like Kindle app of course still give you access to all the things you've bought through there too.
The new crew, the CE giants, the Samsungs and HTCs are also the ones burned on Windows Phone and buying back their stock thanks to Nokia's preferred standing - so they're not going to push for WoA. Neither are the PC OEMs, once they find out Nokia got early access and help, and they're required to include software with Nokia branding on it in their PCs.
WoA is going to try to step into this with no apps, a rejected WP7 UI and a general distrust of Microsoft, and try to make a go of it. Maybe even without multicore. They're going to have to acquire HTC to make that happen, because without something on that scale they got nuthin.
This is starting to look like the end of the beginning.
Re:Google Needs To Get Their Ass In Gear (Score:5, Interesting)
Consider the difference between the following questions:
(1) Who can *you* trust?
(2) Who can *everyone* trust?
The problem with the Apple market, and with your idea too, is that it is predicated on having an answer to the second question other than "nobody".
It seems clear to me that a better solution could be built around the first question. That entails letting the consumer decide who he trusts to review and approve apps, then giving him the tools to implement that trust. That'd involve some kind of network to distribute digitally signed approvals. You wouldn't have to have different app stores. You could use any store or combination of stores you wanted. What matters is whether you can find a certification for an app from an authority you trust.
Consumers would subscribe to different authorities based on their concerns. Businesses might choose different kinds of reviewers to trust than gamers. Different functions in a business might choose different reviewers based on the kind of information they handle (e.g. whether the device running the app has sensitive or privacy related data). Evangelical Christians might choose review authorities that reject apps that promote pornography, and porn-hounds would choose authorities that reject apps promoting Christianity.
Re:Google Needs To Get Their Ass In Gear (Score:5, Insightful)
That assumes that the average consumer can or should be able to make intelligent decisions about "who he trusts to review and approve apps". In reality it would be the malware company with the biggest marketing budget. The idea that a consumer should first spend weeks getting up to speed in the mapping or racing simulator communities before they can safely try out a couple apps is ridiculous. What you would get instead is friends recommending friends, and all that means is that every person who gets tricked they immediately recommend a few friends to download the same BS.
Because the question in question is not "who can *everyone* trust?", the question is "who can everyone trust not to serve up malware". That is a much easier question to answer. And I think "big company with a lot of resources and a large vested interest in not serving me malware" is a pretty good answer to that question.
Re:Google Needs To Get Their Ass In Gear (Score:4, Insightful)
That assumes that the average consumer can or should be able to make intelligent decisions about "who he trusts to review and approve apps".
Not really. It assumes *some* consumers are able to make intelligent decisions and that there is benefit to addressing their needs and costs to sweeping them in with consumers who are less savvy. By that reasoning, there should be no *Consumer Reports* and we should rely upon the Consumer Products Safety Commission to make decisions for you.
In reality it would be the malware company with the biggest marketing budget.
This is probably depends on the *kind* of malware. Take privacy intrusion. Privacy intrusion for collecting marketing data would surely be a problem, because it's legal. But it goes on anyhow, you just don't see it and it's not running on your equipment. The point of entry to the surveillance network is the retailer. Privacy intrusion for purposes of identity theft would not be a problem *for the certification system* because the "big marketing budget" provides a trail back to the perpetrators.
The idea that a consumer should first spend weeks getting up to speed in the mapping or racing simulator communities before they can safely try out a couple apps is ridiculous.
I'll ignore the various shortcomings of the scenario you propose and cut to the chase: The real issue with the system I proposed is that it cannot overcome impatience, and it conflicts with the needs of marketing, which exploits impatience. There's an app that's gone viral, but it hasn't been certified yet by anyone you've heard of. It might take weeks for the stodgy certifiers everyone uses to get around to examining the thing, during which you'll have to live without this app you feel you can't live without. So you choose to grant an exception, or worse -- to trust a dodgy certifier. In fact, the system I proposes creates a new avenue for social engineering attack in which malware authors entice consumers to trust a malicious certifier because they want their free game *right now*.
So why do I think it's a good idea? Because my standard of success is different than yours. You want a system that will protect foolish people from their choices. I want a system in which it is *possible* to make and enforce good decisions. While I think it is unfortunate that fools are exploited, I see no way of protecting them absolutely without posing unreasonable restrictions of freedom.
Because the question in question is not "who can *everyone* trust?", the question is "who can everyone trust not to serve up malware".
