Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Android Users Get Scammed With In-App Antivirus Ads

timothy posted about a year and a half ago | from the like-robots-these-androids dept.

Advertising 82

An anonymous reader writes "A new malware scheme has been discovered that pushes fake antivirus software to Android users via in-app advertising. Once installed, the trojan informs the victims they need to pay up to remove threats on their device. The malware in question, detected as "Android.Fakealert.4.origin" by Russian security firm Doctor Web, has been around since at least October 2012 according to the company. While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."

cancel ×

82 comments

Sorry! There are no comments related to the filter you selected.

Always give them a chance (4, Interesting)

belthize (990217) | about a year and a half ago | (#43499937)

I will never understand why phishing and malware attempts always have some weird tell that they're not legit. Whether it's some bizarre choice of words in the midst of an otherwise fairly legit looking piece of email or Cyrillic text in the middle of an otherwise semi-legit looking app there's always a tell.

It's as if the authors are carefully trying to prey only on the truly stupid.

Why 'Nigerian Scammers' Say They're From Nigeria (1)

tepples (727027) | about a year and a half ago | (#43499987)

It's as if the authors are carefully trying to prey only on the truly stupid.

Given how advance fee fraud works [slashdot.org] , that's probably right.

Re:Why 'Nigerian Scammers' Say They're From Nigeri (1)

SternisheFan (2529412) | about a year and a half ago | (#43500041)

It's as if the authors are carefully trying to prey only on the truly stupid.

Given how advance fee fraud works [slashdot.org] , that's probably right.

I had a phishing attempt recently that really looked like it was from the IRS, down to the logos and all. I know the IRS and banks don't send unsolicited emails out, the real clincher was the reply address ended in ".irt". So, it got forwarded to abuse@irs.gov, same thing I do with bank phishing attempts. The only bad thing is I'll never know if I helped catch a phisher.

Is Microsoft paying Dice for all this FUD? (0)

Anonymous Coward | about a year and a half ago | (#43501327)

Do bears shit in the woods?

Re:Why 'Nigerian Scammers' Say They're From Nigeri (1)

belthize (990217) | about a year and a half ago | (#43500071)

That's a slightly different scenario though. In this case they don't have to weed out responders to save time. For most click here, enter data here type phishing attempts it's a one time interaction. If you're dumb enough to take the first step there's no second step to save you.

I guess I shouldn't have written 'I will never understand' but I certainly don't at the moment. I'll admit it's so pervasive there may be a reason but they're usually fairly subtle errors where as the Nigerian scammers are fairly blatant. It's like spoofed web sites that are a 95% match to the original. Why not go ahead and make it 100%.

It makes me wonder if it's a legal issue, i.e. they know that if they leave the credit cards and banks an out for claiming it was the users fault for not realizing it was a scam then the legal world will be more inclined to ignore them.

Re:Always give them a chance (3, Interesting)

alostpacket (1972110) | about a year and a half ago | (#43500425)

You know, I got that same feeling when the article said this was from "Russian security firm Doctor Web" and the malware dates back to October 2012.

They may be legit, but I did a double take on the name and country of the company, as well as the date.

Looks like it comes from TFA, which is next to useless for actual helpful information. No mention of what ad networks, or what apps theses were found in. They even blur the website name of where they encountered an ad. The Next Web article seems to be copy-pasta from the AV 'article' (probably better described as a press release). I clicked around their site and their links are broken and redirect to a scary 404 page that gives me instructions on how to recover Windows. Pot, kettle, anyone?

But sure enough, they sell Android antivirus software.

(Full disclosure: I sell an app meant to teach new users about Android permissions, but also give the text of the guide away -- still, take what I say with a grain of salt, like anyone else).

Re:Always give them a chance (1)

tlhIngan (30335) | about a year and a half ago | (#43501849)

I will never understand why phishing and malware attempts always have some weird tell that they're not legit. Whether it's some bizarre choice of words in the midst of an otherwise fairly legit looking piece of email or Cyrillic text in the middle of an otherwise semi-legit looking app there's always a tell.

