Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Over 60% of Android Malware Hides In Fake Versions of Popular Apps

Soulskill posted about 2 years ago | from the 60-percent?-that's-almost-80-percent! dept.

Android 111

An anonymous reader writes "Like any popular platform, Android has malware. Google's mobile operating system is relatively new, however, so the problem is still taking form. In fact, it turns out that the larger majority of threats on Android come from a single malware family: Android.FakeInstaller, also known as OpFake, which generates revenue by silently sending expensive text messages in the background. McAfee says that the malware family makes up more than 60 percent of Android samples the company processes."

cancel ×

111 comments

Sorry! There are no comments related to the filter you selected.

McAfee is trying hard to get into this market (5, Insightful)

Terry Pearson (935552) | about 2 years ago | (#41563003)

Meh...

If you are not smart enough to install non-market Android apps, you have no problem.

If you are smart enough to install non-market Android apps, you know what you are getting into.

With great power comes great responsibility. I think these pieces keep surfacing because the Anti-Virus companies desperately need to get into this market. They see it is the future and they want a piece of it.

Re:McAfee is trying hard to get into this market (2)

icebike (68054) | about 2 years ago | (#41563091)

If you are smart enough to install non-market Android apps, you know what you are getting into.
 

Unfortunately, that is not true. If it did require smarts there wouldn't be a problem.

There are far too many people that are duped into downloading from other than trusted sources.
And it doesn't take a rocket scientist to check that box in settings that allows installation from untrusted sources. Most of these dodgy websites explain exactly what to check and uncheck to get their malware to install. Your average 14 year old teenager as well as your mom can make this change with four screen taps, and install the fake (but free) copy of an app in about 12 seconds flat.

As always, buying from the Play Store or Amazon presents minimal risk, they will detect the malicious payload it before you even hear about it. (Yes there have been one or two situations where something snuck thru, but these are rare anomalies).

Its simply greed on the part of handset owners to try to scam a $2.00 app for nothing.

Re:McAfee is trying hard to get into this market (1)

tlhIngan (30335) | about 2 years ago | (#41563535)

Its simply greed on the part of handset owners to try to scam a $2.00 app for nothing.

Well, what you mean is "piracy". It's just people pirating apps, just like they pirate movies, music, software, etc.

And piracy always exists, though the extent of which is debatable. Figures tossed around can easily be 90% on PCs and Androids, while "walled garden" devices like consoles, iOS, and Steam are far lower - 10% or so by other estimates. (Though, given that the Wii and PS3 are completely "open" at this point, how much piracy happens on those consoles is unknown).

It's human nature to do stuff like that, and in many places (e.g., Asia) it's such a casual process that it's practically normal to pirate, rather than pay for apps. Hell, anyone remember the original iPad review from China? "Cannot install pirated apps" was the big negative.

Heck, half the problem is/was the Play store itself. Amazon pretty much only exists in the UK and US (you cannot buy apps from there elsewhere). Play for a long time (back when it was the Marketplace) didn't accept payments from a lot of places. So if you wanted that awesom paid app but didn't live in a place where Play supported you, your only option was to pirate. (Some places like Taiwan are also unable to buy apps, purely because Google, unlike Apple, did not agree to the terms of selling digital goods (I think they wanted a 7 day refund policy)).

Of course, it didn't help that earlier Android APKs aren't really protected from piracy either - you could download the app, copy it off, refund it and copy it back with no issues. Even the initial Google licensing system was somewhat easy to bypass (with apps to do it automatically). Though I think the system in ICS and later is much more robust against easy piracy.

Re:McAfee is trying hard to get into this market (1)

dadelbunts (1727498) | about 2 years ago | (#41565031)

Steam games are pirated all the time. It has nothing to do with being a walled garden it has to do with usability. If the pirated and non-pirated version are the same thing, or roughly the same thing, people will pirate it, as long as its not too hard to. Thats why even people who pirate xbox games usually have 2 xboxes, so they can legally purchase and play online centered games, which while possible to pirate, provide a vastly different experience than their pirated counterparts.

Re:McAfee is trying hard to get into this market (2)

mrbester (200927) | about 2 years ago | (#41563581)

The Amazon App Store app isn't on Play so you have to sideload by checking the box in the first place. I haven't seen anything from Amazon saying you should uncheck it after installation for your own protection.

Re:McAfee is trying hard to get into this market (3, Informative)

farble1670 (803356) | about 2 years ago | (#41563719)

I haven't seen anything from Amazon saying you should uncheck it after installation for your own protection.

that's because if you uncheck it, amazon app store won't be able to install any amazon app store apps. amazon app store is not a privileged app. all of the apps you install via amazon app store are side loaded.

Re:McAfee is trying hard to get into this market (1)

farble1670 (803356) | about 2 years ago | (#41563687)

And it doesn't take a rocket scientist to check that box in settings that allows installation from untrusted sources.

checking the box in android puts up a sufficiently scary warning first. if you aren't going to read that or choose to ignore it, then you'll get what's coming to you. in the same way you will if you enter your root / admin password every time it pops up in windows / mac / linux.

Re:McAfee is trying hard to get into this market (1)

icebike (68054) | about 2 years ago | (#41563803)

checking the box in android puts up a sufficiently scary warning first. if you aren't going to read that or choose to ignore it, then you'll get what's coming to you. in the same way you will if you enter your root / admin password every time it pops up in windows / mac / linux.

