Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

30+ Infected Apps Pulled From Android Market

samzenpus posted more than 3 years ago | from the one-bad-app-spoiling-the-barrel dept.

Android 91

Trailrunner7 writes "Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market. There are at least 34 applications that researchers have found in the Android Market in the last few days that had a version of the DroidDream malware dropped into them. Once a user installs one of the infected applications, the malicious component, which researchers have dubbed DroidDream Light, will kick in once the user receives an incoming call. The malware then gathers some identifying information from the phone, including its IMEI number, IMSI number, packages installed and other data, and then sends it off to a pre-configured remote server."

cancel ×

91 comments

Sorry! There are no comments related to the filter you selected.

Which ones? (5, Informative)

blair1q (305137) | more than 3 years ago | (#36311466)

Again, no list in TFA.

You have to dig through it to another article that links to a source article with a list:

http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/ [mylookout.com]

And that list is over two months old.

Which means this story's hardly viral. More like fungal.

Re:Which ones? (-1, Troll)

alta (1263) | more than 3 years ago | (#36311616)

not sure which, but I'm pretty sure you can exclude all of these...

http://www.apple.com/iphone/apps-for-iphone/ [apple.com]

Re:Which ones? (0)

Anonymous Coward | more than 3 years ago | (#36311720)

That's not the only thing you won't find in that listing.

Re:Which ones? (-1)

Anonymous Coward | more than 3 years ago | (#36311728)

not sure which, but I'm pretty sure you can exclude all of these...

http://www.apple.com/iphone/apps-for-iphone/ [apple.com]

If this article were about iOS malware and an Android fanboi posted something like that he'd be modded troll. At slashdot, the Mecca for drooling Apple fanbois, it's modded insightful. How sad, and how far this site has sunk. Now go back to jacking off to Youtube videos of Lord Steve introducing magical products.

Re:Which ones? (-1)

Anonymous Coward | more than 3 years ago | (#36311918)

That's the reality buddy. Android's cesspool of infected apps and the bad news that goes along with it will be its downfall. Heck, one of the reasons why iOS products are such a hit with the Joe Consumer is that they are fed up with having to deal with this malware/virus sh!t on their regular computers. The only time you hear about an iOS virus/malware issue is when it's on a jailbroken device which introduces the same problems native with... guess... ANDROID! You very well know that.

So you keep enjoying micromanaging your Android device, and let the rest of the users be content with using their iOS devices. It's folks like you that continue the geek/nerd/tech-head stereotype that if a user can't root their phone, then they must be an idiot not worthy of using one.

Now go back to jacking-off to Youtube videos of the Google Twins giving each other hand-jobs while introducing the next sandwich OS.

Re:Which ones? (-1)

Anonymous Coward | more than 3 years ago | (#36312510)

That's the reality buddy. Android's cesspool of infected apps and the bad news that goes along with it will be its downfall. Heck, one of the reasons why iOS products are such a hit with the Joe Consumer is that they are fed up with having to deal with this malware/virus sh!t on their regular computers. The only time you hear about an iOS virus/malware issue is when it's on a jailbroken device which introduces the same problems native with... guess... ANDROID! You very well know that.

Compare and contrast to iPhone, where the spyware comes preinstalled from Apple. I guess what Joe Consumer really hates is having to get his fix from multiple distributors.

Re:Which ones? (1)

Stone2065 (717387) | more than 2 years ago | (#36324918)

Wow... what flavor of crack are YOU smoking today?

Re:Which ones? (1)

node 3 (115640) | more than 3 years ago | (#36312538)

C'mon, you won't find a more dense hive of Android fans anywhere on the net outside of actual Android sites than Slashdot. Reading Slashdot, you'd think everyone uses Android, Linux, Firefox and hacks their own Arduino kits. That everyone hates Sony, think Steve Jobs wants to control people, hates Oracle, and wants to tinker with their hardware.

But your claim is untestable, because there's no such link an Android user could provide. That's a key difference between iOS and Android. And, as of the time of my posting, his post is "-1, Troll", so I guess part of your claim can be tested anyway.

How sad, and how far this site has sunk. Now go back to jacking off to Youtube videos of Lord Steve introducing magical products.

Yes, with such insightful commentary as yours, how sad this site has sunk indeed!

Re:Which ones? (0)

Anonymous Coward | more than 3 years ago | (#36311758)

Yep, no android infection apps on iDevice specific apps.

Whaddaya know, none on Blackberry or WiMo devices either.

Of course, in the first and last case you have to deal with Jobs/Balmer sticking it so far up your ass, it looks like you are sticking out your deformed tongue...

Re:Which ones? (2)

h4rr4r (612664) | more than 3 years ago | (#36311760)

Considering tethering software made it into the apple store I would be careful about such claims.

Re:Which ones? (1)

node 3 (115640) | more than 3 years ago | (#36312400)

Considering not a single piece of "infected" software has been found on the App Store, these claims seem fairly sound.

Re:Which ones? (0)

Anonymous Coward | more than 3 years ago | (#36311876)

Yes, yes. With freedom comes risk and responsibility. Thanks.

Re:Which ones? (0)

Gordonjcp (186804) | more than 3 years ago | (#36313100)

not sure which, but I'm pretty sure you can exclude all of these...

http://www.apple.com/iphone/apps-for-iphone/ [apple.com] [apple.com]

Since the iPhone already has all sorts of nasty malware designed into its OS, there's no point in adding any more.

