×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New SMS Trojan Found In Android Markets

Soulskill posted more than 2 years ago | from the popping-up-like-weeds dept.

Android 114

Trailrunner7 writes "The Android platform seems to have become the playground of choice for attackers and malware authors looking to make a quick buck. The latest example is a premium-rate SMS Trojan that not only automatically sends costly SMS messages, but also prevents users' carriers from notifying them of the new charges. The new piece of malware, which is known as HippoSMS, has been found in unofficial Android app markets in China. This is just the latest in a series of similar incidents in which attackers and scammers have inserted either outright malicious apps or seemingly benign apps containing malware into app markets. Most of the attacks have targeted Android users, and several times Google has had to remove malicious apps from the official Android market."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

114 comments

Well on the bright side (0, Flamebait)

mr1911 (1942298) | more than 2 years ago | (#36721958)

At least Android users can install whatever they want rather than playing in Apple's walled garden.

That doesn't sound like Apple bashing. Here come the troll mods.

Re:Well on the bright side (4, Insightful)

djdanlib (732853) | more than 2 years ago | (#36722230)

WHAT? You mean freedom also provides the opportunity to freely injure one's self?!?! You don't say!

Re:Well on the bright side (-1, Troll)

peragrin (659227) | more than 2 years ago | (#36722546)

The problem isnt't the right to freely injure yourself, but to be injured by a defective product.

99.99999999999% of consumers cant tell the difference between good software and bad software. The best we can do is judge the supplier as to whether or not it is safe.

Look at windows and viruses. The average person cant tell if that app they just installed had a virus or three with it.

Re:Well on the bright side (1)

cavreader (1903280) | more than 2 years ago | (#36722718)

There is a fairly large developer community that can't tell good software from bad so they just rely on the originating vendor to make their determination. MS - Bad, Apple - Good, OS - Excellent.

Re:Well on the bright side (-1)

Anonymous Coward | more than 2 years ago | (#36722742)

niggers eat shit. they chew slowly on steaming turds. that is why they are brown.

Re:Well on the bright side (1)

Curate (783077) | more than 2 years ago | (#36725074)

There is a fairly large developer community that can't tell good software from bad so they just rely on the originating vendor to make their determination. MS - Bad, Apple - Good, OS - Excellent.

This developer community would be... the open source developer community?

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36723164)

Yeah, I'd say about 7/10,000 is about right for the number of people in the world who can tell good software from bad.

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36725008)

I got 7/100 total people. So the population only needs to grow by 700% before we get at least half a person to tell the rest of us.

Re:Well on the bright side (2)

kelemvor4 (1980226) | more than 2 years ago | (#36723236)

I'm pretty technically competent; but I'll be the first to admit I've not reverse engineered a single android app that I've installed to verify it doesn't contain malware like this.


I wonder if there's any scan on demand anti malware apps out there. If not, there soon will be I'm sure. There's definitely a market for it.

Re:Well on the bright side (1)

TheGratefulNet (143330) | more than 2 years ago | (#36723344)

same here. I'm a good coder, but who has TIME to audit every damned thing?

we do need auditing services. it should be non-profit and community/trust based. ie, like most opensource things.

I don't like a VENDOR being in control. I want it to be 'we the people' so to speak. that way its not political and not under some profit (or even government) directive, one way or another.

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36724760)

If y'all don't have the time to do a good job, just step away from the tool.

Re:Well on the bright side (0)

cgeys (2240696) | more than 2 years ago | (#36725890)

same here. I'm a good coder, but who has TIME to audit every damned thing?

we do need auditing services. it should be non-profit and community/trust based. ie, like most opensource things.

I don't like a VENDOR being in control. I want it to be 'we the people' so to speak. that way its not political and not under some profit (or even government) directive, one way or another.

Most open source software/distros are made by for-profit organizations.. Now I dont say that is a bad thing, it's great to have support. But YOU need to learn some things.

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36725940)

same here. I'm a good coder, but who has TIME to audit every damned thing?

Suspicions confirmed. So much for OSS.

Re:Well on the bright side (1)

TheCRAIGGERS (909877) | more than 2 years ago | (#36726150)

You ARE in control. If you look at an app and see it requests permissions that you don't like, or don't want them to have, you simply don't install it. Yes, that might mean you don't get to play strip poker or whatever.

For example, the only android developer that I trust with my personal information is Google... and that's only because they already have it all anyway.