Yup, another click thru message that nobody reads, and fewer understand.

The claim was made:

If you are smart enough to install non-market Android apps, you know what you are getting into.

And nothing you've said convinces me that statement is true.

All evidence suggests you don't need to be smart to install non-market apps, and the warning solves nothing.
In fact intelligence is contraindicated for the installation of non-market apps.

Re:McAfee is trying hard to get into this market (1)

cjjjer (530715) | about 2 years ago | (#41563943)

And it doesn't take a rocket scientist to check that box in settings that allows installation from untrusted sources.

So Android is becoming the next Windows with regards to user intelligence?

Re:McAfee is trying hard to get into this market (1)

icebike (68054) | about 2 years ago | (#41564713)

So Android is becoming the next Windows with regards to user intelligence?

Android at least assumes user intelligence, even if it fails to materialize.
Apple just denies the possibility of user intelligence and spoon feeds you. For their customer base, they are probably correct.

Re:McAfee is trying hard to get into this market (1)

CastrTroy (595695) | about 2 years ago | (#41565233)

I think this is why the Apple model will win out in the long run for the vast majority of people. Most people won't take the time to learn about proper security practices. Some people think it will be better in 10 years, once most people have grown up with computers. But even the more savvy computer users I know, who aren't specifically into programming or computer security, are extremely stupid when it comes to computer security. Even many of the developers I know are downright blockheaded sometimes when it comes to security. Kids who grew up on the things aren't any more versed at computer security or even general computer use than people who are 50 or over and have only been using a computer for 5 years. Some people will install anything if it's for free. Which is a very bad thing to do, because if you don't know where it's coming from, you have no idea what kind of malware has been loaded into that tempting free software. This is the main reason I really try to stay away from pirated software, even when I just want to try something out. It's just not worth the risk.

Re:McAfee is trying hard to get into this market (1)

BasilBrush (643681) | about 2 years ago | (#41567283)

I wonder if any developer has released the same IQ testing app on both iOS and Android. It's be very entertaining to see the stats for each platform. I'm sure we all have our own biased perception of which way that would go!

Re:McAfee is trying hard to get into this market (1)

icebike (68054) | about 2 years ago | (#41569785)

The IQ test is performed at the sales counter.

Re:McAfee is trying hard to get into this market (1)

BasilBrush (643681) | about 2 years ago | (#41574971)

Shame they don't apply an IQ test for /. posters.

Re:McAfee is trying hard to get into this market (1)

tooyoung (853621) | about 2 years ago | (#41564115)

If you are smart enough to install non-market Android apps, you know what you are getting into.

Or you are doing it because your technical friends have touted this as a must have feature that clearly makes Android superior to "walled gardens".

Re:McAfee is trying hard to get into this market (1)

Nerdfest (867930) | about 2 years ago | (#41564249)

... or you believe in the statement "those who would trade freedom for security deserve neither".

Re:McAfee is trying hard to get into this market (1)

noh8rz9 (2716595) | about 2 years ago | (#41565619)

Like any popular platform, Android has malware.

except for iOS...

Re:McAfee is trying hard to get into this market (1)

luthfi asrul sani (2746531) | about 2 years ago | (#41566391)

install applications from trusted sources to minimize failures, not only affected by the source that provides a free application but the quality is not good, it would be very unfortunate if the android is broken and all of our data to be lost, a little sacrifice by buying the paid apps I do not think No problem, it would be comparable to the benefits that we will get http://androiddevelopersindonesia.blogspot.com/ [blogspot.com]

Because Google make it awkward (1)

jago25_98 (566531) | about 2 years ago | (#41566631)

Well...
I'm on a boat with no WiFi and no admin to tether via USB. I could plug in an access point and get myself in trouble but I'd rather not. There's a similar problem when travelling in general.

I'd like to be able to go to Google Play, get the .apk, scan it online or using a PC rather than using battery power on the phone itself and transfer it across to my phone. Google make it difficult to do that.
So then we look at alternative app stores but how safe are they?

Then, finally we cave and after finding it off Google use a rapidshare link and hope for the best. Why do we give in? Well, usually it's because we are weak. But what if your phone has crashed and you really need Google Authenticator or to read some vital info encrypted with an app? That's when you realise it's good to read the docs and see just how open and accessible the method of encryption is.

Re:McAfee is trying hard to get into this market (1)

DrXym (126579) | about 2 years ago | (#41566643)

Android needs a trust model. Apps should be assigned to a trust group or level - implicit, trusted, store or untrusted, or one of a user's own making.

Any action by the app which could cost a user money or reveal private data should be tested against the trust. For example, perhaps SMS messages are outright banned for untrusted apps and are put in a quarantine queue, but for Play store apps maybe domestic SMSs are permitted but not international ones and so on. Certain actions like dialling numbers could be controlled in a similar way with popup messages and alerts that app X attempted to dial a nr at 3am. Internet and file access could be subject to quotas and other rules. If a user trusts an app they can change it in their settings.

It would complement the static upfront permissions that Android currently uses and provide an additional level of security that would defang most malware.

if there was no malware (2)

ozduo (2043408) | about 2 years ago | (#41563029)

then there is no need for McAfee and CO. Makes you think!