Re:Which ones? (4, Insightful)

Kamiza Ikioi (893310) | more than 3 years ago | (#36311750)

Look at where that link leads... Lookout anti-virus software for Android. People's entire lives live on these phones. Why would people not protect it?

I find it sad that so many "power" users scoffed at anti-virus/anti-malware for their phones. Waste of space and resources they said. I run Lookout, which does more than just anti-virus. It scans new files I download, then goes away quietly to the background, backs up files, etc. I also run a firewall and adblock software (rooted). I conduct private, work, and finances on my phone. People that do that need to get out of their dreamworld that their phone is hacker proof, regardless of who makes it or what OS it runs. Even if they are behind a walled garden or you never download from unknown publishers, they all run browsers and all browsers can be exploited.

The more powerful phones get, the more they will be targeted. I'm surprised major zombie trojans haven't infected more phones yet. Millions of cheap cpu's for a botnet is a very tempting target, and as they can frequently jump on different wifi and cellular networks, with changing hosts and IPs, They would be hard to block for spam. They would also make for one heck of a DDOS weapon. And with storage ever increasing, they could be hijacked for file sharing.

Re:Which ones? (1)

shadowfaxcrx (1736978) | more than 3 years ago | (#36311814)

I run lookout too, and it's already saved me a few hundred dollars by nicely telling me exactly where in the nature preserve the damn phone had fallen off of my belt, and then setting off a siren when I got close so that I could find it under the plants. If only for that reason, it's a worthwhile app to have around.

Of course, looking at that list, who the hell sees an app like "sexy japanese" or "sex sounds" and doesn't assume there's probably malware of some sort in there?

Re:Which ones? (0)

Anonymous Coward | more than 3 years ago | (#36311968)

victim of Dice Roller and Scientific Calculator here :-(

Not all of the apps are so obviously named.

Re:Which ones? (1)

shadowfaxcrx (1736978) | more than 3 years ago | (#36313000)

Quite true, which is why I make sure to carefully check what permissions the app wants. A calculator doesn't need to use the phone. If a calculator wants to use the phone, I know they're up to something beyond the scope of what I want the app to do.

Re:Which ones? (1)

Stone2065 (717387) | more than 2 years ago | (#36325118)

Exactly right... I couldn't count the number of times I've seen a program, say a calculator that "needed" to know my "phone state and identity"... bullshit.

Games and such, I'll allow internet access if I know it's got ads. Yes, I know, it cuts into badnwidth, but depending on the game, I'll suffer. You HAVE to check ALL permissions, not just hit "install", and "ok" as soon as they pop up. This is just like security on any other computer. Do you just automatically install everything you see online? Installing shit from unknown sources onto your Android phone is the same damn thing.

Re:Which ones? (0)

Anonymous Coward | more than 3 years ago | (#36312078)

Of course, looking at that list, who the hell sees an app like "sexy japanese" or "sex sounds" and doesn't assume there's probably malware of some sort in there?

Especially when the "sexy japanese" installation asks for permission to use telephony...

Re:Which ones? (1)

_4rp4n3t (1617415) | more than 3 years ago | (#36314242)

Can I just ask of you, and Parent, if you see any significant impact on performance running Lookout please?

Re:Which ones? (2)

shadowfaxcrx (1736978) | more than 3 years ago | (#36314850)

No. The phone was slightly slow before I installed it, and it's slightly slow now. But it's an original Droid, and I tend to run more crap on it than it's capable of running comfortably, so that's to be expected. Lookout caused no noticeable performance issues.

Re:Which ones? (1)

Stone2065 (717387) | more than 2 years ago | (#36325136)

I've been running it for almost 2 weeks, and on my Optimus T, it's just fine. No noticible issues, other than the few seconds it takes to scan literally EVERY download I do.

Re:Which ones? (1)

_4rp4n3t (1617415) | more than 3 years ago | (#36328576)

Thanks folks

Re:Which ones? (1)

zero0ne (1309517) | more than 3 years ago | (#36311966)

I would say the bot masters would have more fun using these as their stepping stones to contact their command and control servers. As long as you are only sending simple command line driven instructions, you could hop through tens or hundreds of phones all using a mix of wifi / 3g. The chances of finding where it started from would be nil.

Re:Which ones? (3, Interesting)

mlts (1038732) | more than 3 years ago | (#36312460)

Heck with antivirus/antimalware software. That way of thinking means we end up with the arms race that the blackhats will win every time, and our CPU, RAM, and disk I/O will be collateral damage, just like it is in the Windows ecosystem. If we had to have standard AV software, phone makers would have to double the RAM and add an additional core just to handle the continual I/O of a scanning utility.

In reality, you want to go to a genetic HIPS (host-based intrusion protection system) type of architecture that will stop attacks because of the method used, as opposed to definite file signatures. File signatures means you have this dandy database which means jack squat because the 0-days change a couple bytes each version. For example, if malware uses a series of phone numbers, one blacklists that list instead of each executable hash, as there are far fewer phone numbers than changes to executables possible. Why is a HIPS based system better than real time signatures? HIPS systems only fire off when an action is done, and not having to be actively running.