Well, if you can answer that, you make those agents the *default* trusted authorities. The problem I have with platform-vendor-chooses-who-everyone-has-to-trust solution is that everyone is not the same. A hospital securing its mobile devices used in health care delivery is different from a teenager who is messing with his game console. People feel differently about privacy too, and their stance may vary depending on device. That teenager might choose different universes of apps for his game console and phone.
The problem with the current system is that it relies on people being able to draw inferences about developer intent from specific permissions an app requests. How insane is that? Even an expert who understands what a permission *does* can't reliably anticipate everything it can *accomplish*, much less the *intent* of the developer in asking for it.
Re:Google Needs To Get Their Ass In Gear (Score:4, Insightful)
I've always thought that apt (apt-get, aptitude, Debian) has the right solution to this.
You get your software from a repository, and only software that is approved by the maintainers of the repository gets in.
Then, _you_ get to choose which repositories you trust.
That way, you don't have to judge the quality of all software yourself. You can leave that to the people who maintain the repositories. They will build up reputation over time, and you can go with the ones that have a good enough reputation by your standards.
A walled-garden app store like Apple's basically implements the first part of this. This is fine for a lot of people.
To also cater to those who want more freedom, without opening the flood gates, all you have to do is allow them to shop at other app stores, as well.
Re: (Score:2)
The problem is that a lot of people (most?) would find apt-get horrendous. App stores are simple way to let someone else decide for you what you want.
Even most Android users are probably quite content with one market place. You may have more than one. Most users here may well have installed things straight from an .APK file. This is not normal. We here should not take our attitudes and abilities as the norm.
Re: (Score:2)
The only problem I see with that is that it doesn't do much to solve the Dancing Bunnies problem within the Market. So long as loading unsigned applications is allowed it will always be an issue, but not allowing unreviewed applications at all in the Market is a much better solution. Otherwise people are going to grab their Counter Strike knock-offs whether they're reviewed or not, because after all they're coming from Google and Google can be trusted.
Re: (Score:2)
What they could do is provide the same sort of "reviewed application" market that Apple does, but as an option (as I believe Apple should).
The nice thing about the Android mindset, is that this can be done. Anyone who wants to can setup such a service. If there isn't such a service, then it's just a demonstration that there isn't sufficient demand for such a service - at least, there's not sufficient demand to cover the additional expense of such a marketplace. It's a very free-market approach.
Re: (Score:2)
Re: (Score:2)
I think the default Android Market should be a "reviewed application" market. Android does allow you to side-load apps and use other App stores, so for that reason, it wouldn't be censorship in the same way that the Apple App Store is.
Re: (Score:3, Insightful)
Walled garden is the way to go.
Android users very satisfied: 47%
iPhone users very satisfied: 75%
http://www.loopinsight.com/2012/01/09/iphone-satisfaction-at-75-closest-competitor-at-47/ [loopinsight.com]
foxconn factory workers very satisfied: (Score:2, Insightful)
foxconn factory workers very satisfied: 100%, with no dissent! amazing.
when interviewed, every last worker expressed their deepest appreciation for their bosses, and how much they love working together for harmonious success of the company, which they love and admire deeply.
Apple Haters ignore the fact they are more guilty (Score:5, Insightful)
foxconn factory workers very satisfied: 100%, with no dissent! amazing.
Who makes your Android phone?
Some company that cares even LESS for their workers. At least Apple is trying to help and improve things, but China has a very servile culture embedded that has been pushed on them for many generations. They have a factory culture that has been as it is for a long time now and change is not instant.
So every dig you take at Apple and Foxconn labels you a dirty hypocrite if you use any electronics whatsoever, because even more people suffered for your device to be made...
Re: (Score:3)
HTC makes all of their premium Android phones in Taiwan. The workplace standards are of course much higher there compared to Mainland China. Samsung, on the other hand uses a number of factories, including ones in South Korea and China to make their flagship Galaxy SII phones.
Re: (Score:3, Informative)
I just checked my Galaxy Nexus. It says "Made in China", so I'm guessing it's probably a safe assumption it's made at Foxconn.
And while HTC's premium flagship phones are made in Taiwan, I'd guess most of the rest of them are made in Fo
Re: (Score:2)
Foxconn is the world's largest maker of electronics components and makes products for every major computer company including Dell, HP, Microsoft, Nintendo, Samsung, and Sony. Why they're always intimately associated with Apple on tech forums is beyond me other than as anti-Apple flamebait.
