Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Pulls 21 Malware Apps From Android Market

CmdrTaco posted more than 3 years ago | from the steve-jobs-is-laughing dept.

Android 242

Hugh Pickens writes writes "CNN reports that Google has pulled 21 free apps from the Android Market that, according to the company, are aimed at gaining root access to the user's device, gathering a wide range of available data, and downloading more code without the user's knowledge. Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users. The apps are all pirated versions of popular games and utilities which once downloaded, root the user's device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID, and finally act as a wide-open backdoor for your device to quietly download more malicious code. 'If you've downloaded one of these apps, it might be best to take your device to your carrier and exchange it for a new one, since you can't be sure that your device and user information is truly secure,' writes Jolie O'Dell. 'Considering how much we do on our phones — shopping and mobile banking included — it's better to take precautions.'"

cancel ×

242 comments

Exchange (4, Insightful)

Andy Smith (55346) | more than 3 years ago | (#35356456)

"it might be best to take your device to your carrier and exchange it for a new one"

Yeah good luck with that.

Re:Exchange (0)

Anonymous Coward | more than 3 years ago | (#35356584)

Hmm... spend 1/2 an hour on phone with carrier just to be told to f* myself, or... download Lookout. No brainer.

Re:Exchange (1)

goombah99 (560566) | more than 3 years ago | (#35356606)

This advice reminds me of what became a solution rooted dells. TOss it and buy a new one. If you earn $100 and hour then yooooou cost your company about 2x in overhead. By the time you spend an hour diagnosing and 2 or 3 hours restoring your OS from scratch then you might as well have bought a more modern computer with the OS already installed.

So apparently people now have to throw their cell phones out every time they lose confidence in them. Will we have to run Virus software on all android phones? Lovely.

Re:Exchange (1)

Joce640k (829181) | more than 3 years ago | (#35356714)

Who earns $100 an hour...?

Re:Exchange (1)

slim (1652) | more than 3 years ago | (#35356798)

You may not earn £100 for yourself, but your employer might bill your time with customers at £100/hour.

Re:Exchange (3, Interesting)

tehcyder (746570) | more than 3 years ago | (#35357194)

You may not earn £100 for yourself, but your employer might bill your time with customers at £100/hour.

If you're being charged out at £100/hour you are probably earning about a third of that, going by the professional rule of thumb of one third salary one third overheads and one third profit.. £33/hour is about £60K/year, which sounds more likely than £200K.

Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.

Re:Exchange (4, Funny)

fidget42 (538823) | more than 3 years ago | (#35357322)

Yes, I know everyone here on slashdot is a superstar programmer earning $10m + a year just in stock options, just think of us little guys as you're snorting cocaine off hookers' tits on one of your yachts.

The sad part of that statement is that a programmer who earns $10M (I assumed you didn't mean milli) a year still has to get a hooker in order to meet women.

Re:Exchange (1)

Quiet_Desperation (858215) | more than 3 years ago | (#35356918)

Um, someone making $208K a year?

Re:Exchange (1)

a_nonamiss (743253) | more than 3 years ago | (#35357012)

Few people "earn" $100 and hour, but I doubt you'll find a consultant (at least in my area, which is Central Ohio, not Silicon Valley) that will work for less than $100 an hour. The company I work for charges $175 an hour, and that's slightly above average for good work in my area. (We have a couple areas of specialty, such as SQL DBA work and VoIP expertise. We don't tend to do general PC support work, except on a few specific contracts where the customer requires it.) The real range is from about $100/hr (The cheapest I've seen. The particular company was run by college students, and frankly not very good if you need anything more than an anti-virus install or a new power supply.) to $275/hr. (Overpriced, highly specialized, but damn good work, from my observations.)

At $175 an hour, I've advised many clients to toss perfectly functional hardware, assuming they don't have specialized installations. It feels wrong to me on many levels, but I would feel morally terrible advising a customer to spend $500 to maybe save a P4 1.8GHz machine with 512MB of RAM. Also, I've spent much longer than 3 hours ridding computers of malware, so $500 is only the start of the equation.

Re:Exchange (2)

hairyfeet (841228) | more than 3 years ago | (#35357286)

Question: Why is it taking 3+ hours to do a simple wipe and reinstall? You just wipe the machine, put in a pre built OS install CD/DVD with all the patches already done, put in the key on first boot, install the apps from the local server or via flash drive, done. Maybe an hour and a half tops.

Using a combination of WSUS Offline [wsusoffline.net] (which you can tell to include MS Office updates along with MS Essentials AV) and Ninite [ninite.com] I can whip off a dozen boxes or more a day easy and spend less time per box than I do trying to figure where I sat my Coke down. Just a little preparation goes a long way friend.