The other option is the new CM7 roms have the ability to remove permissions from apps. It has opened up a whole new world for me, as I'm now able to use apps I never wanted to install before because of their permission requirements.

Re:Well on the bright side (1)

Anonymous Coward | more than 2 years ago | (#36724114)

I write code and I can't tell the difference between good software and bad software (in terms of whether or not it contains code that would be considered malicious from the user's viewpoint), without an extensive and thorough code analysis. I know you are talking about "punch the monkey and win a free app" type software, but the really serious malware is not going to be that obvious.

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36724528)

It's up to consumers to do their own research. If they don't, too bad. Maybe, after enough $$$, they'll learn to be a responsible adult and accept the full consequences of their actions (or inactions). I mean, when someone goes around not putting oil in their car, does anyone feel sorry for them when it breaks down?

Re:Well on the bright side (0, Troll)

Ol Olsoc (1175323) | more than 2 years ago | (#36722762)

Absolutely. If a product is defective and kills all the people that purchase it, the product will stop selling.

Semi sarcasm....

That's exactly why doctors should not be licensed. Not even educated, if they don't want to be. They put up their sign, and there you have it. If they kill people's children, then after a couple years, those people won't take their children to them any more.

Sarcasm off...

A hackable phone is not freedom. I want the damn thing to work, the concept of a walled garden is actually good in this case. I don't want other people messing with my car, (I'm talkin' to you Onstar) mt refrigerator, or my air conditioner. Oh yeah, or my phone, which is just another appliance.

Interestingly enough, the free market is going to take care of the phones that have the freedom to be hacked so badly. I'm not going to buy one for exactly that reason. Oh the paradox!

Re:Well on the bright side (3, Insightful)

djdanlib (732853) | more than 2 years ago | (#36722974)

I can agree that appliances should be restricted in their functionality. My current phone doesn't have "apps", it just handles calls and SMS, and I like it that way.

My deliciously ironic gripe is that people complain no matter what they have. Apparently an app store policing submissions = evil gestapo, while an app store failing to police submissions well enough = why didn't you protect meeee *whine*

Re:Well on the bright side (4, Insightful)

bberens (965711) | more than 2 years ago | (#36723054)

Not that malware hasn't slipped into the Google store before, but the summary seems to indicate that this particular malware is circulating in 3rd party app stores. Something I would wager 99% of users don't even know exist.

Re:Well on the bright side (2)

djdanlib (732853) | more than 2 years ago | (#36723174)

Well, that brings us neatly around to my original point: If you have the freedom to install apps from anywhere, you have the freedom to install malware. This freedom does not come with what should be the prerequisite dependencies of common sense nor investigative abilities. So in essence, you now have the freedom to hurt yourself, alongside the freedom to do anything you want. You can't have one without the other.

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36724612)

Except most phones have the install software from unknown sources unchecked

Re:Well on the bright side (0, Troll)

kelemvor4 (1980226) | more than 2 years ago | (#36723314)

Not that malware hasn't slipped into the Google store before, but the summary seems to indicate that this particular malware is circulating in 3rd party app stores. Something I would wager 99% of users don't even know exist.

I'm one of the 1% that know they exist I guess. However, on android why would you bother with one? It's not like Apple where the iGestapo restrict things that get in the way of iProduct sales.

Re:Well on the bright side (2)

Riceballsan (816702) | more than 2 years ago | (#36724828)

There's certainly legitimate uses for the 3rd party app stores still, such as google has to remove emulators and such to avoid getting their asses sued into oblivion. I do have to say though I am not even slightly concerned about the infected apps from obscure chinese marketplaces, but I do think there is legitimate concern about the ones that have slipped into the marketplace. I do think google needs to step up and add a few layers of QC to the official marketplace. The best of both worlds scenario would be a fairly well audited for quality of apps official market place, or even maybe a certain sticker of "Google approved" applications, something simply to confirm that things are absolutely safe, for the average non-techie user, just as long as there are no warantee voiding/risking hurdles added for fairly competent users to get the unverified apps that they may want.

Re:Well on the bright side (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#36724110)

Heh.

"Malicious code on the Android platform is proof of how great it is!!"

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36725266)

"Malicious code on the PC is proof of how great it is!!"

Changes the scope of things a bit, no?

Re:Well on the bright side (0)

Anonymous Coward | more than 2 years ago | (#36724146)

Yes, freedom means to allow yourself to screw up your own device if you were ignorant enough to download a "chinese bikini girls" app your your Android phone.