Re: (Score:2, Insightful)
And your mobile phone was made where, hypocrite?
Taiwan (Score:3)
In particular in Taoyuan. HTC makes their products in Taiwan, which is not a large surprise since they are also headquartered there.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
It's more than announcing early. ICS was sold on an Android phone in October. Yet still most Android phones are sold on an older version. That shit doesn't happen on iPhone.
Re: (Score:2)
Of course not. But like many things related to iOS, choice is extremely limited.
Re: (Score:2)
Re: (Score:2)
That's if you want to prioritize satisfaction over all else. Paradoxically reduced choice can lead to greater satisfaction
Absolutely.
even if it leads to lower productivity.
Who says it leads to lower productivity? That's certainly not part of the message of the Paradox of Choice.
While libertarians (both the right wing and left wing types) would choose to maximize choice.
That's because they are foolish.
Re: (Score:2)
Walled garden is the way to go.
Android users very satisfied: 47%
iPhone users very satisfied: 75%
Nokia and RIM had walled garden. What's the stats with those?
Besides, even if Google copied the Apple App Store tomorrow, it would still have Android on a wide variety of devices, both low end devices and high end devices, so that rating would still be unlikely to change. The same goes for the iPhone. If Apple were to suddenly target the low end of the Market, I doubt any of the customers with the lower end devices vs. the high end would be as satisfied.
Re: (Score:2)
False. The walled garden is about trapping users and forcing them to a sole source.
What Google needs to do is start vetting and being more stringent about what gets into the store. Taking away people's ability to side load (which is what the Walled Garden is about) does nothing to further this.
Re: (Score:2)
There are already Marketplace-vetting services out there, perhaps they need to make themselves more visible to encourage people to use them.
Or if Google removed the Market restriction against apps that act as competing marketplaces.
Re: (Score:2)
Walled garden is the way to go.
Android users very satisfied: 47%
iPhone users very satisfied: 75%
Stockholm Syndrome. Yes, it really works.
Re:Google Needs To Get Their Ass In Gear (Score:4, Interesting)
Although I seriously doubt Symantec's 5 million number is right, the fact that malware keep showing up on the market is disturbing.
To be fair, this does not look like Malware at all.
For instance, I'm looking at the game called 'Balloon Game' by Ogre Games, which they say is malware. By downloading the application, you're agreeing to the fact that it can read your phone state and phone identity, you're agreeing that it can use the internet, and you're agreeing that it can install shortcuts on your home screen.
The application wants to know my unique IMEI number? or my Mac address? Whoop di doo. I really don't care about that. And yes, it has access to the internet, so it can serve me ads, send info about me, and possibly (according to Symantec) update its own code in real time.
But even if it can update its own code in real time, it can't change its permissions in real-time (it doesn't have the permissions for that), so it's still sandboxed in the permissions I gave it originally. So what's the problem here? What other "sensitive" information is it leaking out? Does this application go against anything in the Google's Market Terms of Services in any way? No, it doesn't. Only Apple has inane Terms of Services about not being able to load code dynamically from the internet.
Re: (Score:3)
Re:Google Needs To Get Their Ass In Gear (Score:4, Informative)
Perhaps Symantec are flagging it as malware because it is using permissions that the app clearly does not need, and it is just some rookie developer that has permission code copied in from some other site?
You could try clicking the link in the article and see why. http://www.symantec.com/security_response/writeup.jsp?docid=2012-012709-4046-99&tabid=2 [symantec.com]
Or just be lazy like the rest of the slashdot heard.
Re:Google Needs To Get Their Ass In Gear (Score:4, Informative)
No, it's flagging it as "Malware" because it wants to you do the following [symantec.com] as their solution for removing the so-called "Malware". Note how they conveniently left the simplest instructions for uninstalling the application all the way at the bottom of the page (where almost no one will see it).
Re: (Score:3)
Perhaps Symantec are flagging it as malware because it is using permissions that the app clearly does not need, and it is just some rookie developer that has permission code copied in from some other site?
If you think that then Disney must really be in the shit [android.com] How about a game that reads your contact list?
Re: (Score:3)
Permissions ...
receive WAP ...
Allows application to receive and process WAP messages. Malicious applications may monitor your messages or delete them without showing them to you.
read contact data ...
Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
intercept outgoing calls ...