As for TFA, welcome to the game Android users! Anything that becomes popular WILL become a target for malware as long as they can use social engineering, because it is just so damned easy to do as in TFA. I mean 50k infections and they didn't even have to write the app, just attach their malware to an existing app and upload? How easy can you get!

So welcome to the game Android users, where you have to watch out and worry about malware just like us Windows users. The donuts are over in the back, right next to the Apple users who are currently sulking after finding out shiny plastic and aluminum doesn't stop bugs. Look on the bright side, it just means you're popular now! Hell the Linux guys would kill to be that popular on the desktop! So enjoy the coffee it's fresh, meetings are on Tuesdays and Thursdays.

hahahaahaa (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#35356462)

Tee hee

Love always,
-iOS

Re:hahahaahaa (-1)

Anonymous Coward | more than 3 years ago | (#35356796)

iOS itself is malware from the users' point of view, a fact easily overlooked by the brain-washed.

Drivers, not auto mechanics (2)

tepples (727027) | more than 3 years ago | (#35356884)

iOS itself is malware from the users' point of view

Heck, iOS apps don't even have a list of privileges that the user can accept or decline when installing them from the App Store.

a fact easily overlooked by the brain-washed.

The unbrainwashed sometimes forget that a lot of people just want to get work done, not spend time fixing their tools. To make a car analogy: some people want to be drivers, not mechanics.

Re:Drivers, not auto mechanics (1, Offtopic)

Marcika (1003625) | more than 3 years ago | (#35356948)

iOS[...] brain-washed.

The unbrainwashed sometimes forget that a lot of people just want to get work done, not spend time fixing their tools. To make a car analogy: some people want to be drivers, not mechanics.

Better car analogy: Some people use taxis all the time rather than learning to drive themselves -- sure it costs a lot more and doesn't get you there any faster, but the high cost confers high status and both a 4-year-old and a 90-year-old could use taxis (if they could afford them).

Re:Drivers, not auto mechanics (1)

melikamp (631205) | more than 3 years ago | (#35357102)

The unbrainwashed sometimes forget that a lot of people just want to get work done, not spend time fixing their tools.

Consumers believing this fallacy is what allows hardware manufacturers to ship non-free software. Free software "just works" when properly supported and is cheaper for users and HW makers. This is because its development costs are an order of magnitude smaller (not true for games, but you are talking about tools). If a nice slice of the marketplace started demanding Free software, they would start getting cheaper, better systems that don't lock them in and don't spy on their every move. To make a car analogy: some people want to own a well-documented car that can be fixed by any mechanic using generic parts, not rent a black box on wheels. Unfortunately, the marketing brainwashed people into believing that Free software is technically deficient, while the opposite is obviously true.

Re:Drivers, not auto mechanics (1)

RyuuzakiTetsuya (195424) | more than 3 years ago | (#35357166)

Free software "just works" when properly supported and is cheaper for users and HW makers.

How's that working for Nokia?

Besides, free software isn't the solution to shitty software. On the phone, the stakes are much higher. I'll stick with my "locked down" iOS over an OS that might break because what I thought was an ssh client was also harvesting personal information and giving it to someone for nefarious purposes.

Re:Drivers, not auto mechanics (2)

melikamp (631205) | more than 3 years ago | (#35357332)

Free software "just works" when properly supported and is cheaper for users and HW makers.

How's that working for Nokia?

What, you mean, is N900 easy to use? Jesus F. Christ, have you tried it? It's completely idiot-proof. It has apps for any IM, any email, has maps with gps, great voice interface, address book you can actually export, has firefox and an X desktop filled with 3d eye candy. Is it doing well in the marketplace? No, because no one gives a shit about running Free software, to their very own detriment, which was exactly my point.

over an OS that might break because what I thought was an ssh client was also harvesting personal information and giving it to someone for nefarious purposes.

You right, a Trojan masquerading as an ssh client is an issue every Debian user has to face sooner or... Wait a second, wtf are you talking about? You are smart enough to use busybox and ssh, but stupid enough to be fooled by a giant wooden horse? Does not fempute.

Re:Drivers, not auto mechanics (4, Informative)

Skuld-Chan (302449) | more than 3 years ago | (#35357402)

The thing is - the free market takes care of you in situations like this. Those apps - I'm sure had 1 or 2 stars and market reviews along the lines of "malware" - plus the reviews I'm sure were not all that great either "Japanese screaming sexy girls" may have been popular, but its hard to mistake for anything serious like a SSH tool.