Even better would be to borrow from the Blackberry model, and if an app is about to use a service that is going to charge, prompt the user who/what/when/where/why/how/how much they will be billed for, and allow them to say "yes, don't bother me again", "yes", "no", or "hell no, this app can never do this".

Re:Which ones? (1)

IgnoramusMaximus (692000) | more than 3 years ago | (#36316548)

Even better would be to borrow from the Blackberry model, and if an app is about to use a service that is going to charge, prompt the user who/what/when/where/why/how/how much they will be billed for, and allow them to say "yes, don't bother me again", "yes", "no", or "hell no, this app can never do this".

I would go further: any app that attempts outbound connections should result in a prompt indicating the app, the server its trying to connect to and the protocol info, ala ZoneAlarm on Windows or LittleSnitch on OS X, whereby the user can answer "Yes, this time", "Yes, forever", "No, this time", "Hell no, disable this process permanently". This should be a standard feature of any consumer OS that expects to run apps that can establish connections outside. Even a dolt user would balk at his new fancy notepad app trying to connect to cmndnctrl.hackmyass.ru ...

The reason for this is painfully obvious: malware with no connectivity is pointless. The market for pointless malware is a domain of kooks and lunatics, not professional criminals and thus a tiny fraction of the danger and nuisance.

Why this simple solution is not implemented in a system like Android is beyond me.

Re:Which ones? (1)

DI4BL0S (1399393) | more than 3 years ago | (#36316846)

There is something like Social Engineering? The link would simply be update.myfancyapname03.ru It would still catch out plenty of people i'm sure.

Re:Which ones? (1)

IgnoramusMaximus (692000) | more than 3 years ago | (#36316892)

True, but if you had an "Ask Google to help you choose" on that prompt which would go to Google security analysis page which would then do lookups and run through Google maintained databases to identify the host and give the user advice as to what to do, this would be negated quite easily.

This would allow the user to choose if he wants more security (Google's advice) at the expense of Google knowing where he connects, or to let him/her make their own decisions.

Re:Which ones? (1)

GooberToo (74388) | more than 3 years ago | (#36313004)

The problem with lookout is that is has every red flag permission under the sun. How many viruses do you think are in your contacts list?

Extremely caution should be used when any application requires read contacts and internet access. How sure are you, you didn't just give away the bank? You can see for yourself. [android.com] Lookout requires the following list of permissions.

        Your accounts
        manage the accounts list
        Allows an application to perform operations like adding, and removing accounts and deleting their password.
        Hardware controls
        change your audio settings
        Allows application to modify global audio settings such as volume and routing.
        Your location
        coarse (network-based) location
        Access coarse location sources such as the cellular network database to determine an approximate device location, where available. Malicious applications can use this to determine approximately where you are.
        fine (GPS) location
        Access fine location sources such as the Global Positioning System on the device, where available. Malicious applications can use this to determine where you are, and may consume additional battery power.
        Your messages
        read SMS or MMS
        Allows application to read SMS messages stored on your device or SIM card. Malicious applications may read your confidential messages.
        receive SMS
        Allows application to receive and process SMS messages. Malicious applications may monitor your messages or delete them without showing them to you.
        edit SMS or MMS
        Allows application to write to SMS messages stored on your device or SIM card. Malicious applications may delete your messages.
        Network communication
        full Internet access
        Allows an application to create network sockets.
        Your personal information
        read contact data
        Allows an application to read all of the contact (address) data stored on your device. Malicious applications can use this to send your data to other people.
        read sensitive log data
        Allows an application to read from the system's various log files. This allows it to discover general information about what you are doing with the device, potentially including personal or private information.
        add or modify calendar events and send email to guests
        Allows an application to add or change the events on your calendar, which may send email to guests. Malicious applications can use this to erase or modify your calendar events or to send email to guests.
        write contact data
        Allows an application to modify the contact (address) data stored on your device. Malicious applications can use this to erase or modify your contact data.
        read Browser's history and bookmarks
        Allows the application to read all the URLs that the Browser has visited, and all of the Browser's bookmarks.
        write Browser's history and bookmarks
        Allows an application to modify the Browser's history or bookmarks stored on your device. Malicious applications can use this to erase or modify your Browser's data.
        read user defined dictionary
        Allows an application to read any private words, names and phrases that the user may have stored in the user dictionary.
        Phone calls
        read phone state and identity
        Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
        Storage
        modify/delete USB storage contents modify/delete SD card contents
        Allows an application to write to the USB storage. Allows an application to write to the SD card.
        System tools
        make application always run
        Allows an application to make parts of itself persistent, so the system can't use it for other applications.
        prevent device from sleeping
        Allows an application to prevent the device from going to sleep.
        modify global system settings
        Allows an application to modify the system's settings data. Malicious applications can corrupt your system's configuration.
        write sync settings
        Allows an application to modify the sync settings, such as whether sync is enabled for Contacts.
        disable keylock
        Allows an application to disable the keylock and any associated password security. A legitimate example of this is the phone disabling the keylock when receiving an incoming phone call, then re-enabling the keylock when the call is finished.
        delete all application cache data
        Allows an application to free device storage by deleting files in application cache directory. Access is very restricted usually to system process.