Re:if there was no malware (1)

Mitreya (579078) | about 2 years ago | (#41563355)

then there is no need for McAfee and CO. Makes you think!

McAfee is that nag-ware that comes pre-installed with all those new computers, right? So what does that have to do with malware?
It does slow down your machine, but you can usually uninstall McAfee without needing any anti-malware tools.

Re:if there was no malware (1)

ozduo (2043408) | about 2 years ago | (#41573459)

Back in the distant past I used McAfee and Norton to lull me into a false sense of security when I used another OS. These days I'm older and wiser.

NOT apps on Play (5, Informative)

oGMo (379) | about 2 years ago | (#41563047)

Top of article:

McAfee says that the malware family makes up more than 60 percent of Android samples the company processes.

End of article:

If you want to significantly reduce your chance of getting malware such as this one, only install apps from the official Google Play store. That being said, malware has snuck into the store before, so it can happen again.

So in essence this article is a nearly-worthless scare piece. Unless you're downloading "pirated" versions of (presumably) commercial apps from a shady source, this article isn't relevant. But then, it's a McAfee article, so surprise.

Re:NOT apps on Play (-1)

Anonymous Coward | about 2 years ago | (#41565273)

Apparently you do not understand the market. A vast majority of Android downloads and users ARE pirating.

Re:NOT apps on Play (1)

tooyoung (853621) | about 2 years ago | (#41566171)

Exactly. As long as you stick to Google's walled garden, you're safe.

Not a problem iOS users have. (-1, Troll)

BasilBrush (643681) | about 2 years ago | (#41563067)

A platform with lots of viruses. How quaint. Android truly is the Windows PC of mobile phones. The answer is a single walled garden.

Re:Not a problem iOS users have. (3, Insightful)

geekoid (135745) | about 2 years ago | (#41563139)

And there is less crime we we force everyone to never go out.
But, you enjoy your shiny toy and take whatever the deem you worthy of having.

Re:Not a problem iOS users have. (0, Troll)

BasilBrush (643681) | about 2 years ago | (#41563359)

There's certainly less crime if you live in a decent neighbourhood, with police who can take action against the occasional wrong-doing.

Android is living in a ghetto.

Re:Not a problem iOS users have. (3, Informative)

ThatsMyNick (2004126) | about 2 years ago | (#41563533)

Rooting an iphone and installing apps from strange sources in Android are both like living in the ghetto. Using an unrooted iPhone is like living in a jail (mmm, I wonder where I got this analogy from.). Using Android and installing apps only from Play Store, Amazon store, and app you write/your friends write, is the real equivalent to living in a decent neighborhood.

Re:Not a problem iOS users have. (2)

Nerdfest (867930) | about 2 years ago | (#41564325)

"The answer is a single walled garden" is the part that amazes me. Walled gardens, or peer reviewed software are good answers, but a single one? I'm utterly amazed that people will voluntarily pay a lot of money to be locked into a single software market on hardware from a single supplier. It very rarely ends in a happy consumer in the long run. Why not allow alternative markets? Make people *want* to use your software market, don't force them to.

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41565577)

Yeah, I feel like I'm living in a jail.... whatever the fuck that's suppose to mean. Not everyone feels the need to fuck with their device. I have the apps I want and the phone works. I know too many retards who've bricked their smartphones or put on some shit OS. I just love the fucktard who was all proud of his modded phone OS while admitting it took him down to about a third of his normal battery life. Fucking G4 generation.

Re:Not a problem iOS users have. (1)

watice (1347709) | about 2 years ago | (#41565715)

Not exactly. Cydia is fairly safe providing you stick to the default repos. I know it's just specifics, but for equality's sake I'd rephrase that as "downloading apps from strange sources on an iphone and downloading apps from strange sources on an android are both like living in the ghetto". Regardless, to iOS users, just having android is ghetto enough ;)

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41566551)

LOL, enjoy paying twice as much for the same thing. Same apps, half the cost -- cause they all know they can fleece you. =)

Pre maybe had it best. Konami code for outside market. LOL

Re:Not a problem iOS users have. (2, Funny)

scot4875 (542869) | about 2 years ago | (#41563631)

Android is living in a ghetto.

Honest question:

Does describing Android this way make you feel better about your iPhone purchase?

--Jeremy

Re:Not a problem iOS users have. (1)

farble1670 (803356) | about 2 years ago | (#41563739)

would you rather have a door with a lock, or a brick wall protecting you from the outside? clear enough?

Re:Not a problem iOS users have. (1)

BasilBrush (643681) | about 2 years ago | (#41567387)

When criminals break in, do they come in through the locked door, or through the wall?

Answer: Almost always they smash down or pick the lock of the door.

Conclusion, the wall is safer than the door.

Re:Not a problem iOS users have. (3, Insightful)

grocer (718489) | about 2 years ago | (#41563149)

Technically, not a problem for Android users who stay in Google's walled garden either. Now, we can debate the merits of walled gardens but the article itself is just trying to gin up business for McAfee and citing running unknown sources as evidence of some malware problem when the issue is the user, not the system, since that is off by default.

Re:Not a problem iOS users have. (2)

BasilBrush (643681) | about 2 years ago | (#41567101)

You can't have it both ways. You can't cite the multiple stores of Android as an advantage, and then say that it's the user's fault they get viruses when they use these multiple stores.