I know the CNN article said they were popular apps, but they never showed up on the marketplace home page and I've never heard of them (I've been using Android since the G1).

Also I should mention - even Apple has been a victim of malware. They themselves were shocked to notice that a company had been collecting information on internal iOS builds - they then changed the rules about what kinds of metrics apps could collect on the phone. There was that screensaver that made it onto the app store that was also a teathering tool. Apple isn't infallible when it comes to app use or claims.

Google really does have our back on this one ;).

Re:hahahaahaa (0)

Anonymous Coward | more than 3 years ago | (#35356910)

I'm sure that iOS isn't immune to this problem. It may be reduced in scope but if you can be sure that Apple doesn't have teams of people reviewing the code of Apps that they vett for the App Store.

Re:hahahaahaa (0)

Anonymous Coward | more than 3 years ago | (#35357028)

Naturally the cost of freedom and choice.

What is up with Android malware? (4, Insightful)

Anonymous Coward | more than 3 years ago | (#35356468)

I keep reading stories about Android malware. Why does Android attract more malware than any other phone platform?

I'm curious. It doesn't have the largest marketshare, so that argument is moot.

Re:What is up with Android malware? (0)

commodore6502 (1981532) | more than 3 years ago | (#35356552)

Maybe for the same reason Windows does?

It's easy to root.

Re:What is up with Android malware? (4, Insightful)

clang_jangle (975789) | more than 3 years ago | (#35356554)

It's a relatively open platform, which makes it easier to dupe users into installing trojans. The thing that troubles me is that google doesn't vet the apps before they're published, leaving a lot of users vulnerable. There's surely a better middle ground between "walled garden" and "wide open wild west".

Re:What is up with Android malware? (1)

Joce640k (829181) | more than 3 years ago | (#35356732)

How exactly are they supposed to vet apps? Decompile them and analyse the code?

Re:What is up with Android malware? (1)

tepples (727027) | more than 3 years ago | (#35356856)

How exactly are they supposed to vet apps? Decompile them and analyse the code?

That appears to be what Apple does, rejecting any app that calls an undocumented function name.

Re:What is up with Android malware? (0)

Anonymous Coward | more than 3 years ago | (#35356980)

I think they would implement a method like "virus total" and install it on a new virtual android image and monitor it to see what changes it makes to the system. Simply display the changes it did and let the users or moderators decide.

Re:What is up with Android malware? (3, Insightful)

netsharc (195805) | more than 3 years ago | (#35357310)

How about just having a proper security system...

BlackBerries ask you for each privileged task the app wants, whether you want to always allow that task, always deny, or prompt when the app needs it...

Re:What is up with Android malware? (1)

DrXym (126579) | more than 3 years ago | (#35357342)

Oh I bet they do "vet" apps, in the sense that they undoubtedly run some kind of virus scanner / pattern matcher over them. They also have reporting tools for users who think apps are malicious.

It won't catch everything of course. Neither would Apple either assuming someone anticipated how the process usually works and took steps to avoid it. e.g. it should be relatively trivial with cloud based apps to produce something that looks innocent and benign to an inspector looking at the client assembly code but which is capable of executing a remote payload when the author decides to flip a switch (e.g. when 500,000 users have installed the app).

Re:What is up with Android malware? (0)

Anonymous Coward | more than 3 years ago | (#35356568)

It has the largest smart phone market share... it is posed to be the next Windows. Luckily the source code is open so people can find and root out these issues rather than being swept under the rug by some corporation where profit trumps any other concern.

Tivoized (2)

tepples (727027) | more than 3 years ago | (#35356942)

Luckily the source code is open

The source code of the Apache-licensed Android Open Source Project is open. The source code of the proprietary drivers linked to it, not so much.

so people can find and root out these issues

Except that won't help you if the problem is in the kernel and the only phones offered by carriers with coverage in your area have been tivoized with competently locked-down bootloaders, such as anything that Motorola made after the first Droid. Or by "root out" were you alluding to installing the fix using a privilege escalation ("rooting") exploit?

Re:Tivoized (1)

TheLink (130905) | more than 3 years ago | (#35357118)

The issue in this case isn't in the kernel or drivers. It's that people write malware and people are tricked into installing them.

Re:What is up with Android malware? (1)

AHuxley (892839) | more than 3 years ago | (#35356576)

Can we try the reverse of the Apple/Windows malware for the OS X desktop market share idea?
Android users are wealthy, creative, smart, well connected ect. and its 'worth' the code effort?
Or is it "Windows" easy to make a "wide-open backdoor"?
If this can be done in the wild, what can your gov do or contract to have done to your phone?