Show all

        Your accounts
        discover known accounts
        Allows an application to get the list of accounts known by the device.
        Hardware controls
        control vibrator
        Allows the application to control the vibrator.
        control flashlight
        Allows the application to control the flashlight.
        Network communication
        view network state
        Allows an application to view the state of all networks.
        receive data from Internet
        Allows the applications to accept cloud to device messages sent by the application's service. Using this service will incur data usage. Malicious applications may cause excess data usage.
        Your personal information
        write to user defined dictionary
        Allows an application to write new words into the user dictionary.
        System tools
        automatically start at boot
        Allows an application to have itself started as soon as the system has finished booting. This can make it take longer to start the device and allow the application to slow down the overall device by always running.
        read sync settings
        Allows an application to read the sync settings, such as whether sync is enabled for Contacts.
        kill background processes
        Allows an application to kill background processes of other applications, even if memory isn't low.

Re:Which ones? (1)

geminidomino (614729) | more than 3 years ago | (#36316526)

I was thinking the exact same thing.

This is depressing as hell. Behind the kind of scummy developers that have us even worrying about this kind of garbage (not even the malware, the data leaking) and now that the OS isn't quiet "open" anymore, Android's losing it's shine pretty damn quickly. It's the best competition that Apple could have hoped for, FFS.

Don't get me wrong. I loathe Apple on about every level from principle to practical, but god damn... My "smart" phone is all but useless because this scumware is so prevalent, I'm almost trimmed down to stock FFS.

Re:Which ones? (1)

DI4BL0S (1399393) | more than 3 years ago | (#36316862)

Malware will always go where to biggest market share is... Apple won't be safe from it, antho I think (unsure) they have a much stricter app approval process?

Re:Which ones? (1)

geminidomino (614729) | more than 2 years ago | (#36321266)

I don't mean the malware. I mean the data-scraping scumminess that is apparently built right into the API.

The tin-foil cynic part of me wonders if this isn't the biggest part of the reason they're holding back honeycomb. Not so much because of claims of "quality of experience" (taking pages from Apple's playbook there, Google?), but because with all the press this garbage is getting lately, some enterprising group of modders might actually try to interfere with it (a la Cyanogen's sadly aborted spoofing modification).

Re:Which ones? (0)

Anonymous Coward | more than 3 years ago | (#36315322)

Do you run an anti-malware software on your Debian box, in case some malware gets in the repos?

OK, Debian has a reputation for being hilariously careful about patching things, and even if they break openssh security once in a while, they'd never accept a trojan app, or a patch adding obfuscated backdoor code to an existing app.

So pick your least-trusted Linux distro -- maybe Ubuntu, maybe someone else. Allow all kinds of open-source software to be installed, including ones not from the distro's repositories as long as you compile them from the published source code. Now do you run an anti-malware app?

If not, then you don't need one on your phone running Maemo and installing open-source apps from the community repos.

Seems to me the problem is installing random binaries where nobody knows what's in them -- if you insist on doing that to get your, e.g. "Beauty Breasts", "Sexy Girls: Hot Japanese", and the like, then yeah, you need anti-malware apps. I'll just be over here (with my open-source apps that do everything I need done) scoffing...

Re:Which ones? (1)

bonch (38532) | more than 3 years ago | (#36316836)

I think most people scoff at antivirus software for a mobile OS because one of the advantages of getting away from the desktop PC was supposed to be the avoidance of malware. Stories like this help justify Apple's approach to quality control.

Package Names? (1)

alt236_ftw (2007300) | more than 3 years ago | (#36312642)

What I don't get is why no-one writes the package names of the malicious apps.

Application names are generally useless on Android since they can be duplicated freely (and there are legit apps with those names).
On the other hand, package names are unique in the Market.

Anyway, the list of the apps with the package names from the **previous** outbreak can be found here: http://globalthreatcenter.com/?p=2091 [globalthreatcenter.com]

Also, a question: does the kill switch affect devices which don't have the market installed?

List of Apps (4, Informative)

Some guy named Chris (9720) | more than 3 years ago | (#36311486)

Re:List of Apps (1)

LWATCDR (28044) | more than 3 years ago | (#36311548)

Thanks that is the most import part of the story.

Not news-worthy (1)

vinayg18 (1641855) | more than 3 years ago | (#36311488)

Can't wait for the day when such actions aren't news.

Re:Not news-worthy (1)

h4rr4r (612664) | more than 3 years ago | (#36311526)

You mean when they are so common no one even notices when a new one comes out? Like with windows malware?

Re:Not news-worthy (2)

vinayg18 (1641855) | more than 3 years ago | (#36311614)

Umm, no, that would be the worst case scenario, wouldn't it? Every time there's a round of media coverage about Google zapping apps on the Android Market, I get the feeling that it's an attempt to condemn the security model of the Android OS, when the actual problem is the users' lack of discretion in installing junk!

Re:Not news-worthy (1)

h4rr4r (612664) | more than 3 years ago | (#36311638)

I just mean that this will always happen, and I prefer it be newsworthy rather than something too common to report on.

Re:Not news-worthy (1)

LordLimecat (1103839) | more than 3 years ago | (#36312192)

According to the article (and its links), the programs root the phone and bypass the application sandbox, so while there is some user culpability here, it is also a mark on the Android OS security model.

