Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google May Soon Scan Your Android Apps For Malware

Soulskill posted about 2 years ago | from the because-you're-clearly-not-capable dept.

Google 124

An anonymous reader writes "Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update, as well as the company's recent acquisition of VirusTotal seem to hint that yes, Google is looking into it. 'Google yesterday started rolling out an update to its Google Play Store app: version 3.8.17 from August was bumped to version 3.9.16 in October. Android Police got its hands on the APK and posted an extensive tear down. The first change noted was the addition of new security-related artwork (exclamation icons and security shields) as well as the following strings: App Check 'Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security.''"

cancel ×

124 comments

Sorry! There are no comments related to the filter you selected.

Already installed Sophos on my phone (1)

Jerry Smith (806480) | about 2 years ago | (#41644535)

Good enough for the time being: I know my responsibilities as end-user.

Re:Already installed Sophos on my phone (4, Interesting)

VMaN (164134) | about 2 years ago | (#41644749)

I'm a bit confused as to how these non google security apps are supposed to police your phone when they aren't running with escalated privileges...

Re:Already installed Sophos on my phone (0)

Anonymous Coward | about 2 years ago | (#41644843)

I know my responsibilities as end-user.

Hmm... odd. I want to see this mythical Android virus. Also, if you were a responsible end-user you'd be as pissed off as your OS-provider (presumably Microsoft) apparently has shirked its responsibilities, and laid them upon your processing cycles.

You'll run into it (1)

Anonymous Coward | about 2 years ago | (#41645039)

Hmm... odd. I want to see this mythical Android virus.

Don't worry, sooner or later you'll bump into one [yahoo.com] .

Re:You'll run into it (0)

Anonymous Coward | about 2 years ago | (#41646845)

Very very unlikely.

You have to be within 10cm, and at the event, the exploit code needed to be triggered more than 180 times before it actually worked.

Re:You'll run into it (0)

Anonymous Coward | about 2 years ago | (#41647527)

One hundred and eighty times?!

Man, it's a good thing hackers don't have access to computing devices capable of doing repetative tasks hundreds of times a second.

Re:You'll run into it (0)

Anonymous Coward | about 2 years ago | (#41647781)

True.

And it's a good thing Slashdot posers have access to computing devices capable of spell-checking "repetitive" hundreds of times a second. Oh, wait...

Just because you have access to something doesn't mean you're effective at using it.

Re:Already installed Sophos on my phone (2)

poetmatt (793785) | about 2 years ago | (#41645163)

sophos isn't a security app. it's something you install that you believe provides security. that's actually different.

However, if you aren't installing from 3rd party app stores chances are low that there's anything of risk.

Re:Already installed Sophos on my phone (1)

fluffy99 (870997) | about 2 years ago | (#41646025)

sophos isn't a security app. it's something you install that you believe provides security. that's actually different.

However, if you aren't installing from 3rd party app stores chances are low that there's anything of risk.

Except that malicious or sneaky apps have been found in the regular Google Market. Some app manufacturers are even being sued for collecting and selling your contact data (http://www.veracode.com/blog/2011/04/mobile-apps-invading-your-privacy/ as an example). Most of these are just invading your privacy in the background and not doing overt malicious things. Much of the problem stems from apps asking (and secretly using) permissions they don't need. For example does a game really need access to your contacts or to know what phone number you just dialed?

I'm glad that Google is taking a more proactive response, instead of simply showing a list of permissions to the user who given the all-or-nothing choice usually just hit accept.

Re:Already installed Sophos on my phone (-1, Troll)

BasilBrush (643681) | about 2 years ago | (#41645749)

Last time I used a virus scanner: 10 years ago when I abandoned Windows for OSX.

Android is the Windows of mobile phones. More so than Windows Phone is!

Re:Already installed Sophos on my phone (1)

cbiltcliffe (186293) | about 2 years ago | (#41645805)

Last time I ran antivirus was 10 years ago, too, and I still run Windows.
Take your egotistical smugness and stick it where the sun doesn't shine. There's malware for every OS, including OS X. Are the OS X malware samples trojans that are installed by user choice? Sure. Exactly the same as Android.

Re:Already installed Sophos on my phone (1)

RocketRabbit (830691) | about 2 years ago | (#41645905)

There is no real malware in the wild on OS X. Every year or two a proof-of-concept trojan gets trotted out as proof that OS X is insecure, or somebody brings up the PWN2OWN competitions, but by and large there is very little to worry about security-wise on OS X.