Re:What is up with Android malware? (2)

slim (1652) | more than 3 years ago | (#35356726)

Can we try the reverse of the Apple/Windows malware for the OS X desktop market share idea?

No need to reverse it - Android has more market share than iOS, and it's growing.

There are more Blackberries than either at the moment, though. I guess Blackberries are more tighly locked down, and their users typically don't install frivolous apps, since they are usually work assets.

Re:What is up with Android malware? (0)

Anonymous Coward | more than 3 years ago | (#35356904)

For a reference on market share: http://reviews.cnet.com/8301-19736_7-20030974-251.html

Re:What is up with Android malware? (1)

gurner (1373621) | more than 3 years ago | (#35357084)

Can we try the reverse of the Apple/Windows malware for the OS X desktop market share idea?

O/t, but something I've never got my head round with that argument... Mac OS9 had plenty more exploits than OSX has and yet the user base was significantly smaller.

Re:What is up with Android malware? (2)

mevets (322601) | more than 3 years ago | (#35357278)

I see where you are going, and its dangerous territory.

Try to follow along:
1. Windows is the most secure OS ever.
2. Because it has a 90+% of the market, it attracts 100% of malware.
3. If even 1% of those malware writers targeted {other os} the world would be awash in {other os} viruses.
4. It is a good thing Windows is there to attract all this malfeasance.

So, we clear? Now, don't bother with any more pesky thinking and there won't be any problems.

Re:What is up with Android malware? (1)

maxume (22995) | more than 3 years ago | (#35357320)

It only takes a little bit of nuance. Or do you think that malware creators completely ignore market share when deciding what platforms to target?

Of course it isn't a complete explanation of anything, but it muddies up any comparison based on active exploits.

(Windows Vista/7 has done a pretty good job of demonstrating how not great things are on XP, and Windows Vista/7 users have done a great job of demonstrating that users are still a problem)

Re:What is up with Android malware? (1)

Stenchwarrior (1335051) | more than 3 years ago | (#35356604)

Good question. I'm not sure how it works, but perhaps Android's developer registration makes it easy to anonymously create and publish the apps, whereas Apple's store is more picky about who and what is developed/distributed? Also, maybe the "open source" platform is easier to wire malicious code into.

Re:What is up with Android malware? (1)

grapeape (137008) | more than 3 years ago | (#35356646)

Its mostly open and unlike linux which has even with the best distro has an at least slight learning curve an android phone is pretty much just pick up and go. With the availability of Android phones on carriers from prepay and even free with contract and no vetting system for apps its a very easy and logical target for those wanting to do harm.

Re:What is up with Android malware? (0)

Anonymous Coward | more than 3 years ago | (#35357068)

http://en.wikipedia.org/wiki/Android_%28operating_system%29
"Android's mobile operating system is based upon a modified version of the Linux kernel. "

Re:What is up with Android malware? (1)

Neil Boekend (1854906) | more than 3 years ago | (#35356854)

Simply: IOS is locked in. It has it's disadvantages, but also it's advantages. Presumably all software submitted is tested. It would be more difficult to get a virus through that.
The disadvantages are discussed here enough.

Re:What is up with Android malware? (2, Insightful)

P. Legba (172072) | more than 3 years ago | (#35356898)

That argument never made any sense anyway. If it did, Apache would receive the greater attention from the mal-intentioned than IIS, by far.

The whole "there aren't viruses on the Mac because nobody cares about that platform" argument goes right along with it.

Re:What is up with Android malware? (1)

alen (225700) | more than 3 years ago | (#35357050)

easy for users to give permission and no one asks themselves why a wallpaper app needs root access. on iOS the phone is locked down and users can't give this access in the first place

Attention: (5, Funny)

Anonymous Coward | more than 3 years ago | (#35356482)

"Please use only the official Google applications for harvesting your personal information."

Summary is wrong. (1)

teh31337one (1590023) | more than 3 years ago | (#35356506)

The apps are all pirated versions of popular games and utilities which once downloaded, root the user's device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data

Not all of them are pirated versions of popular games, and most of them don't try to root your phone.

Re:Summary is wrong. (2)

Idbar (1034346) | more than 3 years ago | (#35356850)

I have a game from their market called "slice-it". From time to time it tries to get root permissions for who knows what reason.

Re:Summary is wrong. (1)

gsslay (807818) | more than 3 years ago | (#35356894)

...for who knows what reason.

Well now you know.

Re:Summary is wrong. (1)

teh31337one (1590023) | more than 3 years ago | (#35356988)

It's never tried to get root permission on my phone. And superuser / taintdroid haven't showed anything either.