Freedom also means a consumer exercising his/her right to choose an entirely different platform that provided a walled-garden of countless apps that requires zero worries from the consumer that it could be infected.

You want the freedom to have your phone vulnerable to fuck-ups, go right ahead. Millions of other people decided they have better things to do with their time than to treat their phones like a crappy Windows PC.

Re:Well on the bright side (1)

Anonymous Coward | more than 2 years ago | (#36723004)

Like any troll, the first thing he mentions is about the other guy. Just like any political "argument". If you're a Republican and you hear about something your party does wrong, the first thing you hear is "well the Democrats do this other thing that's bad, don't forget about that".

Yes, Apple has a "walled garden". I'm surprised you didn't mention the "Reality Distortion Field" too. Oh and in case you didn't hear, there was a major Trojan found in the Android Marketplace.

Re:Well on the bright side (2, Insightful)

rwven (663186) | more than 2 years ago | (#36723014)

Meh. This isn't news. The app is available on some third party app markets (read: not google's market) which are used on the other side of the planet. There was a time when a malicious text message could damage or brick an iphone.

Re:Well on the bright side (2)

CharlyFoxtrot (1607527) | more than 2 years ago | (#36725306)

Meh. This isn't news. The app is available on some third party app markets (read: not google's market) which are used on the other side of the planet. There was a time when a malicious text message could damage or brick an iphone.

There was a proof of concept that could execute arbitrary code on iphone by sending about 500 SMS and which worked about 20% of the time, as explained by the hacker here [youtube.com] . Of course serious bugs aren't really news on either platform. There was a time when Android would execute all text typed into the phone as root [zdnet.com] , then there was the Android bug that sent your messages to random contacts [zdnet.com] or the one where an SMS corrupts Androids SQLite database [androidguys.com] . People in glass houses should throw stones you know.

Re:Well on the bright side (1)

rwven (663186) | more than 2 years ago | (#36726320)

http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html [forbes.com]

My point remains however. This isn't news. This is a non-google sanctioned market and they're responsible for what they post. Not google. Not android.

I'd much rather carefully pick my apps....and actually be able to carefully pick my apps, instead of being limited to only doing a small subset of the features my device would otherwise be capable of.

As you said, people in glass houses....

Information, please! (5, Informative)

Chonnawonga (1025364) | more than 2 years ago | (#36722036)

Why don't these articles ever tell you WHICH markets and apps are affected? Oh, that's right, they're too busy trying to generate page hits through scare-mongering to care about information.

(I'm not trying to say these aren't legitimate threats: quite the opposite. But, good reporting would help mitigate these threats by publicly shaming and informing.)

Re:Information, please! (1)

Anonymous Coward | more than 2 years ago | (#36722222)

It did?

The new piece of malware, which is known as HippoSMS, has been found in unofficial Android app markets in China.

Re:Information, please! (4, Informative)

Chonnawonga (1025364) | more than 2 years ago | (#36722452)

No, that's the name of the malware, not the apps. FTFA:

"The malware is embedded in a seemingly legitimate application in the market, and once users download and install that app, the fun begins."

It goes on to talk about "the host app" which the malware "piggybacks". Which app? They don't tell you. They'd rather tell you that "The Apple iPhone may still be the gold standard when it comes to smartphones".

Re:Information, please! (1)

Computershack (1143409) | more than 2 years ago | (#36722470)

It did?

The new piece of malware, which is known as HippoSMS, has been found in unofficial Android app markets in China.

No it didn't dumbass. All it tells you is the name of the malware that has been found in the app, not the name of the app or apps themselves.

Re:Information, please! (1)

molnarcs (675885) | more than 2 years ago | (#36723518)

Why don't these articles ever tell you WHICH markets and apps are affected? Oh, that's right, they're too busy trying to generate page hits through scare-mongering to care about information.

(I'm not trying to say these aren't legitimate threats: quite the opposite. But, good reporting would help mitigate these threats by publicly shaming and informing.)

Exactly. Also, chances are, that there are HUNDREDS of malware in unofficial Chinese markets - will we get a new slashdot post for each and every one of them? Editors: wtf?

Re:Information, please! (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#36724180)

Why don't these articles ever tell you WHICH markets and apps are affected? Oh, that's right, they're too busy trying to generate page hits through scare-mongering to care about information.