On Windows, though, you're totally fucked by malware at every opportunity. The only way to avoid it is to unplug the internet.

Re:Already installed Sophos on my phone (0)

Anonymous Coward | about 2 years ago | (#41646055)

There is no real malware in the wild on OS X. Every year or two a proof-of-concept trojan gets trotted out as proof that OS X is insecure, or somebody brings up the PWN2OWN competitions, but by and large there is very little to worry about security-wise on OS X.

On Windows, though, you're totally fucked by malware at every opportunity. The only way to avoid it is to unplug the internet.

Unless of course you count the flashback virus which infected 8% of all OSX computers this summer. Sure Windows is targeted far more, but it's really naive to think OSX is immune to viruses or trojans.

Re:Already installed Sophos on my phone (1)

RocketRabbit (830691) | about 2 years ago | (#41646209)

I heard that it infected 8 computers, not 8% of the Macs out there.

Besodes, nobody thinks the Macs are immune to viruses - merely that there aren't any worth talking about.

Re:Already installed Sophos on my phone (0)

Anonymous Coward | about 2 years ago | (#41646307)

8 Macs is 8% of all Macs.

Re:Already installed Sophos on my phone (1)

toriver (11308) | about 2 years ago | (#41647681)

I think you vastly underestimate their sales figures.

Re:Already installed Sophos on my phone (1)

tuppe666 (904118) | about 2 years ago | (#41645995)

Last time I used a virus scanner: 10 years ago when I abandoned Windows for OSX.

Android is the Windows of mobile phones. More so than Windows Phone is!

No Android is the Android of mobile phones, and seems to be proactive in keeping the platform clean. First we had Bouncer and now this. I suspect Apple is not so studious with its liberated phones. Apple has had virus on those since 2009 I notice.

Re:Already installed Sophos on my phone (1)

tepples (727027) | about 2 years ago | (#41646101)

BasilBrush will probably say that Google isn't being proactive enough as long as it lets apps onto Google Play Store that haven't been vetted by a person.

Re:Already installed Sophos on my phone (0)

Anonymous Coward | about 2 years ago | (#41646785)

BasilBrush is also an idiotic Apple shill.

Re:Already installed Sophos on my phone (1)

JackAxe (689361) | about 2 years ago | (#41646393)

Last time I had a virus, it was back in 1998 on my Beige G3 Mac tower running System 8. It was the sparkle virus that took advantage of Quicktime's newly added auto-run feature. I got it from the work computers.

I've not had a virus since then on my Macs, PCs, nor any of my Android phones or tablets. The same goes for my wife. It's called common sense when it comes to computing.

As far as Android being Windows... It is in the sense of being open, very flexible, and offering some of niceties that a desktop OS has over a locked down consumption portal.

Popularity always brings on malicious attacks for any platform, it's why OS X has had more trojans in recent time. It's why Apple no longer advertises OS X as being a haven against viruses. Now days, most platforms are about the same when it comes to security, it's the user that's the risk.

Slow? (1)

SuperMooCow (2739821) | about 2 years ago | (#41644585)

Does this mean that Android phones are now going to be slower?

Re:Slow? (1)

metalmaster (1005171) | about 2 years ago | (#41644693)

I'd imagine this will work like a few of the download managers that scan files before executing them.

Re:Slow? (1)

BasilBrush (643681) | about 2 years ago | (#41645781)

Doubt it. Google Play can scan the apps at the server end. And this string suggests it's looking for bad behaviour when the app runs:

"App Check 'Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security.''"

Re:Slow? (1)

Anonymous Coward | about 2 years ago | (#41644855)

It wouldn't be slower if they built it with VISUAL STUDIO (tm)

Re:Slow? (1)

SuperMooCow (2739821) | about 2 years ago | (#41645875)

Or with GAMEMAKER!

Sorry, I couldn't resist!

iphone (-1)

Anonymous Coward | about 2 years ago | (#41644697)

this exactly why iphone

Re:iphone (1)

Aryden (1872756) | about 2 years ago | (#41644737)

Why? Attempting to make your shit safer is a bad thing?

Re:iphone (0)

Anonymous Coward | about 2 years ago | (#41644783)

No not all, allowing shit to happen in the first place is a bad thing. Prevention is better than cure.

Re:iphone (0)

Anonymous Coward | about 2 years ago | (#41644847)

No not all, allowing shit to happen in the first place is a bad thing. Prevention is better than cure.

And how the fuck does the act of being an iPhone do THAT?