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41567751)

We should replace all sports with nerf guns and hide-and-seek. You can't cite improving body and mind as advantage, and then say it's the sportsman's fault when they fall down a ravine/crash in a car/get hit by a ball.

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41563167)

Apple doesn't really have a walled garden... their app submission guidelines are fairly open and transparent, even if they are more strict and more vetting goes on in comparison to Google Play. (And, yes, I am aware that this was NOT true a few years ago, when Apple's app submission guidelines were unpublished and extremely vague.)

Even Google Play does vetting for security issues. The main difference is that Apple forces you to jailbreak if you want to go to 3rd party app sources, while Android does not.

Re:Not a problem iOS users have. (1)

BadgerRush (2648589) | about 2 years ago | (#41563807)

... their app submission guidelines are fairly open and transparent, ...

That is simply not true. Apple submission guidelines are ambiguous and their official interpretation of it is a secret. Once you are refused you have no way of knowing why or how to fix it. There are plenty of examples in the media of developers who, after having an app rejected, try in vain to get an answer from Apple on why exactly the app was refused. Most of those cases the developer simply loses all hope and abandon the app, losing months of development.

Re:Not a problem iOS users have. (1)

Scowler (667000) | about 2 years ago | (#41564287)

Your comment is false. Apple has clearly stated the vast majority of their app rejections are due to quality issues (bugs, mostly). And their guidelines are published, as GP stated (me, actually, just didn't bother to log in at the time).

Controversial cases, like you suggest, are actually rare and in those cases we almost never publicly receive Apple's POV.

Re:Not a problem iOS users have. (1)

BadgerRush (2648589) | about 2 years ago | (#41564733)

As I said before, their guidelines are published, but their interpretation of the guidelines are not. So that is not an open and transparent process.

It would be the equivalent of a country having public laws, but having all case records and jurisprudence sealed for everyone but the judge and the prosecutor. Then, if you lose in court, they just say “you lost” without giving you details, so you have no base to mount your appeals.

Re:Not a problem iOS users have. (1)

BasilBrush (643681) | about 2 years ago | (#41567435)

It's a store, not a national justice system. How many stores make public their deliberations about what products to stock? The Apple App Store is exceptional in having a published list of reasons for rejection, and an individual reason for rejection given to each developer who's product was rejected.

For sure it's not easy to engage them in an email dialog on the finer points of what's acceptable and what's not on the fringe of the rules. But they are still pretty much the most open and transparent store in the world as regards reasons why they will and will not accept products.*

(* Excluding of course those stores that have no rejection process whatsoever, and will stock anything submitted.)

Re:Not a problem iOS users have. (1)

Goaway (82658) | about 2 years ago | (#41564761)

Once you are refused you have no way of knowing why or how to fix it.

Actually, once you are rejected, usually you get a pretty straightforward explanation of why, and how to fix it. You just don't hear of those. You hear about the tiny fraction where something went wrong.

Re:Not a problem iOS users have. (2)

BasilBrush (643681) | about 2 years ago | (#41567503)

Actually, it's what you are saying that isn't true. It's clear you have never been an iOS developer.

I've had apps rejected 3 times. Once it was a crasher bug that the reviewer spotted that I hadn't. (Mea culpa). Once was a wording issue. And one was a button that in a certain edge case should have been disabled and wasn't.

In each case the problem was spelled out clearly. Clearly I had to stop that crash, disable that button in that certain circumstance, and change the wording. Now of clearly they didn't tell me what wording I had to use - that's my job. They just told me what was wrong with the wording I'd originally used.

Apple App Store has 700,000 apps on it. Most of those apps have had several revisions. Each and every revision of those apps has been through the app review process. The examples you've read stories about are a handful. A process gets it right hundreds of thousands of times more often than it gets it wrong doesn't sound broken. Especially when there's opportunities for resubmission and appeal.

Re:Not a problem iOS users have. (1)

icebike (68054) | about 2 years ago | (#41563169)

A platform with lots of viruses. How quaint. Android truly is the Windows PC of mobile phones. The answer is a single walled garden.

Actually, the answer is reading comprehension.

But, yes, this is slashdot, so nobody reads TFA, and even fewer comprehend.

Re:Not a problem iOS users have. (1)

BasilBrush (643681) | about 2 years ago | (#41563251)

"When a victim requests an application from a fake market"

Guess *you* didn't read it.

Re:Not a problem iOS users have. (1)

jesseck (942036) | about 2 years ago | (#41563227)

The answer is a single walled garden.

Just one iDevice? I expect that someone who feels that a walled garden is the way to go would own at least 3 iDevices.

Re:Not a problem iOS users have. (1)

CanHasDIY (1672858) | about 2 years ago | (#41563241)

A platform with lots of viruses. How quaint. Android truly is the Windows PC of mobile phones.

Well, if by that you mean that Android has a vast majority of the market share (>80%), and thus is a much, much bigger target, then yes.

Remember those "PC vs Mac" commercials from way back when, where the "Mac" guy kept droning on and on about not having viruses? Whatever happened to those? Oh, that's right, OSX finally reached a point where it had a less-than-insignificant market share, so it became worthwhile to write malware for the platform.

The answer is a single walled garden.

If the question is, "What's a really good way to keep funneling your customer's money into your own coffers after they've already purchased your stuff," then yea. Otherwise, I'll have to disagree.