Allows application to process outgoing calls and change the number to be dialed. Malicious applications may monitor, redirect, or prevent outgoing calls.
modify global system settings ...
Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
mount and unmount filesystems
Allows the application to mount and unmount filesystems for removable storage.
Description
ENJOY THIS SPECIAL FREE VERSION WITH NEW LEVELS NOT FOUND IN THE FULL GAME!
ENJOY THIS SPECIAL FREE VERSION WITH EXCLUSIVE NEW LEVELS NOT FOUND IN THE FULL GAME!
Whereâ(TM)s My Water is the hit app that everyone is playing. In this FREE version, enjoy more than 20 new puzzles not found in the full game.
What the fuck. Is it really Disney? Because nothing says "I'm not a fraud!" like ALL-CAPS SPECIAL FREE EXCLUSIVE VERSION coupled with I-own-your-phone permissions.
Re: (Score:2)
It's had multimillion downloads, and is published by the same publisher as actual Disney titles. It's a worry.
Re:Google Needs To Get Their Ass In Gear (Score:5, Insightful)
To be fair, this does not look like Malware at all.
Hijacking your browser homepage, adding shortcuts to the desktop,stealing the imei and imsi (sufficient info to clone your sim card) ,copying your contacts,etc certainly counts as a trojan. Did you bother to read the symantec description?
Sure a smart user might notice the excessive permissions but the average user just hits okay and doesnt even read the list.
Re: (Score:3)
Re:Google Needs To Get Their Ass In Gear (Score:4, Funny)
Reaction (Score:4, Insightful)
For years, the Windows platform was mocked relentlessly as a cesspool for malware. It's interesting to see what happens when there is a lack of quality control from the platform vendor, which turned Windows into a complete mess of contradictory interfaces (even within Microsoft's own software), convoluted configuration settings, and a third-party market devoted to cleaning up viruses and spyware. Android seriously risks going down that path, if it's not there already. There has to be more control on the part of Google.
Pushing back on that is a small contingent of techies who want to turn the smartphone into a PC. They like to cite the freedom to install anything they want, but the truth is that mainstream users wouldn't do so even if they knew how. Google needs to cater to the needs of the majority and not latch onto populist concepts sound good to tech crowds (e.g., "openness") but mean nothing to everyone else who just uses these things as tools rather than hobbies--especially when Google seems to have trouble following fundamental tenets of open source like source code access.
Those 37 million iPhone sales over December reversed the 2011 Android surge. The in-fighting among Android vendors risks more forks like Kindle Fire, customized interfaces, and abandoned phones that no longer receive updates mere months after their release. Google, turn the ship around before it's too late! The carriers won't help you.
Re: (Score:2, Interesting)
You've all been fooled. Before you forward the Symantec scareware to all your friends, please study what the symantec announcement says a little more closely.
I've taken a look at the 'Balloon Game' by Ogre Games for instance. It's not malware. It's not doing anything that it hasn't requested in the permissions already. And even if it can update itself (as Symantec claims it can do), if you read Symantec owns report, Symantec doesn't think it can do anything (outside of the permissions it has already been gr
Re: (Score:2)
Why, who wouldn't want to give permission to change your home page, collect your personal data, and display ads?
Re: (Score:2)
No, I meant the home screen, not the home page. On Android, you have a home screen, which an app can add its shortcut to (assuming it's not full, if it's full, it's out of luck, and the shortcut doesn't get made). And yes, there are plenty of people who don't want ads and who don't want to be tracked.
On the Android Market, those people will usually have to pay to buy a version without the ads (and/or install a custom rom with the ads sdks disabled). There are still free apps with no tracking and no advertis
Indirectly related, but... (Score:3, Interesting)
Apart from being somewhat annoyed about the greater difficulty of managing my smartphone when compared to my Linux boxes, I've been having a hard time selecting apps for it.
Android market is not exactly friendly (is there a way to get larger fonts?) and I'd like to have a search by permissions. Recently, I wanted a mere notepad app -- no frills, no cloud, no nothing, just the note, but there's an "excellent" notepad app which requires you to join an online service. WTF!!!
After finding 2 suitable apps, I would still need a bigger keys soft keyboard... again looking at permissions to avoid leaking unnecessary things.
No wonder guys end up getting viruses... we need better ways to control our exposure. Then again Google's business depends on offering us what we want and thus they need to know that. But am I giving my data only to Google? I wonder where my accounts and their details end up going...