It's as if the authors are carefully trying to prey only on the truly stupid.

There is some logic in that - if you eliminate the ones smart enough to do stuff like that, you have a better chance of remaining undetected. Think of it - you get a phish email, see some obvious misspellings, delete it and move on. If it was a bit too perfect, you might realize the URL is wrong and report it to the appropriate authority. Like Google Docs (which is a common vector for creating fake login sites, go figure).

But if a user doesn't notice, there's a greater chance they'll not notice the weird URL and just blindly enter their details as well.

Anyhow, notice how Android's permission list is getting harder and harder to view? Just the other day I was looking at a respectable app, and a fairly important permission was hidden underneath "Other permissions". Namely, it had access to the Accounts section of Android. Which is a major WTF because a crafty app could use that for ads and spam you, knowing they're verified e-mail addresses because they've got your Google account, your Dropbox account and other accounts that Android may be managing. And it wasn't listed by default.

Re:Always give them a chance (0)

Anonymous Coward | about a year and a half ago | (#43502247)

... carefully trying to prey only on the truly stupid

Hopefully, they will pay for an upgrade in 2 weeks that will load even more malware on their computing device. At least the truly stupid won't ask for their money back! It creates a self-supporting demand.

Re:Always give them a chance (1)

seanvaandering (604658) | about a year and a half ago | (#43502353)

Spoken like someone who doesn't have kids. Mine are now old enough to understand how to "click OK", but i'm not around when they generally use the computer and my wife definitely doesn't understand it like I do.

I've removed several malware programs from the computer, and I know that it's coming from those free kids game sites which my kids use on a regular basis. They're not stupid, but naive to these sorts of things. Like most things I can explain it to them a thousand times, but when you hold a shiny in front of a kid, they're going to go for it every time.

Re:Always give them a chance (1)

BasilBrush (643681) | about a year and a half ago | (#43502779)

So why do your kids have admin accounts on the computer?

Re:Always give them a chance (1)

daveime (1253762) | about a year and a half ago | (#43510425)

Why do you assume the kind of malware that displays a scary popup message about viruses would be running as root ?

Re:Always give them a chance (1)

BasilBrush (643681) | about a year and a half ago | (#43510567)

WTF has root got to do with anything? I said admin. An admin account is one which allows you to install programs. If the kids don't have an admin account they won't be installing programs.

Or do you have some deficient OS that doesn't have proper admin accounts? Hmm... root? You're not a Linux user are you?

Re:Always give them a chance (0)

Anonymous Coward | about a year and a half ago | (#43502807)

And are there consequences for the kids ignoring your advice, like perhaps losing computer privileges for a couple of weeks whenever it gets infected? If the kids don't get negative consequences from making the wrong choices how do you expect them to learn.

Re:Always give them a chance (2)

AmiMoJo (196126) | about a year and a half ago | (#43502689)

The most obvious give-away is when it says "you must enable installing from untrusted sources", aka side-loading, to use the .apk file that just downloaded. For some not at all suspicious reason it isn't on Play. Ignore the warnings you see about not trusting unknown applications/companies. Just keep clicking "yes".

People who fall for this are too dumb to use a smartphone. They are on a par with people who drive over cliffs or off bridges because their sat-nav told them to. If you don't make the slightest effort to understand the messages you are being shown on screen or to do anything other than what you are told then, well... Don't blame the OS.

Actually, if you are one of those people, please go jump of a bridge right now. Ignore the danger signs and "no swimming" notice, it's perfectly safe, honest.

Re:Always give them a chance (1)

tlhIngan (30335) | about a year and a half ago | (#43515459)

The most obvious give-away is when it says "you must enable installing from untrusted sources", aka side-loading, to use the .apk file that just downloaded. For some not at all suspicious reason it isn't on Play. Ignore the warnings you see about not trusting unknown applications/companies. Just keep clicking "yes".