What about a full list? (4, Informative)

jesseck (942036) | more than 3 years ago | (#35356536)

The first link has a partial list (17) of the apps which were pulled- here is a full list of apps from publisher Myournet (from this site [androidpolice.com] : * Falling Down * Super Guitar Solo * Super History Eraser * Photo Editor * Super Ringtone Maker * Super Sex Positions * Hot Sexy Videos * Chess * _Falldown * Hilton Sex Sound * Screaming Sexy Japanese Girls * Falling Ball Dodge * Scientific Calculator * Dice Roller * * Advanced Currency Converter * App Uninstaller * _PewPew * Funny Paint * Spider Man *

Re:What about a full list? (0)

Anonymous Coward | more than 3 years ago | (#35356704)

The partial list is probably for the same reason your list is incomplete. 4 of the titles have UTF characters in them (Japanese or Chinese?).

Since the target is English speakers then I guess it's deemed unlikely they would have an app that they could even read the name of.

Why doesn't Slashdot allow UTF characters anyway? What is this, the 80's?

Re:What about a full list? (-1, Offtopic)

commodore6502 (1981532) | more than 3 years ago | (#35356778)

>>>Super Sex Positions * Hot Sexy Videos

Do these look anything like this?
http://girls.c64.org/a__girls64.php [c64.org]

Re:What about a full list? (1)

somersault (912633) | more than 3 years ago | (#35356926)

FFS. I only have 2 market apps on my phone. One of them is Chess.. don't think I've actually run it yet, but this makes me want to not even try..

Re:What about a full list? (1)

teh31337one (1590023) | more than 3 years ago | (#35357010)

Is it still available in the android market? If so, it wasn't the app you installed, but another app that was malicious

Re:What about a full list? (2)

SoupIsGood Food (1179) | more than 3 years ago | (#35357162)

There's more than one free app called Chess. If you've got the one by Aart Bik, I think you're OK - his site and his blog all indicate he's an on-the-square android dev working for Google.

Re:What about a full list? (1)

ninjacheeseburger (1330559) | more than 3 years ago | (#35356946)

Obviously most people wouldn't be surprised that half those apps are dodgy, the real scary ones are the Scientific Calculator, Advanced Currency Converter as these sound like legitimate apps and you wouldn't think twice about installing them.

Re:What about a full list? (1)

EvilBudMan (588716) | more than 3 years ago | (#35357152)

Yeah, I almost downloaded that Scientific Calculator but I was too busy playing Angry Birds.

Checking Security First (0)

Anonymous Coward | more than 3 years ago | (#35356548)

Even as an open market, Google should be checking the security of the apps before they're allowed to be on the market.

Can't Be Sure Your Device Is Secure? (0)

Anonymous Coward | more than 3 years ago | (#35356574)

"If you've downloaded one of these apps, it might be best to take your device to your carrier and exchange it for a new one, since you can't be sure that your device and user information is truly secure. "

You can't be sure that it will not rain this weekend. You can mostly certainly be sure that if you wipe the bootloader and OS on your device that it will be good to go. Why not put that in the article rather than creating FUD that once an Android Device is compromised you have to get a whole new phone. It's like saying you should get a whole new computer because you had a keylogger installed.

This article was not written for the tech savvy. But all that needed to be changed would be "If you've downloaded one of these apps, it might be best to take your device to your carrier and have it's OS wiped and restored, since you can't be sure that your device and user information is truly secure. "

Re:Can't Be Sure Your Device Is Secure? (0)

Anonymous Coward | more than 3 years ago | (#35356616)

Yeah, but if they convince you you need to buy a new phone, the manufacturers & carriers & google win. Who gives a shit about the real product^H^H^Hconsumer?

Too bad (-1, Troll)

Wovel (964431) | more than 3 years ago | (#35356592)

Bad for customers and things like this will keep Android from ever taking off as an App platform. Since Android has like less than 1% of the mobile App market, this seems to blow everyones market share theories of trojan/virus distribution away.

Re:Too bad (1)

bberens (965711) | more than 3 years ago | (#35357126)

I'm sorry.. will keep Android from ever taking off? Android has more unit sales in the United States than any other smart phone OS. I think your statement is a bit past due.

Why is this guy complaining AGAIN ? (-1, Offtopic)

GPLHost-Thomas (1330431) | more than 3 years ago | (#35356622)

There's poor server admins, as it becomes more and more easy to administer them. It's part of my every day work to write the kind of graphical interface to help people like that. Loads of people don't understand, and try to find solutions. Yes, reimaging CAN help. No, it's not a SOLUTION if you want to understand what's going on. Sure, loads of newbies are going to do that, and they are doing wrong. Then WHAT??? We are skilled engineers, and we are paid to be better than them. Don't complain, be happy that there are tons of stupid people. Be even more happy that they are finally going to Unix and virtualization: you'll be on top of them. There's no reason to complain about them not knowing how and what to do. At the end of the day, that's what gives us the possibility to earn our every day bread, because we'll be hired to fix the crap they did.
As I always say to my hosting customers: our job is to help. If our customers knew how to do everything, we'd have no job...