Slashdot generates lots of ad revenue when we argue about walled gardens and malicious apps. We keep falling for it.

Unofficial (1)

Aladrin (926209) | more than 2 years ago | (#36722050)

I'm having trouble worrying about people who install apps onto their phone without knowing that the market creator is paying attention for that sort of thing. Google and Amazon are alert and watching. Random markets in China? I feel less confident in them.

I feel exactly the same compassion for them that I feel for people who download things from any random website they find.

Re:Unofficial (1)

Night64 (1175319) | more than 2 years ago | (#36723824)

Slashdot should change the headline to "New SMS Trojan Found In Application Stores/Markets". That would call even more readers. Because that IS the point, isn't?

Price you pay.. (4, Insightful)

AngryDeuce (2205124) | more than 2 years ago | (#36722076)

If you want the freedom to install whatever you want from wherever you want, you have to accept that some of those things may not be good for you or your devices. To me, it's worth the trade off.

In the end, the best protection will always be common sense. To those that do not feel they possess enough knowledge to make their own decisions in this regard, there is always Apple who will gladly make the decision for you. To each their own.

Re:Price you pay.. (1)

Kamiza Ikioi (893310) | more than 2 years ago | (#36722328)

Yeah, and "from wherever" for me NEVER includes apps from China.

Re:Price you pay.. (0)

Anonymous Coward | more than 2 years ago | (#36722466)

Yeah, and "from wherever" for me NEVER includes apps from China.

As it does to most other people with at least half a brain. For the rest, there's iOS.

Re:Price you pay.. (1)

Trufagus (1803250) | more than 2 years ago | (#36722684)

Why?

First off, let's note that this /. article is about a Trojan that is not in the Android market. Publishing an article about that is just stupid scare-mongering. There could be millions of viruses/trojans outside the market and I wouldn't care. What matters is when they get into the market.

Now, back to your trade-off.

Google can and should make the Android market 99.99% free of trojans/viruses. Free enough that I can recommend the Android market to my proverbial mom or uncle and know they will be safe. (Some would argue that they already have - the number of downloads of malware from the market probably represent close to 0.0000% of market downloads.)

And they can do this while still keeping the market 'free'. Because, as in most countries, freedom and free speech don't mean you can do/say anything. There are limits, but the limits are (supposed to be) clearly articulated and implemented, and should have widespread support.

So, if Google eliminates all malware and anything else that breaks the laws of my country or your country (this part is not resolved yet), and if they are transparent about this, then I would argue that we still have a free market/platform and we didn't have to make any trade-off that we don't already make in living in a democracy, free, society.

Re:Price you pay.. (1)

AngryDeuce (2205124) | more than 2 years ago | (#36724584)

Google already makes the Android market secure. They've yanked malware off the official market many times. Outside of technical issues such as things locking up, your mom or uncle is perfectly safe downloading from the official market, and most issues like that are easily discerned in reading the reviews of an app. Chances are, if it's got less than a 3 star rating, it's probably not worth the download, and even the most non-technical person should be able to read those reviews and make an intelligent decision.

However, the trade-off I was referring to is the ability to install apps from outside of the store. There is an option right there, Options/Settings/Applications "Unkown Sources: Allow installation of non-market applications". Mom and uncle leave that box unchecked, all is well. Nothing is forcing anyone to install apps from out in the wild. I would rather that functionality be there than to have it removed to "protect" the people that do not have the ability to protect themselves. It's not Google's responsibility to make sure everyone is being smart with their devices...

Re:Price you pay.. (0)

Anonymous Coward | more than 2 years ago | (#36723032)

If you want the freedom to install whatever you want from wherever you want, you have to accept that some of those things may not be good for you or your devices. To me, it's worth the trade off.

It's only a trade off 'cause google does not want a permission control system like cyanogen nightly has it.

Re:Price you pay.. (1)

gmon750 (1216394) | more than 2 years ago | (#36724356)

You are assuming most users of smartphones have common sense to begin with in order to stay away from red-light-district App stores. That is simply not true. Most users (regardless of platform) are simply not savvy enough to know better.

Sure, you can label them as "ignorant", or "stupid". I've read countless of postings from tech-brats preaching that if a user doesn't know any better, they should not even buy a smartphone. If that were the case, then Android would have had a much more difficult time getting any market penetration.