People who fall for this are too dumb to use a smartphone. They are on a par with people who drive over cliffs or off bridges because their sat-nav told them to. If you don't make the slightest effort to understand the messages you are being shown on screen or to do anything other than what you are told then, well... Don't blame the OS.

Actually, if you are one of those people, please go jump of a bridge right now. Ignore the danger signs and "no swimming" notice, it's perfectly safe, honest.

And you don't have that setting checked?

I mean, do you not install apps from say, Amazon? Or the Humble Bundle? Or dozens of other legit places that sell apps? (Isn't that the whole POINT of using Android? If you wanted to stick with the Play store, then iOS would work just as well).

Not to mention the folks who visit sites like AppCake to get their "free" apps. (There are very convenient tutorials on how to use those places, as well).

The problem is Android makes it an all-or-nothing procedure. You can't enable just Amazon and Play. It's either Play or everything.

As for complaining about that setting - please refer your security concerns to the following concept: Dancing Pigs (or rabbits) [wikipedia.org] . Users are task-oriented. Phones, computers, are tools meant to aid in getting tasks done. Just like your mechanic should not have to bother recompiling kernels or system updates in order to fix your car, people shouldn't need to understand how their engine works in order to drive one.

(Hell, you can probably bet mechanics wished drivers would understand how their car works...)

Perhaps that's why people have taken on tablets and other stuff with enthusiasm and shied away from buying lots of PCs. The flexibility and freedom of PCs is nice, but that comes with relatively huge maintenance requirements. Likewise how people watch Netflix using DVD/Blu-Ray/media tanks - hook it up, enter in your account information, done.

Re:Always give them a chance (0)

Anonymous Coward | about a year and a half ago | (#43506749)

My theory is that the scammers are just as stupid as their intended victims. The best person to fool a fool is another fool. This is why fools go into sales.

You only notice the badly done ones. (1)

romons (2767081) | about a year and a half ago | (#43512381)

The rest are happily installing crap on your system with your blessings.

It really PISSES ME OFF that nobody can figure out how to fix this. Fucking malware guys should be stripped, dipped in glue, and rolled in fire ants. For the first offense. What a bunch of assholes.

I've seen this before... (1)

michael_rendier (2601249) | about a year and a half ago | (#43499939)

Reminds me of a popup I used to see. Always liked telling me that I had 3786 problems with my windows registry. I'm running linux...i'm sure that the first of those 'problems' is that I don't have a windows registry. XD

How to get a Windows registry (1)

tepples (727027) | about a year and a half ago | (#43499979)

I'm running linux...i'm sure that the first of those 'problems' is that I don't have a windows registry. XD

If your PC runs a distribution descended from Debian, you too can get your very own Windows registry:

sudo apt-get install wine

But I see your point. As long as you're using an X11 based browser, as opposed to browsing the web in a copy of Wine Firefox that you ended up keeping open after you were done watching Netflix, there's no way a pop-up ad could possibly see your Windows registry.

Re:How to get a Windows registry (0)

symbolset (646467) | about a year and a half ago | (#43502105)

Wine and Mono are proof of the existence of the idiot savant. They brilliantly do these things, and don't know why they shouldn't.

Please help me become no longer an idiot (2)

tepples (727027) | about a year and a half ago | (#43502981)

Wine and Mono are proof of the existence of the idiot savant. They brilliantly do these things, and don't know why they shouldn't.

Then please help me become no longer an idiot. Please explain why one shouldn't. Are you claiming that it is unwise to allow users of a minority computing platform to run applications that were developed for the majority computing platform? If so, please explain at which point the unwisdom enters the claim.

Re:Please help me become no longer an idiot (1)

symbolset (646467) | about a year and a half ago | (#43508339)

Unfortunately I can't help you learn this. Once you have adopted the thesis this far no argument from me will satisfy you. You will have to find the exit on your own, or experience the natural consequences and gain your experience the hard way. That's OK: I've been stubborn and learned things the hard way too.

Re:Please help me become no longer an idiot (1)

tepples (727027) | about a year and a half ago | (#43508691)

Once you have adopted the thesis this far

Explain which "thesis" you're talking about, and my exit might become easier.