Re:Not news-worthy (1)

symbolset (646467) | more than 3 years ago | (#36316298)

What a program can do, a program can do. We want rootable phones. As AC said above, with freedom comes responsibility.

Re:Not news-worthy (1)

tlhIngan (30335) | more than 3 years ago | (#36312378)

Umm, no, that would be the worst case scenario, wouldn't it? Every time there's a round of media coverage about Google zapping apps on the Android Market, I get the feeling that it's an attempt to condemn the security model of the Android OS, when the actual problem is the users' lack of discretion in installing junk!

That's because the Android security model does fail in that attempt. It's ignoring the obvious security flaw - that if a user is confronted with a choice between security and dancing pigs, dancing pigs wins [wikipedia.org] .

If a user wants to install that junk becaues they like it for whatever reason, there's nothing that will stop them. (And this applies to iOS as well - people will do all sorts of things like jailbreaking and installing OpenSSH etc. to do stuff like pirate apps.)

Android it like a PC with respect to openess and security - and we all know Windows users will install crap, so will Android users. There's little Microsoft or Google can do to Windows or Android to compromise this (over say, iOS) without losing what makes Android special - it's freedom.

The price of freedom is eternal vigilence. Alas, the typical user doesn't want to watch over their PC, or their phone. The /. crowd can crow about Android's freedom, but also have to realize that they're more vigilent than the typical user who just sees a pretty shiny and installs it.

Sadly, I'm not sure what the middle of the road path is between walled garden and complete freedom. And I'm wondering how long until carriers preinstall antivirus scanners and anti malware tools and add a "malware tool monthly update" charge to bills.

Re:Not news-worthy (1)

DJRumpy (1345787) | more than 3 years ago | (#36312798)

I have to agree here. Although Apple has it's drawbacks in the approach they take, it is most effective for a large majority of folks who don't need 'freedom' and most likely don't even realize they don't have it. I think this would be a good opportunity for Google to step up and put a gardner in the garden to watch for 'weeds'.

If there is something that Google can do to moderate or limit this type of damage (before the fact, not after), then they should be encouraged to do so. It is not the users fault that they don't understand why a program asks to access the dialer. Most probably come from the Windows world where such prompts are common place and commonly ignored. Blaming the end user for taking an easy option is not a good answer and part of the reason Linux fails on the desktop. Programmers are always quick to condemn the stupidity of end users over questions about ease of use, not understanding that a user isn't necessarily a geek and they shouldn't need to be for day to day use of computer or a phone.

If Google isn't careful, they will turn Android into a sponge for viruses with it's 'wild west' approach. This doesn't mean they need to go all out Apple style, but even something as simple as a general scan for such malware during the submission phase would be a good start. Considering the billions in revenue these folks make off of end user ads, funding a group to at least check what permissions an app asks for and finding out why doesn't seem to be too much to ask. I suspect such a simple approach would probably catch the easiest low hanging fruit which probably also constitutes the large majority of malware on Android. No security model is secure, but they could at least take steps to have someone with a technical background review and question these apps and the permissions they request before they are published in the market place.

Users could always opt to use other markets if they don't like the Google market while a simple approach like this would be beneficial to a large majority of 'vanilla' users, ideally preventing them from hurting themselves.

Re:Not news-worthy (1)

Stone2065 (717387) | more than 2 years ago | (#36325296)

I'm half tempted... well, a quarter tempted anyhow, to just get a dumb phone and get a smaller tablet for apps, one that either doesn't have 3/4G, or at least has easily configured Wi-Fi so it won't just kick its self on because of proximity or some such. I like having all my apps on my Android, but I don't want the damn thing to be part of a bot farm at some point. I know I said I'm running Lookout, but no telling if that's going to be all I NEED to run. If I have to lock down my phone to the level of my "smart"phone... I just MAY opt for carrying two pieces of hardware with me instead of one...

Re:Not news-worthy (1)

node 3 (115640) | more than 3 years ago | (#36312604)

the actual problem is the users' lack of discretion in installing junk!

How, exactly, are people supposed to know what's malware and what's not?

I get the feeling that it's an attempt to condemn the security model of the Android OS

That's exactly what it does, whether it's an actual attempt or not. Google's security model is awful. This is by deliberate design. If Google (and fandroids) want to beat Apple over the head for having a closed App Store, you also have to take the good with the bad.

There's another system, one with significantly more apps and with a larger user base, which does not have this problem. If that doesn't illustrate the difference in security between iOS and Android, I don't know what does.

Get off the couch, folks. (1, Offtopic)

Dr.Bob,DC (2076168) | more than 3 years ago | (#36311512)


Take a step back for a moment and think if this is really an earth shattering event. Some apps get pulled, big deal. Think of the bigger picture: maybe some people will quit playing games on their phones, get off the couch and get some exercise!

To the earlier link to cellphones causing cancer and now this, I say "GOOD!", let them go!

The vast majority of human evolution happened before the invention of radio waves and radiation flooding our bodies with their deadly effect. It has been only in the past 100ish years that people started to get ill with cancers, heart disease, diabetes and other ills caused by the rapid increase of vertebral subluxations.