Users don't know (and should not have to know) that going to a Chinese App market is akin to rolling dice. They don't look at their smartphone as a desktop-computer per se, and it's really naive to think that they should have to. Google's open-to-all approach is fundamentally broken. So much so that even fandroid folks here are hinting that Apple's walled-garden approach actually is something that should be considered. Who knew that Hell would freeze over so fast!

Best protection is not common sense. We're beyond that now. People should not have to babysit their phones. It should be treated as an appliance, not a PC. Google needs to address this or it will be their downfall. This is one area where Apple really has their act together.

Re:Price you pay.. (1)

AngryDeuce (2205124) | more than 2 years ago | (#36725066)

Users don't know (and should not have to know)...

I absolutely disagree, I think that those of us that do know the dangers of the internet should be beating it into the heads of every person we know that doesn't. People need to learn that the internet is not a fantasy land with unicorns and funny images. People get taken advantage of due to their ignorance all day long. It's never going to stop. There are no internet police. For every shady app or program or attachment or virus you eradicate in the wild another one is going to pop up.

Imagine how many problems could be avoided in the world if everyone finally got it through their head that you do not open attachments from unknown sources, ever? Imagine how many people less a year would get their online accounts hacked if everyone just miraculously understood that your password should not be a dictionary word or "123456"? How many less cases of identity theft would there be a year if people just realized that you never, ever give your personal information out over the telephone or internet?

What you're saying is the equivalent of saying "people should not have to know that if they don't lock their doors when they go out they might get burglarized." I'd be willing to bet that the vast majority of malware and viruses spread not because the people that created them were so smart or the programs or hacks used were that advanced, but because the people did not have the common sense to see either the danger in their lax security practices or lack of them completely.

Personally, I'll make my own decisions. I don't need Google or Apple to decide what is good or not for me, and frankly, I don't feel I should have to live at the same level as those that do, especially when what is at stake is my electronic devices. If 95% of people out there can't handle installing and using custom firmware, for instance, I don't think the option should be taken away to use it.

and the open apps don't have 30% cut + $99 year (2)

Joe The Dragon (967727) | more than 2 years ago | (#36722120)

and the open apps don't have 30% cut + $99 year

Re:and the open apps don't have 30% cut + $99 year (1)

grub (11606) | more than 2 years ago | (#36722388)

No, but the ones that do have a lot of developers making a lot of money...

iPhone has this problem as well (-1, Troll)

iphone5 (2365296) | more than 2 years ago | (#36722244)

Just recently Apple removed from App store a application that did send SMS to spam users. [thoughts.com]
And I bet there are more, just unnoticed

Re:iPhone has this problem as well (1)

Duradin (1261418) | more than 2 years ago | (#36722338)

Not goatse but damn close, don't click the link.

Re:iPhone has this problem as well (1)

N!k0N (883435) | more than 2 years ago | (#36722874)

... don't click the link.

pretty sure that bit is the M.O. when browsing /. ;)

Re:iPhone has this problem as well (0)

Anonymous Coward | more than 2 years ago | (#36723126)

That is the typical behaviour of a Fuckle Assdroid user.

Re:iPhone has this problem as well (0)

Anonymous Coward | more than 2 years ago | (#36724546)

Which is still magnitudes less annoying the iPhone users. Oh sorry, I forgot to call it something stupid like the Crapple iFuck to stay on your brilliantly clever intellectual level.

This only affects chinese 3rd party markets... (5, Insightful)

Anonymous Coward | more than 2 years ago | (#36722252)

Unofficial Markets. So in other words, Google has nothing to do with this. If you want security on Android, just stick to the standard market. Obviously Third party markets are bad news bears.

this fails the grandparent test (0)

Anonymous Coward | more than 2 years ago | (#36722286)

if a stranger emails you an attachment, do you open it?

For a new Android user (3, Insightful)

0racle (667029) | more than 2 years ago | (#36722350)

As someone who is about to get their first Android device, is there a good resource for practices for protecting it?

Reading the summary, it seems this is a 3rd party market that was infeted. Obviously the first thing is not to install everything you see, followed by don't use 3rd party markets. However there seem to be several 3rd party markets that do have worthwhile software. Is there a suggested list of marketplaces that are reliable?

There also appear to be several Android firewall apps. Is there a site where they are reviewed and compared?

Re:For a new Android user (0, Insightful)

Anonymous Coward | more than 2 years ago | (#36722548)

Number 1 Tip: Sell it and buy an iPad/iPhone.