Lame fanboi is lame.

Re:iphone (0)

Anonymous Coward | about 2 years ago | (#41644879)

Trusted software from a known source. Bit like a Linux distro ;)

Re:iphone (1)

Nerdfest (867930) | about 2 years ago | (#41644947)

The model Android uses is the same as Linux. You can use a trusted respository (of your choice), or install things manually. The only question is the level of trust and how deeply apps in the repositories are reviewed. It's a great model and gives you choice. I do think Google or someone else should provide a more carefully reviewed repository, but that can still happen. Even with that, and with the completely locked down iOS model though, things will sneak through. Exploits will be found through the browser, etc.

Except that the trusted rep is the source .... (0)

Anonymous Coward | about 2 years ago | (#41645065)

... of most of the malware in the wild.

Even today, after years of knowing about the problem, they still have a 20% infection in the OFFICIAL distribution channel.

Re:Except that the trusted rep is the source .... (3, Informative)

Nerdfest (867930) | about 2 years ago | (#41645107)

No, it's not. The vast majority of malware for Android (of which there's really not that much) is from alternative Chinese markets that carry copies apps.

Re:Except that the trusted rep is the source .... (0)

Anonymous Coward | about 2 years ago | (#41645885)

Keep telling yourself that.

In the meantime, install the Google Security Essentials app.

Re:Except that the trusted rep is the source .... (1)

Beardo the Bearded (321478) | about 2 years ago | (#41646047)

That's why I used a counterfeit card to buy my phone and gave it a fake name.

Re:Except that the trusted rep is the source .... (0)

Anonymous Coward | about 2 years ago | (#41646075)

Citation needed.

Re:iphone (1)

Anonymous Coward | about 2 years ago | (#41645171)

Bingo. The weakness is that an app maker can make a new program, tack a bunch of fake reviews to get 1000+ five stars, then push a malicious app out. Most users don't really pay attention to what an app is asking for permission-wise.

I really wish Google would split their store into two tiers, where there is the existing Google Play setup, as well as a setup that adheres to a rigid set of rules. If a developer does not want to play with the guidelines, don't have to, the app just won't be in the vetted tier.

The reason iOS has been so clean [1] historically is that Apple has a set of guidelines, the guidelines are for Apple's benefit, and they are enforced brutally with no appeals given. By being the active gatekeeper and removing stuff before it even hits the store, it keeps the bad stuff out of the ecosystem.

[1]: I don't know of any happenings of iOS malware in the world. Running 100% secure going on 5 years is quite an accomplishment.

Amazon Appstore (1)

tepples (727027) | about 2 years ago | (#41646123)

I really wish Google would split their store into two tiers, where there is the existing Google Play setup, as well as a setup that adheres to a rigid set of rules. If a developer does not want to play with the guidelines, don't have to, the app just won't be in the vetted tier.

I was under the impression that Amazon had created its own more vetted tier in the Amazon Appstore.

Re:iphone (1)

R3d M3rcury (871886) | about 2 years ago | (#41646035)

The question is: Can [forbes.com] you [techrepublic.com] trust [mobility.com.ng] the source [readwriteweb.com] ?

Percentage (1)

tepples (727027) | about 2 years ago | (#41646131)

The argument of BasilBrush and other fans of forced curation, as I understand it, is that the percentage of not-yet-detected malware is far higher in Google Play Store than in the iOS App Store.

PPAs Ubuntu (1)

tepples (727027) | about 2 years ago | (#41646139)

Prevention is better than cure.

And how the fuck does the act of being an iPhone do THAT?

Trusted software from a known source. Bit like a Linux distro ;)

Ubuntu makes it easy for end users to install third-party repositories called Personal Package Archives [launchpad.net] . I've been told that sufficiently large companies can run the equivalent of a PPA for iOS, but only by paying Apple a recurring fee for an enterprise developer license, and then only for access by the company's employees.

Re:iphone (1)

milkmage (795746) | about 2 years ago | (#41645917)

apps are vetted before they hit the store.. has nothing to do with the hardware.

Re:iphone (1)

TrancePhreak (576593) | about 2 years ago | (#41644851)

That's why Apple let all those apps upload your contact info to the internet.

Re:iphone (0)

Anonymous Coward | about 2 years ago | (#41644915)

Wah. All those apps? There were a couple and they closed it off. Enjoy your cheap copy Android phone and its malware.