Get off the couch, start exercising. Maybe consider a vegan, or at least organic vegetarian diet. Feel like a burger? No! All the hormones in beef to straight to your spine causing subluxation growth. Try a delicious organic veggie burger instead. Feel like potato chips? Try some yummy organic celery sticks with a misting of organic sesame oil!

Go for a walk, it's summertime, folks! Enjoy some no or light impact sports. Above all else, if you feel *anything* in your spinal area which just isn't right, get to trained chiropractor. They will attend to the subluxation and get you back on your path to good health!

You have only one life: MAXIMIZE IT!

Take care,
Bob

Re:Get off the couch, folks. (1)

Dr Herbert West (1357769) | more than 3 years ago | (#36311600)

I can't tell if this is trolling, or if there's someone on /. that actually thinks that leaving the house, exercise, and eating anything besides energy drinks and cheetoes is a good idea...

But it is summer, maybe I should go outsi--
oh look! COD has a new map pack!

Re:Get off the couch, folks. (0)

Anonymous Coward | more than 3 years ago | (#36311650)


Dr. Bob is the resident chiropractor quack at /.

He'll tell you at length about how all human suffering is caused by "subluxations". He appears to be a Luddite yet claims to have a techie streak in him.

If anything, his rants are most entertaining.

Re:Get off the couch, folks. (1)

PhreakOfTime (588141) | more than 3 years ago | (#36311692)

You can't tell if it's a troll?

Advertising to go to a chiropractor, in a discussion about cell phone apps, didn't give it away to you?

Re:Get off the couch, folks. (1)

grub (11606) | more than 3 years ago | (#36311714)


Ah, but you see, cell phone RADIATION causes SUBLUXATIONS which then causes heart disease, cancer, cooties, AIDS, bad breath, gas and crossed eyes.

It's completely on topic!

Re:Get off the couch, folks. (1)

mallyn (136041) | more than 3 years ago | (#36311774)

I have a cell phone that is about 6 years old.

I use it about 5 minutes per month.

I commute by bicycle about 6 miles minimum each way to and from work. Sometimes 10 to 15, depending how I feel.

I get around everywhere by bicycle and walking

I eat raw vegan about 60 percent of the time; the rest is vegitarian.

I take no high fructose corn syrup. That stuff is poison.

If I am not out exercising, I am engaged in my hobbies of sewing, welding, glass engraving, and lapidary. I make stuff for the fun of it. If you want to see what I make, go to www.allyn.com [allyn.com] for my art journal.

I have not had a couch or tv for about 30 something years.

Re:Get off the couch, folks. (2)

mandark1967 (630856) | more than 3 years ago | (#36311994)

Good Afternoon mallyn,

This is Comcast posting to notify you the appointment we scheduled 30yrs ago to handle your TV outage is scheduled for sometime between 8:00 am EST tomorrow and 2020.

Will you be home at that time, or should we reschedule?

You may contact us at 1-8COMCASTIC or email us at lulz@comcastcares.not

Re:Get off the couch, folks. (1)

Nimloth (704789) | more than 3 years ago | (#36312068)

I have not had a couch or tv for about 30 something years.

You should really shop around then, they've made HUGE improvements in the last 30 years.

Re:Get off the couch, folks. (1)

onkelonkel (560274) | more than 3 years ago | (#36311656)

The only proper defense against nuclear cellphone radiation is a HOSTS FILE written by a LADYBOY CHIROPRACTOR!!

Re:Get off the couch, folks. (0)

h4rr4r (612664) | more than 3 years ago | (#36311718)

Only in Soviet Russia.

Re:Get off the couch, folks. (2)

PhreakOfTime (588141) | more than 3 years ago | (#36311856)

Radio waves were not 'invented'

Radio waves were discovered.

Re:Get off the couch, folks. (1)

benjfowler (239527) | more than 3 years ago | (#36311976)

Get your hand off it, dude. Public onanism is embarassing.

Android... (0)

Anonymous Coward | more than 3 years ago | (#36311578)

They should open source it, it won't get any malware then.

Oh wait..

Give me a minute.... (0)

Anonymous Coward | more than 3 years ago | (#36311706)

Hang on. Almost... GOT IT!

I wonder how many infected apps are in Apple's app store that /aren't/ getting removed? That's the beauty of the Android market!

30,000 Users (1)

TheNinjaroach (878876) | more than 3 years ago | (#36311734)

The issue deserves concern, but 30,000 Android users seems like a very small number to me.

Re:30,000 Users (0)

Anonymous Coward | more than 3 years ago | (#36311788)

30,000 Android users seems like a very small number

As does 34 apps and 6 developers.

And really the best advice is exactly what was recommended in the blog posting: "Only download apps from trusted sources, such as reputable app markets. Remember to look at the developer name, reviews, and star ratings." That alone would protect people from this, as all the apps to date have simply been ripped-off copies of legitimate apps with the malware added to them.

Re:30,000 Users (2)

shmlco (594907) | more than 3 years ago | (#36313904)

""Only download apps from trusted sources, such as reputable app markets."

You mean like Google's Android App Market?

Re:30,000 Users (1)

Hal_Porter (817932) | more than 3 years ago | (#36316060)

I personally find the lord_pwnalot app store much more trustworthy. If you use Lookout you'll need to ignore the false positives when you install Dancing Pigs, Super Security Toolbars or Natalie Portman Naked And Petrified.