Re:For a new Android user (2)

WankersRevenge (452399) | more than 2 years ago | (#36723958)

Uggh ... terrible moderation here. This is flamebait, not insightful. As an ios developer, I recommend that you buy the device that best caters to your needs and if you do get off the beaten path with that device -- educate yourself on possible dangers. If you install 3rd apps on your android device, check its requested permissions. If you root your ios device, change the freakin' root password. The issue isn't the device, but the person using it.

Seriously ... I'm tired of this android / ios pissing match on Slashdot -- and that includes mods. I know it generate hits but it's make for terrible conversations. Believe it or not, they can co-exist.

Re:For a new Android user (1)

gmon750 (1216394) | more than 2 years ago | (#36724526)

He is right on a fundamental level. Android is more geared towards tech-heads, geeks and nerds. Nothing wrong with that. iOS is geared towards eliminating the technicalities from the user. Again, nothing wrong with that.

I don't like the pissing-contest folks either. To each their own. However, I have noticed a distinct pattern that most of my non-tech-savvy friends hate their Android phones and end up going the iOS route simply because what makes it popular for the tech-community is exactly the reason it is hated by the joe-consumer. They purchased their Android phone simply because it was a "free" phone, or came in at a lower price, etc.

It's hard to educate a user about this when phone salesmen are so biased to one system or another. Buying a phone should not have to e like buying a car.

Re:For a new Android user (0)

tlhIngan (30335) | more than 2 years ago | (#36722634)

Obviously the first thing is not to install everything you see, followed by don't use 3rd party markets.

Can't help you with Android security, but there are probably a few million people willing ot sell you Android AntiVirus 2011 XP Premium Edition and the like as well, plus a few legit antivirus/antispyware and other stuff, and roots to install DroidWall and such.

The thing is it's a 3rd party market. They exist in China mostly because Android allows quick and easy pirating, and China being China, well, it's obvious. Install a third party market if you want paid apps for free.

After all, didn't the iPad get dinged because there was no easy way to install pirated apps on it? (Easy as in "allowed by default" even though it's really just a jailbreak away).

That, and Chinese phones often run AOSP, so if you want apps, the only way is often third party markets because they can't get on the Marketplace (which Google licenses only to OHA members and not available via AOSP).

And anyone who claims Android's permission based model is perfect - I can point you to the Dancing Pigs [wikipedia.org] problem. If people want to pirate, no amount of technical hurdles is going to stop them. Throwing up more dialogs and popups and such just means one more thing people will ignore.

Re:For a new Android user (2)

alanebro (1808492) | more than 2 years ago | (#36722746)

A good practice is to find an app in which you are interested, then review the permissions to verify they make sense.

For instance, if you're downloading a new phonebook and the app asks for permission to your contacts, you can assume that it really needs it.
If you're downloading a new tic-tac-toe game that asks for full permission to read your ingoing and outgoing calls, you should really question why it needs that.

This isn't foolproof, but it is a really good place to start.

Re:For a new Android user (2)

TheGratefulNet (143330) | more than 2 years ago | (#36723436)

I'm pretty technical but I find the permissions too vague. they are still mostly 'opaque' and I have little actual idea what's going on.

maybe if they showed some of the data they GET, as an illustration? maybe they cache some of the 'captured' data the app 'takes' and show you that, on demand? that way I can say 'oh, you mean you're grabbing THAT from me! fuck you! delete.'

if there's no examples of the data they take, conceptual permissions just don't work for users. works for programmers who have the code. this is NOT the users, though! not even tech ones. no one has time to audit every program in your phone.

Re:For a new Android user (1)

Is0m0rph (819726) | more than 2 years ago | (#36722788)

Pay attention to what the app wants access to when you install it. You have to OK it before it will install. If it's a live wallpaper there should never be a reason it needs to access anything on your phone for example.

Re:For a new Android user (1)

hypergreatthing (254983) | more than 2 years ago | (#36723026)

roll a few sheets of tin foil on the top part of the device, slowly have it encircle itself near the top.

Your device is now protected from mind control rays and other nefarious parts of the EM spectrum.

Re:For a new Android user (1)

brim4brim (2343300) | more than 2 years ago | (#36723566)

Install Lookout security suite, scans every application you install for malware. Don't know if it would have worked in this case but if you stick to Android market then you won't have many issues anyway. Best bet is to stick to apps with good reviews and let those that can tell, flag the crap.