Re:Not a problem iOS users have. (2)

BasilBrush (643681) | about 2 years ago | (#41563309)

Android does not have >80% market share. It's something just over 50%. Windows had more than 95% at it's peak. So no, that wasn't the point of similarity. The point of similarity is it's a Typhoid Mary platform.

iOS isn't prone to malware and it's because of it's walled garden and app sandboxes, not because of marketshare.

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41563349)

Okay, idroid, I'll bite. Android sales are 8.4:1 over iPhones. That's 84 android devices sold for every iPhone. The iPhone has lost and no amount if fudging figures like that to be merely 'over 50%' will hide the fact the iPhone has been relegated to the place of the 1997 macintosh.

Re:Not a problem iOS users have. (1)

jo_ham (604554) | about 2 years ago | (#41563711)

Okay, idroid, I'll bite. Android sales are 8.4:1 over iPhones. That's 84 android devices sold for every iPhone. The iPhone has lost and no amount if fudging figures like that to be merely 'over 50%' will hide the fact the iPhone has been relegated to the place of the 1997 macintosh.

Just curious, what's your source on this, and does it include iPhone 5 sales?

Re:Not a problem iOS users have. (1)

Algae_94 (2017070) | about 2 years ago | (#41564261)

Did you mistype the ratio? 8.4:1 would be 84 android devices for every 10 iPhones.

Re:Not a problem iOS users have. (1)

CanHasDIY (1672858) | about 2 years ago | (#41563819)

Android does not have >80% market share. It's something just over 50%.

Whoop, you're (kinda) right, shoulda RTFA'd my own link:

— Android (Google Inc.) — 104.8 million units, 68.1 percent share (46.9 percent a year earlier)

— iOS (Apple Inc.'s iPhone) — 26.0 million units, 16.9 percent share (18.8 percent a year earlier)

— BlackBerry (Research in Motion Ltd.) — 7.4 million units, 4.8 percent share (11.5 percent a year earlier)

— Symbian (mostly used by Nokia Corp.) — 6.8 million units, 4.4 percent share (16.9 percent a year earlier)

— Windows (Microsoft Corp.) — 5.4 million units, 3.5 percent share (2.3 percent a year earlier)

— Linux — 3.5 million units, 2.3 percent share (3.0 percent a year earlier)

— Others — 0.1 million units, 0.1 percent share (0.5 percent a year earlier)

http://www.huffingtonpost.com/2012/09/18/android-market-share-q3-2012_n_1893292.html [huffingtonpost.com]

Re:Not a problem iOS users have. (1)

BasilBrush (643681) | about 2 years ago | (#41567189)

Hmm... IDC market share stats are improving. As a one time Symbian engineer, I've followed mobile market share for over a decade, and found Canalys to be much more reliable than IDC. But this time the stats are very, very similar.
http://www.canalys.com/newsroom/stellar-growth-sees-china-take-27-global-smart-phone-shipments-powered-domestic-vendors [canalys.com]

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41567469)

You do know that Android *is* Linux right? So why are they in two separate categories? Perhaps the Huff Post should have said "Linux (non-Android)" instead of just "Linux."

Firefox's new smartphone OS is going to use Linux too. MeeGo used Linux. Tizen (successor to MeeGo) is also going to be Linux based. (I think I may hold out and get a Tizen phone -- it looks pretty sweet).

So much for the 'Doze fanbois who say "no one uses Linux." Yeah, it just dominates the server and smartphone/tablet market.

Re:Not a problem iOS users have. (1)

chasm22 (2713399) | about 2 years ago | (#41565397)

IOS 6 users received close to the 197 security patches when/if they upgraded to iOS6( http://www.zdnet.com/apple-provides-197-security-reasons-to-upgrade-to-ios-6-7000004535/ [zdnet.com] ) You and jo_ham and your counterparts anon and anon have nothing to fear. Just keep following your(suspiciously)similar Apple roadmaps. Using your new Apple 3D magic carpet ride mapping app of course. Be confident--you never have to check for security updates. After all, your in your new magical garden. It will magically stop all security vulnerabilities. No need to follow any security news. Apple has done it again. I'm sure they've already patented this magical walled garden approach, because it's such a monumental breakthrough in security it must have just been cooked up in their magical walled kitchen. Of course, they can close that kitchen now because, as you have pointed out, it is 'the' answer to the security problems surrounding mobile products. And I'm sure they won't, for the same reason, need to issue security patches so there's probably going to be a few layoffs in Cupertino--well enough said. You know what I'm talking about. Being right--all_the_time. Updates when updating to iOS 7=0. No need to even check. EVER.

Re:Not a problem iOS users have. (1)

BasilBrush (643681) | about 2 years ago | (#41567159)

Be confident--you never have to check for security updates. After all, your in your new magical garden. It will magically stop all security vulnerabilities. No need to follow any security news.

It's rather amusing that what you meant as sarcasm is actually literally correct. Sysops for enterprise systems need to follow security news and check for security updates. But there is something seriously wrong with a phone platform that would require you do do that. For phones, security improvements should be just rolled up in OS updates, and those should be got on to the users phones in the most trouble free way possible. That's exactly what happens with iOS.

But all that is parallel to the major security protection, which is the single store of vetted apps.

I would never buy a phone that required me to worry about malware. That's one of the reasons I would never buy an Android phone.