Re:30,000 Users (1)

shutdown -p now (807394) | more than 3 years ago | (#36316500)

Google's Market is not "reputable" right now as it doesn't have any meaningful premoderation/approval process for apps. They do occasional cleanups like in TFA, but in between malware gets in.

The only "reputable" cross-device Android app store that I am aware of is Amazon's. And that one is actually pretty good.

Re:30,000 Users (1)

Stone2065 (717387) | more than 2 years ago | (#36325470)

Personally, I have a few steps I take when I get software for my Android phone...

1. I ONLY get stuff from the Android App Market. Period. End of Report. I don't give a flying shit if it's from my best friend/tech head/Yahweh... I ONLY get it from THAT market.
2. I look over the permissions requested for said app. I don't mind an app that send out for my "fine location" IF it's say a GPS related app. Most of them DO need that. That being said, I'm pretty goddamn sure that a calculator app sure as shit doesn't.
3. I also look over the reviews on the app that are posted to the app market. If someone, or several someones are having problems with the software on a phone like mine, I usually don't bother, unless I can tell from the posting that the guy/gal is a retard. "This live wallpaper won't run! It's broken! I can't even find the program on my list. It must be malware." sort of bullshit. (Fyi, for those that don't know Android, live wallpapers must be selected through the method you use for choosing wallpapers. It's not an 'app' per se, it just goes into your wallpaper folder on the phone its self.)

Call me paranoid all you want, but this simple process keeps me pretty safe. I also am skittish about rooting my phone, since I would have to keep even closer tabs on my phone, and won't have that wonderful fallback of "return phone to factory reset? Warning, this will erase all your data.".

Re:30,000 Users (2)

mandark1967 (630856) | more than 3 years ago | (#36312102)

The issue deserves concern, but 30,000 Android users seems like a very small number to me.

Try using a larger fontsize.

I got a call... (1)

hesaigo999ca (786966) | more than 3 years ago | (#36311886)

I know its off topic slightly but i got a call from a number ....or even text messages with a link to call this number...
on my iphone, i imagine they are making some malware for iphones too, or is that just wishful thinking on the part of parties involved calling me
to get me to click on a link...anyone know or have useful links on the iphone for this too???
greatly appreciated

Re:I got a call... (1)

tlhIngan (30335) | more than 3 years ago | (#36312430)

I know its off topic slightly but i got a call from a number ....or even text messages with a link to call this number...
on my iphone, i imagine they are making some malware for iphones too, or is that just wishful thinking on the part of parties involved calling me
to get me to click on a link...anyone know or have useful links on the iphone for this too???
greatly appreciated

I think it's less malware for iPhone, and more either a spammer/telemarketer got your number or one of your friends may have gotten invited.

The malware sends text messages to spam your friends with the hopes of infecting them, not spam you and make itself known. I'm not even sure iOS lets apps send an SMS without invoking some system API to bring you to the main SMS app.

Re:I got a call... (1)

tlhIngan (30335) | more than 3 years ago | (#36312476)

Addendum. I meant your friends got infected.

Also, have you jailbroke your iPhone? If so, it's possible you've been infected that way, especially if you've installed OpenSSH and didn't change the password. Or if you've installed "free" paid Cydia apps. Jailbreak only apps have full access to the system.

B-b-b-b-bb-b-b-but (1)

benjfowler (239527) | more than 3 years ago | (#36311938)

Android is /free/, man!

Infected? INFECTED?!?! (no: malicious by design) (4, Insightful)

VortexCortex (1117377) | more than 3 years ago | (#36312018)

The apps were not "Infected" by the droid dream malware -- This would mean that malware was wandering around, infiltrating developer machines and the Marketplace itself... No. Instead, said malware payload was purposefully introduced to innocuous looking apps -- similar to the gift of a poison apple, or a Statuesque Wooden Horse Gift.

Hint: Legit app with "malware dropped into them." describes a malware infection about as well as Stigmata describes the actions of a depressed wrist slitter.

Apparently, the sex-censors have illegalized the word: Trojans. Either that, or the submitter is a moron.

Re:Infected? INFECTED?!?! (no: malicious by design (4, Funny)

thestudio_bob (894258) | more than 3 years ago | (#36312126)

The apps were not "Infected" by the droid dream malware -- This would mean that malware was wandering around, infiltrating developer machines and the Marketplace itself... No. Instead, said malware payload was purposefully introduced to innocuous looking apps...

Sorry, but using logic to defend your favorite platform has no use here. Please move along.

Sincerely
An Apple Product User

Re:Infected? INFECTED?!?! (no: malicious by design (0)

Anonymous Coward | more than 3 years ago | (#36312902)

The apps were not "Infected" by the droid dream malware -- This would mean that malware was wandering around, infiltrating developer machines and the Marketplace itself... No. Instead, said malware payload was purposefully introduced to innocuous looking apps...

Sorry, but using logic to defend your favorite platform has no use here. Please move along.

Actually, I think it's just as bad (if not worse) that these apps can go into the official android market with such little oversight that they contain blatant malware. I wonder how much other malware and spyware is out there in the market apps.

Most Android users have encountered apps in the market that provide some stupid little function, but want a wide array of unrelated permissions on the phone. Who is watching these things to see what they really do? And how many average users are really thinking critically about what the app is asking for? Security-wise, I am getting some serious Windows 95/98/NT deja vu from the the Android platform.