Re: (Score:2)
You can install apps on your phone from the browser on you Linux box using the Android Market web site.
Re: (Score:2)
He wants to be able to make a simple search based on permissions. That is actually a valid one. For example, the idea that Sony's remote controller for a blu-ray player requires permission to read my personal info and to read-write is a good sign that you do not want it. It is simply a data gathering app. IOW, Sony did not learn their lessons from their last attempt to do this to Windows.
The font is minor, just an annoyance. the permissions based search is ALL about security.
And he
Re:Indirectly related, but... (Score:5, Informative)
Well combine this with googles other news (Score:3, Interesting)
Re: (Score:2)
What does their attention to detail have to do with their domineering attitude?
Apple's products are all "our way or the highway", and use lock-in to try and keep people in their eco-system. It's stuff like that that the OP was complaining about, not the quality of their products.
It's still on the market (Score:2)
The amazing part is that iApps7 games are still on the market (as of this writing, 10PM PST).
It's obvious from the comments that they are total crap though. Anyone literate enough to read the comments wouldn't touch this stuff.
Re: (Score:2)
Speculation (Score:2)
It may have infected five million users!
Then again, it may have not.
walled garden for high permissions (Score:2)
If you upload an app to the market place that needs access to the users bookmarks I think that a more in depth review process is in order.
At the very lest the user should be see an alert that says something like "This app seems to want a lot on your phone and hasn't been verified by Google...only use it if you really want to "....
Why Am I Not Surprised (Score:5, Insightful)
Look at this list of infected apps.
iApps7 Inc Counter Elite Force Arcade & Action
iApps7 Inc Counter Strike Ground Force Arcade & Action
iApps7 Inc CounterStrike Hit Enemy Arcade & Action
iApps7 Inc Heart Live Wallpaper Entertainment
iApps7 Inc Hit Counter Terrorist Arcade & Action
iApps7 Inc Stripper Touch girl Entertainment
Ogre Games Balloon Game Sports Games
Ogre Games Deal & Be Millionaire Sports Games
Ogre Games Wild Man Arcade & Action
redmicapps Pretty women lingerie puzzle Photography
redmicapps Sexy Girls Photo Game Lifestyle
redmicapps Sexy Girls Puzzle Brain & Puzzle
redmicapps Sexy Women Puzzle Brain & Puzzle
These are all Facebook type games that idiots play.
Re: (Score:2)
Look at this list of infected apps.
iApps7 Inc Counter Elite Force Arcade & Action
iApps7 Inc Counter Strike Ground Force Arcade & Action
iApps7 Inc CounterStrike Hit Enemy Arcade & Action
iApps7 Inc Heart Live Wallpaper Entertainment
iApps7 Inc Hit Counter Terrorist Arcade & Action
iApps7 Inc Stripper Touch girl Entertainment
Ogre Games Balloon Game Sports Games
Ogre Games Deal & Be Millionaire Sports Games
Ogre Games Wild Man Arcade & Action
redmicapps Pretty women lingerie puzzle Photography
redmicapps Sexy Girls Photo Game Lifestyle
redmicapps Sexy Girls Puzzle Brain & Puzzle
redmicapps Sexy Women Puzzle Brain & Puzzle
These are all Facebook type games that idiots play.
O for my mod points +6 funny :)
Where these apps signed? (Score:3)
Re: (Score:2)
I am sure malware writers do not care if their apps get pirated... :)
Good thing... (Score:2)
... that Symantic says its a Risk Level is at 1: Very Low
That they believe number of "infections" is 1000+
And that to get rid of it all you have to do is UNINSTALL IT.
If you don't it may
Copy bookmarks on the device
Copy opt out details
Copy push notifications
Copy shortcuts
Identify the last executed command
Modify the browser's home page
opportunity to compete against google (Score:3)
unwanted advertisements (Score:2)
wet water
Re: (Score:3, Insightful)
From TFA:
'Symantec estimated the impact by combining the download totals -- which the Android Market shows as ranges -- of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high. "Yes, this is the largest malware [outbreak] on the Android Market," said Haley.'
Even the most optimistic estimate is very bad.
Re:May have? (Score:4, Funny)
"In other news, security research firm says they've found alarming evidence of their own relevance.
Details at 11"
That's 5:00 you non-binary-reading troglodytes. I suspect next I'll hear a story about how useful rats are at guarding cheese.