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41567449)

The old market share argument again. The same argument the 'doze fanbois have been using for over a decade to explain away MS's crappy security on the desktop.

The truth is any platform that allows users to install whatever, whenever from wherever will have issues with trojans. Linux on the desktop avoids this via a walled garden (package managers) as well as distro diversity (what will work on Ubuntu might not on Fedora, so it's hard to write code to target all distros at once). iOS does the same on smart phones (which is why, like with desktop Linux, malware is almost unheard of).

Windows has never had the concept of a central package authority, thus one of the reasons trojans and malware are such an issue. Android is taking this same approach as Windows -- allowing users to install whatever, whenever from wherever. This is fine for geeks who know what they're doing, but not so good for grandma or your kid sister.

Android's approach is a mistake, but it has little to do with market share and everything to do with the choice not to utilize some sort of walled garden. If Apple took the same approach Android, they would have malware issues on iOS too. Code is code. If you allow suspicious code to execute, it doesn't matter what platform you're on, you could be owned.

In any case, AV software is not the solution -- it is snake oil. The walled garden approach is the best for Joe Average point and clicker. Advanced users should have the option to bypass the garden if they choose, but it shouldn't be obvious or easy.

Re:Not a problem iOS users have. (0)

Anonymous Coward | about 2 years ago | (#41563299)

wow your retarded.. you know this is all caused by users leaving googles walled garden? I feel sorry for you being stuck in yours...

It has been stated before, if your dumb enough to install from unknown untrusted sources, you get what you deserve... its not the devices fault because the user was stupid..

Re:Not a problem iOS users have. (0)

jo_ham (604554) | about 2 years ago | (#41563729)

wow your retarded.. you know this is all caused by users leaving googles walled garden? I feel sorry for you being stuck in yours...

It has been stated before, if your dumb enough to install from unknown untrusted sources, you get what you deserve... its not the devices fault because the user was stupid..

The irony, it burns!

Are there grammar apps in the Google Play store or do you have to sideload them?

some quick googleing (0)

Anonymous Coward | about 2 years ago | (#41563071)

finds libraries of this stuff ready for downlolad with instructions etc....
ive seen it said here so many times ----------> how is this news?

How does an expensive SMS make them money? (2)

Stiletto (12066) | about 2 years ago | (#41563153)

Someone help me with that one. So it tricks users into sending an expensive SMS. So how in the world does that enrich the hackers? I pay my SMS fees to AT&T. Are we saying that AT&T is behind these attacks?

Re:How does an expensive SMS make them money? (0)

Anonymous Coward | about 2 years ago | (#41563233)

Check out "premium rate scams" to see how it works

Re:How does an expensive SMS make them money? (3, Informative)

compro01 (777531) | about 2 years ago | (#41563269)

Premium messaging services. Like those "text "joke" to 55555 for a joke of the day" ads on TV or donate-via-text things. The carrier pays them, and tacks that charge onto your bill.

Re:How does an expensive SMS make them money? (4, Funny)

number11 (129686) | about 2 years ago | (#41563423)

Premium messaging services. Like those "text "joke" to 55555 for a joke of the day" ads on TV or donate-via-text things. The carrier pays them, and tacks that charge onto your bill.

Hmm.. The malware dials a premium number, and the carrier charges you and sends the money to the holder of that premium number. If we could just track down who that is, we could find out just how much ill-gotten gains they've received. If there was just a way to identify them.

Re:How does an expensive SMS make them money? (1)

Matthias Wiesmann (221411) | about 2 years ago | (#41566293)

You would still have to prove that they are responsible for the hack. The fact that their legitimate (if silly) business benefits from some hacked code does not prove they are responsible for the hack.

Or turn the problem around: if one provider of telecom services is ever condemned without any other proof than the fact they benefit from a hack, the bad guy just change their business model to extortion.

Re:How does an expensive SMS make them money? (1)

number11 (129686) | about 2 years ago | (#41570127)

You would still have to prove that they are responsible for the hack. The fact that their legitimate (if silly) business benefits from some hacked code does not prove they are responsible for the hack.

Mebbe. But in the US, much property is seized without any proof of a crime. Google "asset seizure" [duckduckgo.com] . Once that happens, it's "guilty until proven innocent", or sometimes "guilty even if you are proven innocent." Of course it's abuse, but law enforcement agencies do it all the time (for one thing, it's very lucrative for the agencies). Why should this be any different?

Of course, I'm now going to have to go on the run from Google's lawyers, for using the word as a generic verb.

Re:How does an expensive SMS make them money? (1)

BasilBrush (643681) | about 2 years ago | (#41567333)

Typically the number is in a foreign country. The domestic carrier has a duty to pay the foreign carrier, who then pays the fraudster. The domestic carrier has no right to know the identity of the fraudster. The only way to make progress is to deal with the foreign carrier. They might shut down the premium rate number due to complaints, but they'll tend not to because they are making money from it too. There's almost no chance they'll refund you. There's always the possibility of taking legal action in the foreign country against the carrier. But that's going to be expensive, and there's no guarantee you'll win.

Messy, isn't it.

Re:How does an expensive SMS make them money? (0)

Anonymous Coward | about 2 years ago | (#41571025)

Exactly. Phone companies could easily stamp this out but they are making money from fraud so why would they...