Re:Why is this guy complaining AGAIN ? (0)

Anonymous Coward | more than 3 years ago | (#35356812)

What the actual fuck?

iPhone suddenly looks wise (2)

Clsid (564627) | more than 3 years ago | (#35356654)

I think I'll stick with my iPhone, four versions already and I haven't had to deal with crap like that. Call Apple the mother of all evils if you want but they at least work their ass off so you don't have to.

Re:iPhone suddenly looks wise (0)

teh31337one (1590023) | more than 3 years ago | (#35356692)

Because there are no vulnerabilities on iPhone? What about http://apple.slashdot.org/story/10/08/02/126253/Browser-based-Jailbreak-For-IPhone-4-Released [slashdot.org]

Re:iPhone suddenly looks wise (1)

chrisgeleven (514645) | more than 3 years ago | (#35356750)

There is an implied trust when downloading an app from the official app store that that the app is safe for use. Users are far more likely to download something from the official app store compared to going to some random web site and allowing it to install stuff on your phone.

Comparing that to going to a web site that can jailbreak you phone is not the same situation.

Re:iPhone suddenly looks wise (3, Interesting)

teh31337one (1590023) | more than 3 years ago | (#35356794)

Just because that one website displayed a prompt, and let you know what it was doing, doesn't mean others will. Stuff can get by Apple's review system too. http://www.engadget.com/2010/07/20/handy-light-for-iphones-dirty-little-secret-tethering-video/4 [engadget.com]

iPhone still looks wise comparatively (2)

hellfire (86129) | more than 3 years ago | (#35356816)

Because the evidence you provided was ONE issue and it was plugged quickly. And ironically, it was found by a jailbreaker and the only known exploit was to jailbreak your phone, not to root your phone and allow it to be controlled by someone else. Comparatively, here are 50,000 reasons the Android might be considered insecure.

The GP never said specifically the iPhone never had issues, and I'm not personally saying the Android is better/worse than iPhone in any way. I'm just pointing out your argument doesn't have a lot of weight.

Re:iPhone still looks wise comparatively (1)

trollertron3000 (1940942) | more than 3 years ago | (#35357184)

Jailbreaking and rooting are the same thing my friend ;)

Re:iPhone still looks wise comparatively (1)

hellfire (86129) | more than 3 years ago | (#35357326)

Your quibbling over definitions when I clearly said "Jailbreak your phone" in the context of your OWN phone, and when I clearly said "root your phone and allow it to be controlled by someone else."

Congrats, you successfully pointed out weak grammar, I'm sorry. I know what they are, but the GGP post still didn't make a weighty point about comparable security and neither have you.

Re:iPhone still looks wise comparatively (1)

trollertron3000 (1940942) | more than 3 years ago | (#35357372)

Sorry I didn't pick up on some definition you made up and instead used the actual fucking definition. Apologies my liege.

Re:iPhone still looks wise comparatively (1)

trapnest (1608791) | more than 3 years ago | (#35357426)

Well sort-of. Jailbreaking is an iOS term where rooting applies to Android specifically and *nix in general.

Re:iPhone suddenly looks wise (1)

Anonymous Coward | more than 3 years ago | (#35357146)

That's a jailbreak, not a vulnerability. Try hacking into a non-jailbroken iPhone with a virus. It won't happen. Having the App store, in my opinion, is a trade-off: you accept only app store apps, and you (99.99% of the time - just to cover my butt) won't get a virus. Jailbreak your phone, and you can get a virus. Not that there are that many out there, even for a jailbroken iPhone. If you jailbreak it, then you need to watch your back and be careful what you download. That's fine if you don't mind the risk. Personally, I've not seen any apps out there that require jailbreaking that were worth it. I'd rather not worry about getting phone viruses, personally. Just my opinion.

As far as Android is concerned, it's a cool concept, and if it were implemented properly, it would be fantastic. Unfortunately, almost every model of phone that uses it, uses a different build of it, and so app developers have to test against 50-100 different versions of it. I think for technical users, this is okay, because we know how to fix stuff if it's not working right. For the typical mouse monkey out there who keeps looking for the "any" key and has to have their "drink holder" repaired regularly . . . well, maybe the walled garden approach is best for them.