Re: (Score:3)
'Symantec estimated the impact by combining the download totals -- which the Android Market shows as ranges -- of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high.
Of course Symantec totally ignored that the download totals do not translate into the number of infected users. How many devices have multiple apps? That estimate could easily be 10x too high.
Did the author run scripts to pump up the numbers to gain visibility? Many app authors do this
Re: (Score:2)
yeah I wish Google would speak to this.
It could be that NO ONE has downloaded these apps...
Re: (Score:2)
And there's a (probably small) number of users like me, who will occasionally install something against my better judgement that I need for a one time use... and I neuter the permissions with things like DroidWall, LBE Privacy Guard, Permissions Denied, and others... and I think CM7 included its own permissions control.
Hell, even "normal" apps need some control. Many, many apps want access to your phone ID (IMEI, etc.). Block, block, block. That's a hardware ID unique to your handset. Only good reason to gr
Re:May have? (Score:5, Funny)
And of course NONE of the anti-virus or malware scanners caught even One instance of this in the wild.
SYMANTIC advertising their own uselessness.
Re:May have? (Score:5, Interesting)
BTW: Symantec is just now disclosing that their servers were hacked [huffingtonpost.com] in 2006 (as far as they know - maybe earlier). They don't know how long the hackers have PWNed their network, how much control they had, or for how long - but they're quite sure the hackers have stolen some of their source code. They recommend that you not use / disable / uninstall some (most) of their software. Most especially including PC Anywhere, since apparently it has a vulnerability or "back door" that allows the hackers to remotely administer your PC from Anywhere - and has for the last SIX YEARS.
I think I'm going to take Symantec's edicts with a grain of salt from now on, even if this is from a different group.
Re: (Score:2)
Re: (Score:2)
I think when they say downloads, they mean "purchases". If you download again on the same google account, I don't think that increments the counter.
Re:No risk for me (Score:5, Interesting)
On a slightly different topic, since I might as well go all out in insulting average non-computer-savvy people for the crime of not spending their life like pasty-faced Anonymous Cowards in front of the cool glow of a monitor in their basement, I remember an early app in the Android market that was literally a tithe calculator. I'm GUESSING this was someone's first app or otherwise a test app by someone learning to program, because I actually downloaded it a second time after an update and the interface became slightly more refined (with a background picture instead of a flat colour and so on), and I'm not particularly here to mock the author of the app so much as any target audience members that might exist.
The app had a prompt for you to enter how much your annual income was, and then a 'go' button that returned (income/10) as the amount you needed to tithe. In the event that you belong to a church that receives tithes to support it, I'm very afraid if you need a smartphone and a custom app in order to divide a number by ten. The app did exactly what it said on the can, but by FSM I hope nobody was browsing through the Android Market and went "Oh! That's exactly what I need!"
Re: (Score:2)
...because I actually downloaded it a second time after an update...
...I'm very afraid if you need a smartphone and a custom app in order to divide a number by ten....
Ok, granted you are correct, but you also downloaded it... TWICE! I haven't downloaded any of the apps mentioned, and they look like crap apps I would never pay for, but I can't claim I've never tried out some free simple thing cause I was curious, as I'm guessing was the case with you. Now, if that tithe calculator required access to your phone book, net access, phone status, location data, etc, then it's stupid to install it... but then it gets into the realm of the user being able to interpret the secu
Re:No risk for me (Score:4, Interesting)
I'm not sure how, but you've hit the crux of it. With Windows, we expect this "blame the user" scenario because we've been trained to expect it. We were hoping for better with Android. But there are just so darned many apps now to vet.
Maybe a second level of "hey, these permissions are really loose and align with known malware. Are you really sure you want to enable this app to upload all your files and your contacts list to any random website and dial 1-900 numbers to run up your phone bill?" consent might be required.
Or maybe just triggers for additional inspection of apps based on required permissions. But that costs money, and somebody has to pay for that. Maybe a permissions cost matrix for uploading your app, to pay for the code inspection. That would encourage developers to require the minimum necessary permissions.
Re:No risk for me (Score:5, Interesting)
I just really wish for a more fine-grained permissions system.
I mean:
full Internet access
Allows an application to create network sockets.
Wouldn't it be fucking nice if it only could have unchecked internet access to an explicit list of URLs and "full internet access" meant "initiated by user action"?