Uninstallation last time (3, Informative)

tepples (727027) | about a year and a half ago | (#43499941)

It's a lot easier to uninstall fake antivirus on Android than on Windows. Last time, removal took two steps [slashdot.org] : 1. remove it from the list of device administrators, and 2. uninstall the application from the device.

Are other mobile platforms any less prone to deceptive in-app advertising?

The big difference between Android and Linux (1)

aNonnyMouseCowered (2693969) | about a year and a half ago | (#43501231)

is that while in desktop GNU/Linux a firewall is designed to keep the nasties out, in Android a firewall like Droidwall is designed to keep the nasties in, i.e. prevent them from phoning home.

For those who want to be anal pedantic I know the "backend" in both Android and GNU/Linux is pretty much the same iptables that can be configured to keep out/in both external and internal threats. However, I was quite surprised when I first learned what Android firewall apps, which typically require root-level access to do their trick, were designed to do, to protect users against apps that abuse their network access privileges.

Re:Uninstallation last time (0)

Anonymous Coward | about a year and a half ago | (#43501943)

Is there really a technical reason why it's not possible for them to dig in deeper into an android device assuming the user gives permission (as per the article)?

Or is it just because the perps don't care/need to at the moment.

Re:Uninstallation last time (2)

ozmanjusri (601766) | about a year and a half ago | (#43502121)

Is there really a technical reason why it's not possible for them to dig in deeper into an android device assuming the user gives permission (as per the article)?

Yes.

In addition to the standard Linux security model, Android has an Application Sandbox which assigns a unique user ID (UID) to each app when it is run. The apps run as that UID, and can only interact with other apps through secure inter-app process communications.

http://source.android.com/tech/security/ [android.com]

Re:Uninstallation last time (1)

oldlurker (2502506) | about a year and a half ago | (#43502831)

Is there really a technical reason why it's not possible for them to dig in deeper into an android device assuming the user gives permission (as per the article)?

Yes.

In addition to the standard Linux security model, Android has an Application Sandbox which assigns a unique user ID (UID) to each app when it is run. The apps run as that UID, and can only interact with other apps through secure inter-app process communications.

http://source.android.com/tech/security/ [android.com]

There have been several well known (some even presented at Black Hat) ways of breaking out of the Android sandbox, and Linux privilege escalation exploits, to completely compromise an Android phone. The biggest problem with Android security though is that even Google has been good at adding security features and fixing vulnerabilities, most of the user base is on older vulnerable versions, with added "functionality" from handset makers and operators undermining security further.

Re:Uninstallation last time (0)

Anonymous Coward | about a year and a half ago | (#43506757)

As someone who has never used Android, this design sounds utterly moronic. Why the hell is it not just 1 step?

Re:Uninstallation last time (1)

tepples (727027) | about a year and a half ago | (#43506949)

I'm guessing it's to make sure the user doesn't uninstall an employer's device management package on accident.

Malware (1)

Clueless Moron (548336) | about a year and a half ago | (#43499983)

"Please run this random program you got from somewhere because we asked you to".

Then something bad happens.

What's Android platform specific about this?

No "Unknown sources" and pay to "adb install" (4, Interesting)

tepples (727027) | about a year and a half ago | (#43500011)

What's Android platform specific about this?

Mobile platforms other than Android put substantial barriers in the way of being able to "run this random program you got from somewhere". Windows Phone 7 and iOS, for example, don't really have a counterpart to the "Unknown sources" checkbox of Android, and they charge $99 per year for "provisioning", which allows the user to load applications through the equivalent of adb install.

Re:No "Unknown sources" and pay to "adb install" (0)

Anonymous Coward | about a year and a half ago | (#43500033)

100 dollars a year to be able to install what I want, no wonder winblows phone never really caught on: microsuck licenses.