Re:For a new Android user (2)

Soft (266615) | more than 2 years ago | (#36723816)

As someone who is about to get their first Android device, is there a good resource for practices for protecting it?

You may want to read this earlier Slashdot story [slashdot.org] , from which the suggestion that made the most sense to me was to install DroidWall and just not let applications access the network. Of course, they might not work then, and it can be difficult to single out a single app among, say, Google Services.

Re:For a new Android user (1)

Reapman (740286) | more than 2 years ago | (#36724168)

The biggest thing is check the permissions the app needs (it tells you) and don't install if you question why it needs that. A lot of free apps have Ad's so they require a network connection. If your installing some standard game and it asks for SMS sending capabilities - you probably shouldn't install it.

Re:For a new Android user (1)

Inda (580031) | more than 2 years ago | (#36725098)

You have a low user ID; you'll be fine.

Do what everyone does. Don't install brand new apps for a month. Google the name at a later date and see if any other suckers have fallen for it first.

Re:For a new Android user (0)

Anonymous Coward | more than 2 years ago | (#36725150)

Just stick to the google and amazon markets and you'll be fine.

The real WTF... (0)

RoverDaddy (869116) | more than 2 years ago | (#36722400)

After that, it registers one ContentObserver to monitor incoming SMS messages. Inside the ContentObserver, it will delete any SMS message if it starts with the number "10." Note that the numbers such as 10086/10010 represent legitimate mobile phone service providers in China and are typically used to notify users about the services they are ordering and the information of users' current balance of their mobile phone accounts.

.. is why is there an API that allows an app to delete incoming SMS messages ???

Re:The real WTF... (1)

BitZtream (692029) | more than 2 years ago | (#36722570)

One reason would be to write an app that ignored/deleted known SMS spammers?

I'd actually love one for my phone that would delete all the obnoxious AT&T spam text messages about new services and crap.

Re:The real WTF... (1)

i.r.id10t (595143) | more than 2 years ago | (#36723864)

Having just got my first smart phone and being on AT&T, the *very first* message AT&T sent had "reply with stop to end automatic messages" at the end of it ... as have the other 3 I've gotten since (haven't told them to stop, so I'm good with that part).

Re:The real WTF... (2)

imunfair (877689) | more than 2 years ago | (#36722598)

App to block/sort/filter spam or unwanted senders? I'm sure there are more creative uses but that's just the most obvious one

Re:The real WTF... (0)

Anonymous Coward | more than 2 years ago | (#36722612)

Suppose you were making a spam-filtering app...

Re:The real WTF... (1)

Chris Mattern (191822) | more than 2 years ago | (#36725324)

why is there an API that allows an app to delete incoming SMS messages ???

Anti-spam SMS app. Or an app for managing SMS messages in general.

Non-story...China...enough said. (1)

Anonymous Coward | more than 2 years ago | (#36722420)

Non-story. "The new piece of malware, which is known as HippoSMS, has been found in unofficial Android app markets in China." If you load apps from China directly you are asking for this sort of thing. It's nearly the equivalent of going to a "Warez" site for Windows programs.

Apple iPhone4 - Fuckle(Google) Assdroid- 0 (-1)

Anonymous Coward | more than 2 years ago | (#36722494)

On top of lack of stability plus stealing ideas from Apple and code from Sun/Oracle this is yet another reason to stay away from the Fuckle Assdroid platform and why Apple chose a closed platform for their iPhone/iPad/iPod. Apple just works with perks.

Can I subscribe to "no premium SMS"? (1)

davidwr (791652) | more than 2 years ago | (#36722734)

How about if carriers offer a free service which simply blocks "premium" SMS calls altogether?

Sure, I won't be able to donate $10 to the Red Cross the next time there is an earthquake in a 3rd world country, but at least I'll be legally immune from paying for any that do get through.

Think of it as 976/900-block for SMS.

I forego SMS altogether (0)

Anonymous Coward | more than 2 years ago | (#36722812)

I had AT&T completely disabled SMS on all my accounts; too many dirt bag bottom feeders sending me spams that is costing me money.

Re:Can I subscribe to "no premium SMS"? (1)

Anonymous Coward | more than 2 years ago | (#36723334)

How about if carriers offer a free service which simply blocks "premium" SMS calls altogether?

Sure, I won't be able to donate $10 to the Red Cross the next time there is an earthquake in a 3rd world country, but at least I'll be legally immune from paying for any that do get through.