Re:iphone (1)

Admiral Valdemar (2553412) | about 2 years ago | (#41645061)

Right. Which wasn't a) an endemic problem as with Android, b) an issue any more thanks to the privacy measures now in iOS. And I still don't need to run anti-virus on my mobile.

Re:iphone (-1)

Anonymous Coward | about 2 years ago | (#41645625)

Who left the door open and let Romney's sheep in?

Re:iphone (0)

Anonymous Coward | about 2 years ago | (#41645909)

Google?

samsung or dambfunk (2, Insightful)

epSos-de (2741969) | about 2 years ago | (#41644775)

AM I the only one who just wants to communicate without all the trouble. Smart phones brought us the troubles of having too much.

Re:samsung or dambfunk (0)

Admiral Valdemar (2553412) | about 2 years ago | (#41644819)

Funny. I don't think my BlackBerry, iOS and WinPhone friends have to worry about what anti-virus suite they have on their damn mobile. I guess this is where the "I'm adult enough to look after my own security" argument comes in. Well, here's your chance to tell Google that.

Re:samsung or dambfunk (0)

Anonymous Coward | about 2 years ago | (#41645093)

That's not true. If you downloaded from 3rd parties on say the BB, you could very well get something you didn't want. It can happen with any of the Mobile OSes

Re:samsung or dambfunk (0)

Anonymous Coward | about 2 years ago | (#41645935)

Keep telling yourself that.

In the meantime, install the Google Security Essentials app. An Android exclusive!

Re:samsung or dambfunk (0)

Anonymous Coward | about 2 years ago | (#41645001)

IKR. Give me a phone that's only a phone! I dont want no stinking TXT messages!

Re:samsung or dambfunk (1)

thegarbz (1787294) | about 2 years ago | (#41645105)

Communicate? I agree. Though I am happy now to not carry dumbphone, PDA, MP3 player, GPS and camera all in my pants.

I used to wear big baggy pants to hold my tech in. Now it's skinny jeans, hipster glasses, and a shiny glass one does it all device.

Play MP3s on your PDA (1)

tepples (727027) | about 2 years ago | (#41646159)

I am happy now to not carry dumbphone, PDA, MP3 player, GPS and camera all in my pants.

Since when did PDA and MP3 player need to be separate? When smartphones allegedly took over from PDAs, PDAs had already gained multimedia playback. For example, the Archos 43 Internet Tablet, an Android-powered PDA, could play music and video and had a basic camera. Samsung would later introduce its own PDA, the Galaxy Player, that also included a GPS. So someone trying to save money on his cell phone bill need carry only two devices: a dumbphone and a PDA that doubles as a digital audio player, GPS, and camera.

Re:Play MP3s on your PDA (1)

thegarbz (1787294) | about 2 years ago | (#41647811)

How is that saving money? You end up with a PDA with no connectivity unless you get a dataplan anyway. If you can afford a PDA with all those features you can afford a smartphone. Take that smart phone and put it on a cheap prepaid plan with very little data and you will break even and have one less device in your pocket.

As for the premise of a PDA and MP3 player needing to be separate, why should the phone need to be?

"Malware" (0)

Anonymous Coward | about 2 years ago | (#41644939)

Riiiiiiiiight...

Re:"Malware" (0)

Anonymous Coward | about 2 years ago | (#41645059)

Google seem to be taking it seriously. Perhaps the problem really exists. Why would they bother to shut the door after the horse has bolted otherwise ?

Sandbox? (0)

Anonymous Coward | about 2 years ago | (#41644941)

Why not just run them in a sandbox? They're already in a VM (the JVM) and only get to OS things via API calls. What's the problem here that I'm not getting?

Re:Sandbox? (0)

Anonymous Coward | about 2 years ago | (#41645505)

they do run in a sandbox and permissions have to explicitly be asked for. the problem is that people download from other sources which may take existing apps that people trusth with permissions and inject them with trojans

Nobody Seems To Notice and Nobody Seems To Care (-1)

Anonymous Coward | about 2 years ago | (#41645075)

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computerâ(TM)s files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, donâ(TM)t you?

Iâ(TM)m now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individualâ(TM)s products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or âdeleted/junk postsâ(TM) forum section, someone or a team of individuals will mock you in various forms âtin foil hatâ(TM), âconspiracy nutâ(TM), and my favorite, âwhere is the proof of these infections?â(TM) One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed youâ(TM)re using the proprietary Microsoft Windows OS. Now, letâ(TM)s move on to Linux.