Re:No "Unknown sources" and pay to "adb install" (0)

Anonymous Coward | about a year and a half ago | (#43500065)

I've always seen this as an advantage of the Android platform, but I guess there are those who want to further ruin computers for the benefit of idiots. As far as I'm concerned, even Android is too locked-down. Additionally, the security isn't great. For example, why is SD card access a boolean decision? And why are all permissions granted permanently to apps? Bad design.

Re:No "Unknown sources" and pay to "adb install" (1)

alostpacket (1972110) | about a year and a half ago | (#43500479)

why is SD card access a boolean decision? And why are all permissions granted permanently to apps?

Fair questions, but how would you have designed it? Think carefully about the edge cases and user experience for both questions. I think it also helps to keep in mind lessons learned from incessant dialogs. Users are now desensitized and trained to click OK, despite not having read the message.

Secure file chooser dialog (2)

tepples (727027) | about a year and a half ago | (#43500587)

Fair questions, but how would you have designed it?

I'd handle SD card access like this: When an app is installed, it can read and write only its own folder. When an app wants to open any other file, or all files in a given folder, it asks the system to display a file chooser to the user, and then that app gets authorized to open that file. Both OLPC Bitfrost and the Mac App Store sandbox use variants of this pattern. Likewise with the Internet permission. I'd add an additional "User-chosen Internet sites" permission that can access only the domains specified in the application's manifest and the hostname of any URL that the user chooses to "share" with the application.

Re:Secure file chooser dialog (2)

Nemyst (1383049) | about a year and a half ago | (#43501409)

And the number of acronyms and specialized vocabulary you've used means you'd have lost 90% of the user base by doing that. People think of phones and computers as appliances. The last thing they want is having to understand what a folder structure is, or what a URL is. They'd just click/tap until all the scary popups are gone.

If you think I'm exaggerating, most non-tech people I know never use the URL bar on their computer: they go to their homepage, usually Google, and type in the site's name there. Even after years and years of using the site.

Explanation for novices; vehicles as appliances (1)

tepples (727027) | about a year and a half ago | (#43502971)

And the number of acronyms and specialized vocabulary you've used means you'd have lost 90% of the user base by doing that.

alostpacket asked: "how would you have designed it?" How to design a system and how to explain its behavior to computer novices are two different things. I am aware that trying to explain a system to a novice user and to a programmer using the same wording is unwise.

File Chooser: When an application wants to work with one of the documents, photos, or other files stored on your device, the device asks you to choose a file. Only the file you choose will be made available to the application. Sometimes, an application will ask you to choose a folder, or a collection of files on your device. All files in this folder will be made available to the application. The file chooser explains whether or not the application wants to change the contents of the file or folder, such as to save your work. Remember not to choose any file with private information in an application that you do not trust.

Limited Internet: This application can connect to a small set of sites on the Internet that were chosen by the application's developer. Some applications are designed to view information from a specific site on the Internet. Other applications connect to a sponsor's site to display advertisements to fund continued development of the application. Remember not to enter private information into an application that you do not trust.

Share URL Intent: You can choose to share a link to an Internet resource, such as a web page, from another application. (Sometimes a link is called a "URL".) The device asks you to choose an application with which to share the link. The application you choose can connect to the site that the link is on. For example, if you share a link to a page on example.com, Internet connections to example.com will be made available to this application. Remember not to share links with an application that you do not trust.

People think of phones and computers as appliances.

Do people expect to be able to install applications in their refrigerators? Do people enter private information into their ovens? A computer is an appliance in the same way that a vehicle is an appliance: it is possible to do things with it that are dangerous to the operator or to others.

Re:No "Unknown sources" and pay to "adb install" (1)

CastrTroy (595695) | about a year and a half ago | (#43500687)

Well, for starters, there should be a way for apps to only access certain folders of the SD card. Kind of like how all the internal storage is private to each app, same should go for the SD card. There's very few use cases that I can think of where an app needs access to every file on my SD card. Even something like a media player should be granted permission only to specific folders where you keep your music and videos. Having access to the SD Card and network basically gives the app to collect any data it can find on your SD card and send it off to some random server. Including unencrypted backups if you didn't get the paid version of Titanium Backup.