Re:iPhone suddenly looks wise (1)

netsharc (195805) | more than 3 years ago | (#35357386)

That's a jailbreak, not a vulnerability.

LOL. You visit a site using your browser, it downloads code that when run, gets root access. Luckily the jailbreakers are nice people and they prompt you before downloading that code, and after they get the root, they give it to you. What if the code downloaded itself silently, got root, and downloaded and installed malware instead?

The whole thing uses a vulnerability in the PDF rendering system by the way, which luckily (for the jailbreakers) uses a kernel function that ran as root. Yeah...

Lots of $ for Slashdot on this topic (0)

blahbooboo (839709) | more than 3 years ago | (#35356678)

Wow, this is going to generate lots of ad revenue for slashdot. :) Here comes the endless rounds of android v iOS arguments...

Open fields vs walled gardens (1)

UBfusion (1303959) | more than 3 years ago | (#35356688)

This kind of publicity is all that was needed to provoke a new series of commercials in the "I'm an iPhone" and "I'm an Android" line.

The challenge is now how to isolate these incidents and how to preemptively plan the prevention of the same happening to the (future) linux apps market.

Why Oh Why? (1)

PmanAce (1679902) | more than 3 years ago | (#35356698)

Why do people download apps with ratings of 1 star out of 5 and beforing reading the reviews that state it is malware? I simply do not get it. Maybe I should create a device where people can just randomly click on buttons and stuff without anything happening since that is what is happening right now.

Re:Why Oh Why? (1)

somersault (912633) | more than 3 years ago | (#35356966)

It's not that nothing is happening. The applications still run, just with added malware in the background.

This is one reason why I have an iPhone (0)

chrisgeleven (514645) | more than 3 years ago | (#35356708)

Say what you will about the App Store review policies, but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.

Re:This is one reason why I have an iPhone (3, Interesting)

Psiren (6145) | more than 3 years ago | (#35356780)

but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.

That's a "famous last words" just waiting to happen. Yes, it's arguably more unlikely. But to say it won't ever happen is just dumb.

Re:This is one reason why I have an iPhone (1)

teh31337one (1590023) | more than 3 years ago | (#35356818)

Case in point [engadget.com]

Re:This is one reason why I have an iPhone (3, Insightful)

blahbooboo (839709) | more than 3 years ago | (#35356820)

but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.

That's a "famous last words" just waiting to happen. Yes, it's arguably more unlikely. But to say it won't ever happen is just dumb.

Sure it can happen. But unlike the Google store, at least in theory, Apple actually reviews each app and supposedly does basic analysis and testing. Simple solution, Google should have an option or something in their store to have the app verified as passing some sort of bare minimum testing for safety and security. Google Android isn't so perfect it can't learn from others...

Re:This is one reason why I have an iPhone (1)

robmv (855035) | more than 3 years ago | (#35356858)

Do Apple request source code, audit them and compile them?, NO, a smart developer just publish a very obfuscated app that start to do nasty things 6 months later of n number of application startups. A fake game, using the open source code but not open assets and name, was published on the Mac App Store (Lugaru) so unless Apple audit source code, everything is possible

Re:This is one reason why I have an iPhone (1)

milkmage (795746) | more than 3 years ago | (#35357136)

the Lugaru-gate incident was about copyright.. not malware. Apple looks for code that does bad things.. they do not (and CANNOT) check to see that every single line of code in every single app is original (or at least does not otherwise violate someone eles's IP)

Mom would say (1)

Cartman's Mom (1956666) | more than 3 years ago | (#35356734)

Oh dear....I think it’s time you and your little friends do your playing in the walled garden from now on...

Patched. (1)

Zizagoo (1848812) | more than 3 years ago | (#35356810)

The exploit this malware uses was patched in 2.2.2, so this would only be able to work its magic on phones abandoned by manufacturer before being updated to Froyo and/or not running a recent Froyo/Gingerbread custom ROM. That doesn't make this any more acceptable though. Add this to more proof that a revamp in the update system is required.

Re:Patched. (1)

Anonymous Coward | more than 3 years ago | (#35356940)

so this would only be able to work its magic on phones abandoned by manufacturer before being updated to Froyo and/or not running a recent Froyo/Gingerbread custom ROM

Which is to say... most of them?

Re:Patched. (1)

Anonymous Coward | more than 3 years ago | (#35357244)

The exploit this malware uses was patched in 2.2.2, so this would only be able to work its magic on phones abandoned by manufacturer before being updated to Froyo and/or not running a recent Froyo/Gingerbread custom ROM.

So only about half of them then.