The rootkit scanners for Linux are few and poor. If youâ(TM)re lucky, youâ(TM)ll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they donâ(TM)t call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and Iâ(TM)ve been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Donâ(TM)t let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. Iâ(TM)m convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the âcuriousâ(TM) malware Iâ(TM)ve come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are âon the takeâ(TM), compromised themselves, and/or working for a government entity.

Search enough, and youâ(TM)ll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some âstrange infectionâ(TM). These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the âstrange infectionâ(TM) posts are left to age and end up in a lost pile of old threads.

If youâ(TM)re persistent, the usual challenge is to, âoeprove it or STFUâ and if the thread is not attacked or locked/shuffled and youâ(TM)re lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyoneâ(TM)s BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, âoethe only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranetâ but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, itâ(TM)s not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what youâ(TM)re doing, and even then⦠you wonâ(TM)t notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, âoethatâ(TM)s just Windows!â and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, Iâ(TM)ve observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesnâ(TM)t exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for Chinaâ(TM)s people. For other, freer countries, however, the concentration camps exist but you wouldnâ(TM)t notice them, they originate from media, mostly your TV, and you donâ(TM)t even know it. As George Carlin railed about âoeOur Ownersâ, âoenobody seems to notice and nobody seems to careâ.

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it wonâ(TM)t be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe weâ(TM)re mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and âoenobody seems to notice and nobody seems to careâ.

Re:Nobody Seems To Notice and Nobody Seems To Care (0)

causality (777677) | about 2 years ago | (#41646531)

This was an entertaining post and an amusing break from all of the argument about Google vs. Apple.

It should be +5 Funny. If that isn't what the author intended, tell him that's tough titty: it should still be +5 Funny.

Re:Nobody Seems To Notice and Nobody Seems To Care (0)

Anonymous Coward | about 2 years ago | (#41648411)

This was an entertaining post and an amusing break from all of the argument about Google vs. Apple.

Those of us who've seen the exact same post 50+ times already do not agree.

Don't scan my phone, scan your store. (3, Insightful)

cimmerian (59932) | about 2 years ago | (#41645103)

Instead of scanning the apps that I choose to install on my phone, why not just scan the apps they allow on their Play Store? Then, if people choose to install applications outside of the store, it'll be at their own risk. Also, scanning the app ONCE on their store makes more sense than redundantly scanning it millions of times on each users phone.

Re:Don't scan my phone, scan your store. (0)

Anonymous Coward | about 2 years ago | (#41645137)

Then the app only needs to behave well during the approval process and can activate any naughty features later. The same flaw the apple store has.

Re:Don't scan my phone, scan your store. (1)

ThatsMyNick (2004126) | about 2 years ago | (#41645141)

What makes you think they dont already do that? They would be pretty stupid not to do that.

Re:Don't scan my phone, scan your store. (1)

monkeyhybrid (1677192) | about 2 years ago | (#41645199)

They already do that. Bouncer [blogspot.co.uk] scans all apps in the Google Play store for malicious software for known malware, spyware and trojans and also for behavior that may indicate an application is up to no good. It supposedly led to a 40% decrease in malware within the first few months of them running it.

I presume the scanner they are integrating within the Play store client app is aimed at doing the same but with the benefit of also checking apps downloaded from other markets and sources.

Re:Don't scan my phone, scan your store. (1)

Nerdfest (867930) | about 2 years ago | (#41645483)

Scanning your phone would help out everyone using the OS, including people using other stores like Amazon's, or installing apps directly.

Re:Don't scan my phone, scan your store. (1)

fluffy99 (870997) | about 2 years ago | (#41646105)

They already do that. Bouncer [blogspot.co.uk] scans all apps in the Google Play store for malicious software for known malware, spyware and trojans and also for behavior that may indicate an application is up to no good. It supposedly led to a 40% decrease in malware within the first few months of them running it.

I presume the scanner they are integrating within the Play store client app is aimed at doing the same but with the benefit of also checking apps downloaded from other markets and sources.

Exactly. It's been shown that the majority of malicious apps are loaded from outside of the Google store, so this is an attempt to protect users who are using other sources. Google is taking a reputation hit, even though they aren't serving up the malicious apps.

Bouncer is more like traditional antivirus, looking for specific known signatures and looking harder at apps that are requesting unusually high privileges. Most windows antivirus software has the ability to monitor and report suspicious activity to the antivirus vendor (eg an app writing to the bootsector or altering specific files). Doing something similar with Android on the devices themselves would let Google watch the statistics to see which apps are doing things that look suspicious and investigate them further.