Think of it as 976/900-block for SMS.

You can opt out for free. Just call customer support, or talk to your local store. When I signed up for Verizon I asked about that and they blocked them right there.

Damn Apple's Walled Garden (0, Flamebait)

H0p313ss (811249) | more than 2 years ago | (#36722866)

This is exactly the kind of innovative feature that the iPhone users of the world will miss out on.

Yeah, I know, flame bait....

Re:Damn Apple's Walled Garden (2)

mac84 (971323) | more than 2 years ago | (#36723322)

The only reason no one writes this malware for iPhones is that nobody uses iPhones. Oh wait....

Re:Damn Apple's Walled Garden (0)

brim4brim (2343300) | more than 2 years ago | (#36723634)

Yeah PDF exploits can't be found for the iOS :P

Re:Damn Apple's Walled Garden (1)

dzfoo (772245) | more than 2 years ago | (#36724814)

Wow, really? The single vulnerability known at the moment, hum... we should run for the hills or install an antivirus!

          -dZ.

Re:Damn Apple's Walled Garden (1)

Microlith (54737) | more than 2 years ago | (#36723582)

I know, we should lock down ALL computers. No software from anywhere except the hardware or OS vendor's approved locations!

This includes other OSes. Those terrible, evil Linux installations... you never know where they've been!

i need security! (-1)

Anonymous Coward | more than 2 years ago | (#36722978)

How can I best utilize HOSTS files to protect me from phone exploits and malware?

Where is APK when you need him?

Most popular = most attacked (1)

frankxcid (884419) | more than 2 years ago | (#36723158)

I was always of the belief that Microsoft desktop was the most attacked because it was the most popular. It's a good contrast to see how Android is affected by its own popularity

Re:Most popular = most attacked (0)

Anonymous Coward | more than 2 years ago | (#36723828)

The popularity has nothing to do with the quality of the code.
If the code is perfect and software is designed well, you dont get malware what use bugs.
If the software has one user it does not matter is the code perfect if the design is so flawed that user can do what ever wants.

I'm on a pay-as-you-go plan (1)

TheGratefulNet (143330) | more than 2 years ago | (#36723300)

and SMS, if abuse, could drain my account!

a year or two ago, I was with t-mobile and their PAYG plan did not have the ability to turn off sms send or receive! my balance went to nothing and I gave up on that carrier. a few years later, I checked back and now, if you call CS, they can turn sms off even if you are monthly and non-contract.

sms is for kids. I'm a middle aged man. I have no need for this childish bullshit. I do email. if you want me, you call or you email me. email is more in my domain that I can control. sms is purely a carrier thing and I want no part of that. (at least until they remove the fee on RECEIVING texts!)

Re:I'm on a pay-as-you-go plan (1)

Archangel Michael (180766) | more than 2 years ago | (#36724788)

Texting is for people who don't have smartphones. Email, Pingchat, Y!, FB, Google+, Google Voice and many many others all use DATA, which costs much less per bit than Texting, especially if you're using WIFI (like I do).

Texting isn't for kids, it is for poor people, which has, as a subset, most kids in it.

BTW, I have a smartphone plan without text messaging included. It can be done, if you ask for it. They charge separately for it, they can remove the charge.

who would download something at market a in china (1)

JonySuede (1908576) | more than 2 years ago | (#36723400)

Those who downloaded some malware from china deserved every charge they got billed against them. Those who are crazy enough to trust the Chinese with software deserve to be hacked. Hopefully we can avoid Chinese software but sadly we can't avoid Chinese hardware....

You know what would be really shocking? (0)

Anonymous Coward | more than 2 years ago | (#36724596)

You know what would be really shocking?

If they found a decent application in the Android market!

Wow. (1)

Chris Mattern (191822) | more than 2 years ago | (#36725262)

in unofficial Android app markets in China.

Just wow. And people are surprised it's a Trojan? Finding a *non*-Trojan app in a place like that, that'd be the trick!

Provider failure (4, Insightful)

Anomalyst (742352) | more than 2 years ago | (#36725714)

This a failure on the part of providers. I dont want a "notification" I dont want it at all. Part of signing up should be the ability to limit
#SMS/day
Block "premium" SMS messages with exception list.
Block calls to foreign countries with an exception list
Block toll (900) calls.
IOW give me back control on how and how much they can shaft me.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...