Re:How does an expensive SMS make them money? (3, Interesting)

icebike (68054) | about 2 years ago | (#41563319)

The malware sets the phone to use third party SMS gateways
Those gateways deliver the SMS message to the recipient's carrier, and bills that carrier for the service [tutorialspoint.com] . You might be none the wiser, but your carrier is paying for that incoming message via bilateral agreements or "Hubbing [wikipedia.org] ".
 

Re:How does an expensive SMS make them money? (4, Informative)

ThatsMyNick (2004126) | about 2 years ago | (#41563563)

And you can block these too. Call your carrier and ask from them to disable Third Party Billing. I know AT&T and Verizon do it for you, when you ask. No more "premium sms charges", no more "premium sex line charges"

Re:How does an expensive SMS make them money? (1)

Anonymous Coward | about 2 years ago | (#41566059)

Seeing as 99% of consumers Don't use these premium services anyway third party billing should be opt~in, no?

Re:How does an expensive SMS make them money? (1)

tabrisnet (722816) | about 2 years ago | (#41563973)

Think 900 numbers, but for SMS.
Think those "donate to Obama, send a text to XXXXX", or "donate to the Red Cross for Haiti"

What a beat up (1)

Anonymous Coward | about 2 years ago | (#41563163)

You can tell a beat up a mile away when it attacks one thing as the problem when the issue is an attribute shared by many things. The problem here is the stupid app store model. It means you get a core of apps ranked by popularity. It goes out information on which apps to attack. Then it provides a distribution vector for the malware that hides chaff amongst the grain. The problem isn't android, or the stores it uses, or android manufacturers but its the entire app store model. Android or apple or blackberry or Linux, it's a proven problem on all centralized and therefore weak distribution models.

You only have to place the blame on the promoters of such models. I wonder who that would be...

Re:What a beat up (1)

BasilBrush (643681) | about 2 years ago | (#41567353)

Your conclusion doesn't match with reality. There has been virtually no malware for iOS. Yet for Windows, which doesn't use the app store model, viruses have been a perennial problem.

The solution, of course... (2)

NoobixCube (1133473) | about 2 years ago | (#41563219)

The solution, of course, will be to buy Macafee's Android security offerings.

Re:The solution, of course... (1)

thegarbz (1787294) | about 2 years ago | (#41564507)

An excellent product. It works by slowing the system down and draining the battery. A phone that can't be powered on can't rack up premium SMS charges.

Yet another reason SMS should die (4, Insightful)

Anonymous Coward | about 2 years ago | (#41563279)

It's 2012 - most phones can connect to a mail server over 2G, 3G or wifi.

Why are we still messing around with a 140-character hack that belongs in the 1990s and which requires the recipient to be using a phone?

Just send an e-mail.

Re:Yet another reason SMS should die (2)

ThatsMyNick (2004126) | about 2 years ago | (#41563575)

Because email is pull based and sms is push based.

Re:Yet another reason SMS should die (2)

farble1670 (803356) | about 2 years ago | (#41563851)

email and IM are pushed based as well. it's push based at a higher level in the software stack but the end user doesn't care. well, they care because the email is free and the text is not (often, in the US).

Re:Yet another reason SMS should die (0)

Anonymous Coward | about 2 years ago | (#41565119)

Because I know the other party's cell phone number but I don't know their e-mail address. If they even have one! And what's with the e-mail? Some unsecured hack that belongs in the 2000s! Nowadays I should probably be sending them an instant message over Facebook or GTalk or something. (They're both Jabber/XMPP under the hood anyway, right?)

Re:Yet another reason SMS should die (1)

tokul (682258) | about 2 years ago | (#41568001)

It's 2012 - most phones can connect to a mail server over 2G, 3G or wifi.

It is 2012 - landline phones don't know what 2G or wifi is.

Legitimate app store is much better? (2)

Anonymous Coward | about 2 years ago | (#41563325)

Some of the legitimate apps at the legitimate app store have messed up policies as well:

Mass Effect Infiltrator: needs to be able to change network connectivity, modify system settings, read phone status and ID and be able to read my contacts. Why?

Order & Chaos online: needs to be able to edit text msgs, read txt msgs, receive txt msgs, change network connectivity incl connecting+disconnecting from wi-fi, disable my screen lock, send SMS messages, read phone status and ID, and run at startup. Why?

I skipped buying either of these even when they were priced at $0.25 because of the bizarre permission policies.

Re:Legitimate app store is much better? (1)

BadgerRush (2648589) | about 2 years ago | (#41563929)

I wish google would stand its ground on this issue and deny those apps with messed up policies until the developers fix that. If it is not required for the core functionality of the application then it should be blocked at OS level.

Re:Legitimate app store is much better? (1)

Anonymous Coward | about 2 years ago | (#41565145)

Google does not have a human review the apps before they go on the store. There are pluses and minuses to this.

The application will tell you if it wants various policies, and you need to determine if you want to install the application based on that. It requires a degree of personal responsibility on your part, of course.

watch all the Itards (0)

Anonymous Coward | about 2 years ago | (#41563347)

get all puffed up over this one

Plah Plah (1)

Anonymous Coward | about 2 years ago | (#41563385)

[quote]"Like any popular platform, Android has malware. Google's mobile operating system is relatively new, however, so the problem is still taking form. [/quote]

Code user base size doesn't have any effect for amount of malware in software, because the amount of malware is about code quality.
If you have perfect code, you can not write anykind malware code against it.