Re:Don't scan my phone, scan your store. (1)

alen (225700) | about 2 years ago | (#41645571)

But then the phones won't need more ram than a server and quad core cpu's and the techtards won't be able to cream their pants dreaming of specs

it looks like this person.... (0)

Anonymous Coward | about 2 years ago | (#41645239)

ran the apk. file against something like
  # strings -n 3 | less

Good move. (2)

csumpi (2258986) | about 2 years ago | (#41645245)

I think this is a good move. Instead of locking everyone into a single store, google can keep users free and safe.

If only microsoft would've done the same two decades ago.

Re:Good move. (2)

Nerdfest (867930) | about 2 years ago | (#41645509)

It wouldn't have helped. The 'scanning' model is reactive most the most part, and you need to discover the malware before you can scan for it. Microsoft's biggest problem was no interest in security and a bad security model. Google's problem is that people don't read the permissions they're giving to the apps they install. (It's not Google's fault as such, but it is their problem).

Re:Good move. (1)

Dog-Cow (21281) | about 2 years ago | (#41645947)

NT's security model is excellent. It just took MS a while to start enforcing its usage.

Re:Good move. (1)

JDG1980 (2438906) | about 2 years ago | (#41647509)

NT's security model is excellent. It just took MS a while to start enforcing its usage.

The NT security model is competitive with the Unix security model. But both of these models are out of date. Their fundamental flaw is that the program inherits the user's permission. That may have made sense in the 1970s on Unix when programs were a lot simpler, users were all reasonably experienced, and there was no such thing as downloading an .exe from the Internet. But it makes no sense now.

UAC has been successful in weeding out the worst excesses of programs requiring admin access when they really don't need it. It has made Windows systems safer. But there are still plenty of things a malicious application can do with only user-level access: spam, DDoS, steal or delete personal information, and so forth.

The Android security model is much better because it enforces permissions on the application level, rather than the user level. An application has to tell the OS what specific permissions it needs, and the OS won't let it do anything that isn't in the list. This at least opens the possibility that an alert user might notice malware asking for rights that it shouldn't need to have to fulfill its ostensible purpose.

Re:Good move. (1)

Legion303 (97901) | about 2 years ago | (#41648081)

"This at least opens the possibility that an alert user might notice malware asking for rights that it shouldn't need to have to fulfill its ostensible purpose."

Like Angry Birds needing location info, for instance.

Re:Good move. (1)

marcello_dl (667940) | about 2 years ago | (#41648163)

IMHO the android model of "give the requested privileges up or the app won't install" is far from ideal (from the POV of the user).

I should be able to download an app, run it in a unionfs- aufs- chroot with default or bogus values for contacts, email, and so on.
App developers are running the app on MY cellphone, so ME and not you, nor Google, decide what data you should be allowed to extract.

If only smartphones were not marketed to spy on the buyer instead of working for him :)

Re:Good move. (0)

Anonymous Coward | about 2 years ago | (#41648943)

chroot was never intended to be a security mechanism, even though it can be misused for that purpose. There are a comically large number of ways of breaking out of a chroot, and preventing all the known methods requires patching the hell out of your kernel [grsecurity.net] which will probably have the side effect of breaking various programs.

Re:Good move. (0)

BasilBrush (643681) | about 2 years ago | (#41645725)

Subtle. Very subtle. For those who don't remember, MS-DOS v6.0 shipped with Microsoft AV 20 years ago. Clearly it didn't keep people safe from viruses.

I've often said Android is the Windows of the phone world. Maybe it's worse...

Re:Good move. (1)

tuppe666 (904118) | about 2 years ago | (#41645971)

Subtle. Very subtle. For those who don't remember, MS-DOS v6.0 shipped with Microsoft AV 20 years ago. Clearly it didn't keep people safe from viruses.

I've often said Android is the Windows of the phone world. Maybe it's worse...

Hi Apple user :) You are aware that this is simply an extra layer of protection. Does your precious apple offer this functionality especially for those people who have chosen to bypass Apples overreaching limitations.

Re:Good move. (0)

Anonymous Coward | about 2 years ago | (#41648445)

I've often said Android is the Windows of the phone world.

In the sense that it allows to run the applications *you* choose rather than having that choice made for you by Apple? Yes.

Re:Good move. (1)

timmyf2371 (586051) | about 2 years ago | (#41648541)

If only microsoft would've done the same two decades ago.

If Microsoft had done the same two decades ago, we'd have accused them of monopoly abuse.