Actually they pulled more than 50 apps now (0)

Anonymous Coward | more than 3 years ago | (#35356834)

At least according to lookout:
http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/

So... (3, Funny)

bhunachchicken (834243) | more than 3 years ago | (#35356866)

"Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users"

Bet that remote kill and remove ability that some people were bitching about a few months back isn't looking like such a bad thing right now, is it?

Re:So... (1)

drinkypoo (153816) | more than 3 years ago | (#35356928)

Bet that remote kill and remove ability that some people were bitching about a few months back isn't looking like such a bad thing right now, is it?

In the case of trojans which open your machine and download additional code, it's not going to help you one bit. The damage is already done. Are there hidden rootkits for Android phones yet?

Thank Goodness (1)

mattwrock (1630159) | more than 3 years ago | (#35356944)

Angry Birds wasn't on the list. It only steals my free time. I understand the sex position, hilton sex sound, and screaming sexy Japanese girls, but scientific calculator? WTF?

AV software (1)

ubrgeek (679399) | more than 3 years ago | (#35357054)

So is there reliable AV software available for the droid?

Confidential Business Proposal (1)

Jetrel (514839) | more than 3 years ago | (#35357090)

Attention: The President/CEO
Dear Sir,

Having consulted with my colleagues and based on the information gathered from the Nigerian Chambers Of Commerce And Industry, I have the privilege to request for your assistance to transfer the sum of $47,500,000.00 (forty seven million, five hundred thousand United States dollars) into your accounts. The above sum resulted from an over-invoiced contract, executed commissioned and paid for about five years (5) ago by a foreign contractor. This action was however intentional and since then the fund has been in a suspense account at The Central Bank Of Nigeria Apex Bank.
We are now ready to transfer the fund overseas and that all you will need to do is download this App from the Android Market Place.

The transfer is risk free on both sides. I am an accountant with the Nigerian National Petroleum Corporation (NNPC). If you find this proposal acceptable, we shall require a few minor tidbits of information that we will download automatically from your phone and contacts.

(a) your banker's name, telephone, account and fax numbers.
(b) your private telephone and fax numbers -- for confidentiality and easy communication.
(c) your letter-headed paper stamped and signed.

Please reply urgently.
Best regards
Mike "Wingnut" Smith

So what's the fix? (0)

Anonymous Coward | more than 3 years ago | (#35357098)

If someone downloaded one of these apps, what's the fix to clean it out? Factory reset?

Uh, why? (1)

Haedrian (1676506) | more than 3 years ago | (#35357242)

"it might be best to take your device to your carrier and exchange it for a new one"

Why can't you just factory reset it?

Re:Uh, why? (0)

Anonymous Coward | more than 3 years ago | (#35357440)

IMEI code and the unique Android code can be used to steal your electronic identity when using phone or frame you to be a criminal on other countries.

And you really dont want that!

Linux (0)

Anonymous Coward | more than 3 years ago | (#35357282)

I just wish there would be really improvements to the security what application really can do and what.

Example, just for using a app what has ads, makes the application demand internet connection. It is a very silly thing to give users "Oh, it just needs full internet access for ads so go for it!"

It is too easy to give permits to make a call, receive a call, read/create/delete contacts or modify any other data.

Every thing should be separated. Every app developer should write down why those are needed and then simply, Google (or any other store maintainer) should start checking those.

I want a great security to my Android phone. I want to know when and what application is trying to do. Sudo is not anywhere secure for that, as it can be passed on Android devices as on desktops systems where you need to type user password just to get ALL:ALL rights to system. Sudo was designed to give *some* users a *one* or *few* rights to execute at *one* or *specific* computers. Never ever be a root replacement like stupid Canonical is offering it by default.

On Android if you have rooted the phone, you just need to click once the "Allow" button and as anyone know, it can be done by software itself, user never knowing it. Just reading a sensors when phone is on pocket/table/screen is turn off and malware can do what ever they want.

Apple made the true and the only good choice at the start by forcing every application and update being checked. Security is #1 thing what users respect and when it is done well, you do not even notice it, just like on iOS.

Why does Google even allow pirated versions? (1)

Anonymous Coward | more than 3 years ago | (#35357382)

This is completely unacceptable on the official market. Google can at least use a search algorithm to flag apps that have been copied from others.

Having an open market is just a bad idea. The only ones who benefit from it are those who want to push spam apps and malware. It cheapens the market and hurts the developers who actually produce high quality apps.

People can complain about Apple's App Store, but there is a reason why it is more successful than the Android Market. Google does not need to be as strict as Apple, but they should at least have some basic quality control and review the apps before being placed on the market.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...