Re:No "Unknown sources" and pay to "adb install" (0)

Anonymous Coward | about a year and a half ago | (#43501519)

I'm the original Anonymous Coward. I would have done the following for SD card permissions:

  1. Unique permissions for read music, write music, read pictures, and write pictures. Since those are the most common tasks and a program doesn't need access to the whole card to read from /DCIM.
  2. A single general access permission, as before, for edge cases -- but discouraged from use when not necessary.
  3. A built-in API file-picker that can be called from any application with the distinction that read/write permission is granted for the file chosen, regardless of the app's status or file location. The solution in this case is that the user must deliberately select the file and then permission is only granted on that file.

Re:No "Unknown sources" and pay to "adb install" (1)

gl4ss (559668) | about a year and a half ago | (#43502549)

the perfect solution would be somewhere in between nokia j2me permissions handling and the way android does permissions.
nokia (and other) j2me permission handling bombs the user with way too many dialogs(making using a file browser coded in j2me really tedious) and android doesn't give possibility for enough.

however, if you have a platform where you could do AV/system maintenance sw as a 3rd party, then you're going to have the possibility to do fake sw to do it. remember, this attack is mainly social engineering - putting adverts out for AV. the user wanted to install something that would get AV permissions.. they could have had it in the store for a while rather easily too.

and no I don't want to pay testing houses 500 dollars for a release that the fucks don't even check if it does anything bad(the symbian way), so that option is out the window as realistic.

Paying your dues (1)

tepples (727027) | about a year and a half ago | (#43503165)

and no I don't want to pay testing houses 500 dollars for a release that the fucks don't even check if it does anything bad(the symbian way)

Then the established development companies that are willing to pay their dues will out-compete you.

Re:No "Unknown sources" and pay to "adb install" (1)

BasilBrush (643681) | about a year and a half ago | (#43503255)

Fair questions, but how would you have designed it? Think carefully about the edge cases and user experience for both questions. I think it also helps to keep in mind lessons learned from incessant dialogs. Users are now desensitized and trained to click OK, despite not having read the message.

The fact that a lot of people will just click OK on dialogs without consideration is well worth bearing in mind. But the Android method does not get an advantage there. People who do this will click on OK in a dialog at install time, even more so than when an unpredictable one comes up.

Better to bring up a dialog which is specific to a particular permission, at the time the app is first trying to do it. Than a user can better understand why they are being asked the question.

But ultimately, the best UI is no UI so where possible you avoid having to ask the user about permissions at all. One way to do this is to have a curated App Store where apps that do bad things aren't allowed. So then you only need permissions for things that are genuine permission preferences, not to protect from malware.

Re:No "Unknown sources" and pay to "adb install" (1)

BasilBrush (643681) | about a year and a half ago | (#43503263)

Following myself up here:

Of course you also need a permissions section in an options screen somewhere in order that permissions that were given can be taken away again.

Re:No "Unknown sources" and pay to "adb install" (0)

Anonymous Coward | about a year and a half ago | (#43504677)

A curated store might protect you from malware (it doesn't; see Charlie Miller, who only got caught because he went public about it. See flashlight tethering app who only got caught because the secret places to tap-to-unlock were revealed and caught on like wildfire.)..,

It doesn't necessarily protect you against privacy invasions -- and really, that's what most malwares do these days... they want to harvest your contact list to spam people products. There's almost nothing stopping me as a "malware" writer to create some shitty Angry Birds clone and harvesting the info BUT holding off until the review period is over (and maybe until a good install base) before doing anything.

The chances of being caught even in a curated store are next to none, as long as you're reasonably intelligent about it.

Re:No "Unknown sources" and pay to "adb install" (1)

tepples (727027) | about a year and a half ago | (#43506973)

One way to do this is to have a curated App Store where apps that do bad things aren't allowed.

Isn't that what Amazon Appstore does?

Re:No "Unknown sources" and pay to "adb install" (1)

ozmanjusri (601766) | about a year and a half ago | (#43502173)

why are all permissions granted permanently to apps? Bad design.