Would be more interesting if it was part of the OS (0)

Anonymous Coward | about 2 years ago | (#41645721)

For one, it would be open souce then.

Viruses are not the issue (3, Insightful)

Skapare (16644) | about 2 years ago | (#41645741)

The real issue is apps with malicious design intentions ... like ones that track your activity for advertising.

Re:Viruses are not the issue (1)

Anonymous Coward | about 2 years ago | (#41645811)

Tracking what I like or don't like is idea since I don't care about viagra or sports cars. So I would much rather get an advertisement telling me to go buy a family guy dvd box set or an anime that I like than stuff I don't like. What I don't like is how some applications will advertise and run in the background of your phone. It's annoying to get a notification every 10 minutes about an advertisement but thankfully Ad Network Detector is pretty decent at find out what does that. Read reviews before you install anything and you should be fine. Target advertising isn't necessarily a bad thing unless the government gets involved.

Re:Viruses are not the issue (1)

causality (777677) | about 2 years ago | (#41646575)

Target advertising isn't necessarily a bad thing unless the government gets involved.

They usually do that after the company has built up a nice, big, robust, relevant database full of information that the government would have had difficulty obtaining on its own.

Plenty of real criminals have been caught with the aid of data that Google had collected about them. This saves the cops some of the effort of doing real police work. The problem is, the same techniques could be used against "undesirables" as well.

Not to mention, the very idea that I need someone else to tell me what I want and what I need is just plain rude. So is the idea of tracking me without first obtaining my written consent. Targeted advertising is worse than the less specific kind. You'd have to be a serious slave to the most momentary of conveniences to think otherwise.

Re:Viruses are not the issue (0)

Anonymous Coward | about 2 years ago | (#41647077)

So I would much rather get an advertisement telling me to go buy a family guy dvd box set or an anime that I like than stuff I don't like.

I've heard this mentioned a few times. But I still don't understand why? You're not actually going to buy it, are you? So what does it matter if it's for an anime series or a cat litter tray?

Surely the cat litter tray ad would be preferable because it does not tempt you in any way to purchase?

Re:Viruses are not the issue (1)

Mr. Slippery (47854) | about 2 years ago | (#41647337)

Tracking what I like or don't like is idea since I don't care about viagra or sports cars. So I would much rather get an advertisement telling me to go buy a family guy dvd box set or an anime that I like than stuff I don't like.

This attitude continues to astound me. "I would like marketers to know more about me, so that they can use more effective mind control techniques to influence my purchasing behavior."

Re:Viruses are not the issue (0)

Anonymous Coward | about 2 years ago | (#41647617)

You're lying if you say you've never found an ad genuinely informative before.

I've definitely found targeted ads very useful. They know I'm a gamer, so I get ads that inform me about new games I may be interested in but haven't heard of before. This is a good thing, because it supports the sites I visit and informs me of things I may be interested in.

Re:Viruses are not the issue (0)

Anonymous Coward | about 2 years ago | (#41648025)

Tracking what I like or don't like is idea since I don't care about viagra or sports cars. So I would much rather get an advertisement telling me to go buy a family guy dvd box set or an anime that I like than stuff I don't like.

This attitude continues to astound me.

Why? You're going to be subjected to ads anyway, even if it's just Google AdWords.

I agree with the GP - unless I can 100% avoid ads entirely, I'd rather the ones I *do* see be relevant.

Re:Viruses are not the issue (2)

denis-The-menace (471988) | about 2 years ago | (#41646473)

I've seen games that NEED access to SMS text, your contacts, pictures, GPS, etc. (e.g. Tetris that needs Internet access)

What Android really needs is both a way to block permissions WITHOUT rooting *and* someone with a brain that stops these things from making it in the store in the first place.

Will it happen? HELL NO.
Your lack of privacy is WAY to profitable.

Re:Viruses are not the issue (1)

Clsid (564627) | about 2 years ago | (#41647205)

The real issue is apps with malicious design intentions ... like ones that track your activity for advertising.

Pretty much like Google right? I bet that they wouldn't mind to report back to HQ to see what people are using on their phones when they don't use the Play Store.

Maybe it'll shut up some Linux zealots (0)

Anonymous Coward | about 2 years ago | (#41645747)

Maybe now that Android is a big market player and is threatened by malware it will finally shut up Linux zealots who claim Linux doesn't get viruses.