Now in Android case, what by the way isn't operating system but a software system what uses the Linux operating system, the problem is on trojans, what works exactly like every application is allowed to work, by the user.

The problem is like with kitchen knive, most used "weapon" in murders in most countries because it is accessible. Still, it doesn't matter is it a kitchen knife or butchers knife, because those who want to stab someone, they will find a knive.
Kitchen knive isn't used in kills because it is best or easiest to use kill someone. It is only used because someone abuses other person rights to be safe and other abuse its rights to kill the offensive person. The knife doesn't have anything to do with it, but the people have.

Wrong people, wrong reasons and problem exist.

If you have a Android application what gets permission from user to make a calls, send SMS and record virtual keyboard and full internet access, it is just stupid to allow such application to be installed and run its program in first place.

It is like invating someone to your home, gather all stuff what you have in your home and take them away. And then when they do so, you call police and you say they are thiefs.
Which one was stupid one, the house owner or the honest thief?

Most (nearly all) Android malware abuses person rights, by tricking them with fancy things so people would install their product without watching what permissions app asks.
Very few actually cracks Android security and those are the real problems.

I wish that Open Handset Alliance would improve Android by the way that none of the applications can not read anything from contact list unless user especially gives permission for specific contacts by typing personal code.
And none of the phone calls or SMS can be sent to any other number than what contact list has. So if wanted to make quick calls for taxi, user itself needs to include that number to contact list, give application permission to read that contact information and then give permission to call/sms for that number. And even give permission of amount per month.

So the "walled garden" is OK then (1)

Anonymous Coward | about 2 years ago | (#41563471)

Google will clamp down on app approval and everyone on Slashdot will cheer Google as the savior, yet these same people will hypocritically bash Apple for taking the correct approach all along.

Re:So the "walled garden" is OK then (1)

ThatsMyNick (2004126) | about 2 years ago | (#41563753)

No, it will not cheer. Nice strawmen you got there. If you are talking about apple fans and them cheering when Jobs (hypothetical Jobs) decides to open up Apple market, I would agree, but not about Android Fanbois (not because I dont like apple or I like Android, but just based on the past responses of both Fanbois)

Re:So the "walled garden" is OK then (1)

farble1670 (803356) | about 2 years ago | (#41563887)

RTFA? this, and every other android malware report is with apps "side-loaded", which means installed from non-google play sources.

Re:So the "walled garden" is OK then (0)

Anonymous Coward | about 2 years ago | (#41565183)

Google doesn't do app approval. You're obviously confused.

Headline is FUD (0)

Anonymous Coward | about 2 years ago | (#41564353)

60% of the malware they find is from a certain malware family and it steals your money. That statistic is 100% pure FUD and useless for anything. They specifically choose to include that tidbit and put it in the headline to get the 60% number out there. 60% sounds big, it catches your eye. Why didn't they put out numbers that shows how many apps they "scanned" and how many are actually infected. My guess is the number is VERY small and it would not make headlines. That would be a useful number that people could use to assess if they need to use an antivirus tool or not. Mcafee marketing ain't that stupid, if the number of actual malware out there was high, they sure as hell would be letting you know about it.

what a headline! (1)

slashmydots (2189826) | about 2 years ago | (#41564557)

People who are stupid and cheap catch the majority of malware?! WHAT?! That's a new concept in the technology world apparently, lol.

Its partly Google's fault (1)

Anonymous Coward | about 2 years ago | (#41566279)

Many of the applications I need are labeled as "not available in your country"! or falsely labeled "incompatible with your phone".

The only solution is to find a copy from elsewhere on the internet, some of which are bundled with malaware. I am not talking about pirated apps. I am talking about free apps. Many paid apps are also not available but their free counterpart is.

Opensource my ass. Android is the swiss cheese of security and not much different from the old Windows OS in that sense. Add to that that moronic reigon/country based market and you have a haven for malaware developers.

Thoughts of an Android developer (2)

nomad-9 (1423689) | about 2 years ago | (#41567203)

If the majority of people catching malware are cheap bums who wanted pirated versions and end up paying much more in background messaging, , then it's all good, as far as I'm concerned.

Some say they first try the pirated versions for any problems before buying the real ones... Here's the thing:

- most Android apps don't cost more than a cup of coffee. Pretty cheap, considering the long hours of work needed to get some type of decent software on that platform.

- at Google Play, you can try an app for 15 minutes before getting an automatic cancel of your order.
http://support.google.com/googleplay/bin/answer.py?hl=en&answer=134336 [google.com]

15 minutes is plenty of time to check if everything works as intended on your particular phone. If you discover a bug later on, you can always contact the developers who will be more than happy to make their app better on the next version.

I can't feel sorry for cheaters who get malware . Piracy is one reason (among others) why most Android developers can't make a living selling apps. It's already hard enough when you're not a big company and can't afford the advertising, and find your app on page # 120 on app search...

Your phone company is complicit (0)

Anonymous Coward | about 2 years ago | (#41570989)

The phone company knows who they are paying this fraudulent payment to. If they get more than a few customers saying "I was the victim of a scam" then they should block SMS access to that company. We of course know why they won't, but they are complicit in participating in fraud.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>