Re:Infected? INFECTED?!?! (no: malicious by design (0)

Anonymous Coward | more than 3 years ago | (#36314110)

And yet any time there is any sort of major problem with android or the android market the issue is swept under the rug by a lot of android users on /. and the focus goes back to bashing people who use apple products or concentrating on problems with definitions or semantics in the article instead of the issue at hand. Yes, us Apple product users are the ones being illogical...

Re:Infected? INFECTED?!?! (no: malicious by design (0)

Anonymous Coward | more than 2 years ago | (#36317640)

Typical dumbs ass Apple User reply.

"The apps were not "Infected" by the droid dream malware -- This would mean that malware was wandering around, infiltrating developer machines and the Marketplace itself... No. Instead, said malware payload was purposefully introduced to innocuous looking apps..." is a totally correct statement for any platform.

Ponders (1)

Cartman's Mom (1956666) | more than 3 years ago | (#36312024)

Hmmm......walled garden, eh....(scratches chin thoughfully).....

Re:Ponders (1)

shutdown -p now (807394) | more than 3 years ago | (#36316666)

The nice thing about Android is that you're free to choose the walled garden [amazon.com] if you want.

It's okay, we're safe. (1)

ryantmer (1748734) | more than 3 years ago | (#36312154)

The malware only activates when you receive one of these "phone call" things - and when was the last time you received one of those?

How are apps "infected"? (1)

pseudorand (603231) | more than 3 years ago | (#36312228)

Despise other comments to this post claiming that these apps had the malicious payload intentionally included, I can't find anything confirming that's the case. Are we sure it's not a matter for developer keys (or even the Google Marketplace or phone OS) getting compromised? Anyone see that info anywhere

Re:How are apps "infected"? (1)

idontgno (624372) | more than 3 years ago | (#36312498)

F-Secure's analysis: [f-secure.com]

This application was originally harmless. However, a malicious developer called "Magic Photo Studio" downloaded the original application, modified it and re-uploaded it to Android Market.

In other words, the malware perps grab legit apps from the market, trojanize them, and re-upload to the market under their own throwaway "legitimate" developer identity. So (A) if you search for a particular kind of app, you will see the original clean app alongside the trojanized one, and perhaps choose the latter; and (B) even worse, the malware authors ARE COMMITTING COPYRIGHT VIOLATIONS!!!

So is the remote server known? (1)

arisvega (1414195) | more than 3 years ago | (#36312772)

and then sends it off to a pre-configured remote server

So is the physical location of this server know? Because if it is, then whopass and wedgies may be delivered directly.

Possible Solution (1)

stoanhart (876182) | more than 3 years ago | (#36313958)

Without having to resort to reviewing third party code like Apple does, I see one possible way in which Google could solve this problem without dedicating too many people to it. My solution is this:

By default, a developer account on the Market is "unverified" - when people try to install apps from an unverified account, they receive a huge, scary warning that states that this application could contain malware, please make sure you trust the author, etc.

To become "verified", a developer must contact Google personally and verify their identity, including full contact details (phone number, address, etc.), and sign a form that states something to the effect of "You are liable for all malicious code published through this account, even if your account is hacked." Punishment for publishing malware could include a financial penalty, and possibly criminal charges depending on what your malware did and what jurisdiction you live in.

Re:Possible Solution (1)

S3D (745318) | more than 3 years ago | (#36316220)

To become "verified", a developer must contact Google personally and verify their identity, including full contact details (phone number, address, etc.)

Wouldn't work. Symbian OS tried that and failed so horribly that it's failure toppled Nokia. Hobby/part time/small developers wouldn't get certificate, so there will be a lot of legitimate but not "verified" apps. From the other hand scammers&spammers (who have some real money) will not have problem to register empty shell company in Russia/Azerbajan/**stan/India etc using some homeless person ID and get certificate.

Re:Possible Solution (1)

symbolset (646467) | more than 3 years ago | (#36316414)

You're on to something here. In the trades they have bonding. The tradesman posts a reasonable bond held by a neutral third party which in the event of negligence or poor work is forfeit to the extent of damages. Say, $10,000 bond gives up to $1000 to the first users to claim damage from being compromised by included malware. A bond agent reduces the upfront cost of this by investigating the tradesman and putting up his own money, for a reasonable fee. Profit motive keeps people checking apps. Interest on the bonds pays for the overhead of the third party as in the vast majority of cases no claims will be made. Malware authors have to be particularly resourceful to post bond and still turn a profit before they're discovered, and the economic model of rootkits falls apart.

It can be completely voluntary too: It's your choice if you want to run apps from unbonded sources. Once you have sufficient reputation you don't need bonding any more, or can post your own bonds.

Pre-Configured Server? (1)

Holi (250190) | more than 3 years ago | (#36314122)

Why waste your time with the market, go after the owner of the server.

LBE security (1)

p51d007 (656414) | more than 3 years ago | (#36315684)

Just install that, and anything that attempts to go to the net, request IMEI numbers or anything else, it pops up and asks permission. It's funny/scary to watch how many programs that have absolutely nothing to do with anything, request to send contact info, gps info, tower info and IMEI info.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>