Re:Maybe it'll shut up some Linux zealots (1)

tuppe666 (904118) | about 2 years ago | (#41645955)

Maybe now that Android is a big market player and is threatened by malware it will finally shut up Linux zealots who claim Linux doesn't get viruses.

No most Linux[sic] users think Linux refers to the kernel, of the OS, but use it as a generic name for *Linux based Distributions" A sort a collection of programs, but contains things like a graphical desktop[ie Gnome] , and famously GNU tools userland? collectively I think we would define it as Desktop Linux. Understand this has NOTHING to do with Android other than they share a common kernel which benefits both of them.

Most Linux users except that its impossible to get viruses, just that its improbable, and exploits in the wild are rare, but obviously they are not too arrogant to not take precautions.

I think your a little confused when using the word zealot. I think what you meant Fabulously Sexy Linux Users OMG!

RMS was right about calling it "GNU/Linux" (1)

tepples (727027) | about 2 years ago | (#41646197)

No most Linux[sic] users think Linux refers to the kernel, of the OS, but use it as a generic name for *Linux based Distributions"

Which means RMS was right about calling it "GNU/Linux". Unlike Linux distributions typically installed on a laptop, desktop, or server, Android contains little if any software produced by the GNU project. For example, it uses Google Bionic instead of glibc. Embedded Linux systems likewise tend to replace GNU software, such as replacing glibc with lighter weight Newlib or uClibc.

Re:RMS was right about calling it "GNU/Linux" (1)

tuppe666 (904118) | about 2 years ago | (#41646321)

No most Linux[sic] users think Linux refers to the kernel, of the OS, but use it as a generic name for *Linux based Distributions"

Which means RMS was right about calling it "GNU/Linux". Unlike Linux distributions typically installed on a laptop, desktop, or server, Android contains little if any software produced by the GNU project. For example, it uses Google Bionic instead of glibc. Embedded Linux systems likewise tend to replace GNU software, such as replacing glibc with lighter weight Newlib or uClibc.

RMS was right then...but that was then and this is now RMS lost the PR battle, Linus acted better over the whole thing and Linus lets face created a hell of a product, that you can comfortable argue is a Jewel in the Open Source World. That said I owe my Desktop Linux experience to X; Gnome; Firefox and LibreOffice but it could just as easily B Wayland; KDE; Chromium and Calligra.

Personally I always liked Hurd...because it means group, but I don't really care. The original post was trying to imply Desktop Linux is the same as Android, and they are so far from being the same its kind of sweet.

and what if i want malware? (0)

Anonymous Coward | about 2 years ago | (#41645825)

no really what if i want to put it there so that when you come to mess with my phone ill screw you large and then know whom stole my phone or messed with it....

no really im evil user ( waves) don't fuck with "evil user"

LoJack != malware (1)

tepples (727027) | about 2 years ago | (#41646207)

no really what if i want to put it there

Internet service providers don't want customers who want malware.

so that when you come to mess with my phone ill screw you large and then know whom stole my phone or messed with it

As long as it's under the control of the device's owner, a LoJack style application is not malware.

Approval process (1)

eWarz (610883) | about 2 years ago | (#41647537)

I had always assumed that there was an approval process that looked for this type of stuff. I guess i was wrong?

All sorts of fail (1)

thetoadwarrior (1268702) | about 2 years ago | (#41647837)

Mobile phones should not require software like Norton anti-virus so Android's already failed there. But i don't think this tackles a bigger concern. A lot of apps ask for too many permissions and user's data is taken. You should be able to manage individual permissions, At a guess Google isn't going to do anything about that.

And Ads! (2)

CuteSteveJobs (1343851) | about 2 years ago | (#41648149)

The Google Play store does not say whether or not a 'free' app contains ads - especially the distracting blinking banner ads. It's fine for developers to do this and users may accept it rather than buying the app, but developers should disclose it up front. I get sick of downloading apps only to delete them. Plus many 'free' apps want access to your phone state, so they can see your phone number, who you call, and when you call them. Sneaky:

And take the children's drawing game which server up adult ads
Hannah-Siobhan - September 13, 2012 - Good basic game. Shame for the adverts my kids can click on, needs to have a lock screen option.
kristen - September 29, 2012 - Not kid friendly ads - Good time waster for kids, but the ads contain mature content, I saw buttocks yesterday...
Laura - September 19, 2012 - Version 4.0.1 - Disappointed - They show poor judgement with their advertising. With inappropriate pictures I cannot let my children use this app.
https://play.google.com/store/apps/details?id=virtualgs.kidspaint [google.com]
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?