Same for file system and for "Read phone state and identity" - 95% of apps in the market want the same permission.
It just gets devalued, like UAC's very helpful and informative "Allow this program to make changes to your computer?" prompt (More details? Sure: "Origin: Hard drive on this computer"). With all kinds of "changes" and their frequency it's not hard to see why UAC is often turned off. WIth all kinds of "full internet access" it's not hard to see why permission page is just to click "Accept".
Re:No risk for me (Score:4, Funny)
Can your mom differentiate between a good URL and a bad URL?
She can. Why shouldn't she? It's not like there are no bad URLs outside apps. It should be as much common sense as knowledge of mail frauds and con tricks.
Delegating vetting of apps behaviour to end users is a fundamentally bad idea. It's a task that requires skills and experience, and you can't assume them in a consumer product. This is stuff that should be done by professionals in the supply chain.
May be, though I, like many others, prefer choice. But why does that invalidate a need for better permission system? AFAIK, iOS basically permits applications to do whatever they want with internet, relying on vetting to weed out abuse - and it's not guaranteed to work. There already was a handful of examples, like Dolphin browser quietly sending every URL you visit to their server "to check compatibility with Webzine"
You seem to be opposed to it only on "iOS approach good, Android approach bad" basis. I don't see anything wrong with requiring basic knowledge from smartphone users. Is "Don't install games that want to send paid messages on your phone" so much harder than "Don't put metallic tableware in the microwave"?
Re: (Score:2)
Re: (Score:3)
I've had this argument on /. a thousand times. There's a reason why NetBSD isn't popular. They have a certain philosophy that security isn't something you compromise on to deliver usability or popularity. They don't implement a feature - any feature - unless it can be secured. They don't listen on ports by default. They don't auto-execute anything on mounting, and so on - because these features, while popular, compromise security. It's a religion with them. They've had some lapses but AFAIK no curren
Re: (Score:3)
There are apps (that if you trust them) for root users (e.g. LBE Privacy Guard) or custom roms (e.g. CM7) that enable the user to "veto" certain permissions.
Re: (Score:2)
Of course, everyone has known for the past decade at least that we're at the point where the primary attack vector for malware is social engineering. It's only really on Slashdot and other Linux-cebtric sites where you still see only a half admission of that fact. It's social engineering when it affects Linux, whereas it's shitty inherently shitty security when it affects Windows,
At least we can finally stop pretending that Linux is powered by MagicalPixieDust(TM) and is immune to infection.
Re: (Score:3, Insightful)
No. We should stop pretending that OS and application design choices don't matter. They can't stop everything but they can avoid the sort of nonsense that happens in Windows. When it comes to "social engineering" in Windows, the bar is simply much lower. No degree of self-delusion on yoru part will change that.
You can be smug when Android or iPhone or Linux or MacOS has the same sort of "browse this webpage get infected" problem that Windows has.
Re: (Score:2)
Yeah but did you see the names of the affected apps? You would have to be a real moron to be duped by those.
Especially when an app such as "sexy women puzzle" asks for godlike permissions to run on the phone. Of course if Google were doing their jobs they'd be catching this crap a lot sooner.
Re: (Score:2)
Slashdot is intentionally not providing you full tech news coverage because it caters to a specific demographic of emotionally-invested users who are more likely to generate repeat page views.
Slashdot is a business whose sole income is advertising revenue. People visit because people visit. The Slashdot business model (Soulskill is an employee) is to promote controversy - The Rupert Murdock Model®. It ceased to be anything ./ related a long time ago.
Re: (Score:2)
Re: (Score:2)
Your link - 51degrees.mobi - uses analytics build into a web app framework to count clients. Generally speaking iPhone users don't use web apps because they have such a wide variety of quality native apps. That will be why the results don't tally with market share figures or those studies counting generic web usage.
Re: (Score:2)
But Samsung counts their Bada phones as smartphones as well as their Android offerings...
Re: (Score:3)
Re: (Score:3)
Really? You've never seen an ad and thought, "Man, I was JUST thinking I'd like a product that does something like that!"
And then you've got the Superbowl, so you can't say that you've never wanted to see advertising. You just want to see GOOD advertising. I think that's a reasonable desire.
The problem with advertising is that generally, it sucks. Especially on the internet. But remember the 'i love bees' halo campaign? That was advertising, and that was awesome.
If you don't like certain ads, do two (or pot