Because Android security is designed to protect the community of users rather than each user individually. The last paragraph below explains the philosophy, but it's much the same as many other FOSS systems - not all users can audit or edit source code, but not all need to.

How Users Understand Third-Party Applications

Android strives to make it clear to users when they are interacting with third-party applications and inform the user of the capabilities those applications have. Prior to installation of any application, the user is shown a clear message about the different permissions the application is requesting. After install, the user is not prompted again to confirm any permissions.

There are many reasons to show permissions immediately prior to installation time. This is when user is actively reviewing information about the application, developer, and functionality to determine whether it matches their needs and expectations. It is also important that they have not yet established a mental or financial commitment to the app, and can easily compare the application to other alternative applications.

Some other platforms use a different approach to user notification, requesting permission at the start of each session or while applications are in use. The vision of Android is to have users switching seamlessly between applications at will. Providing confirmations each time would slow down the user and prevent Android from delivering a great user experience. Having the user review permissions at install time gives the user the option to not install the application if they feel uncomfortable.

Also, many user interface studies have shown that over-prompting the user causes the user to start saying "OK" to any dialog that is shown. One of Android's security goals is to effectively convey important security information to the user, which cannot be done using dialogs that the user will be trained to ignore. By presenting the important information once, and only when it is important, the user is more likely to think about what they are agreeing to.

Some platforms choose not to show any information at all about application functionality. That approach prevents users from easily understanding and discussing application capabilities. While it is not possible for all users to always make fully informed decisions, the Android permissions model makes information about applications easily accessible to a wide range of users. For example, unexpected permissions requests can prompt more sophisticated users to ask critical questions about application functionality and share their concerns in places such as Google Play where they are visible to all users.

http://source.android.com/tech/security/ [android.com]

Re:No "Unknown sources" and pay to "adb install" (1)

manu0601 (2221348) | about a year and a half ago | (#43500161)

I hit the mod menu by mistake. Here is a comment to cancel the underrated mod, which you do not deserve.

Re:No "Unknown sources" and pay to "adb install" (1)

sgam3 (2903895) | about a year and a half ago | (#43514449)

http://giaitri123.mobi/ [giaitri123.mobi] site game apk free no ads

Re:Malware (1)

andydread (758754) | about a year and a half ago | (#43500423)

please download and run this app to get gold coins to purchace uber rifle

Re:Malware (4, Insightful)

BasilBrush (643681) | about a year and a half ago | (#43502787)

"Please run this random program you got from somewhere because we asked you to".
Then something bad happens.
What's Android platform specific about this?

Well it doesn't happen on iOS.

Re:Malware (0)

Anonymous Coward | about a year and a half ago | (#43504791)

You're right. Perhaps you should have downloaded Charlie Miller's stock-ticker app from directly in the store before he went public about it.

He would have enjoyed your phone due to your ignorance.

Re:Malware (2)

BasilBrush (643681) | about a year and a half ago | (#43505483)

I can't download it because it was only on the AppStore for a few hours before it was removed, and he as a rogue developer was banned. Which is a pretty good demonstration of why it's better than Android's system. With Android, all the malware that was ever created is still out there, still trapping the unwary.

Re:Malware (1)

DNS-and-BIND (461968) | about a year and a half ago | (#43505315)

"I, a free man, wish to enter into a contract which may or may not benefit me, but goddamit it's my choice and I'm the one making it."

"Thankfully, my masters have removed my free will and will decide for me what is good and what is not. Praise to my betters!"

Re:Malware (1)

BasilBrush (643681) | about a year and a half ago | (#43505495)

So you don't use virus checkers or spam mail blocklists. Interesting.

Pfft. Slow news day (0)

Anonymous Coward | about a year and a half ago | (#43500035)

Cmon, do you really think this is news?

Why was Windows mentioned? (1)

bogaboga (793279) | about a year and a half ago | (#43500075)

While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."

Ahh Slashdot! I guess Windows was mentioned in order to create a "me too" effect. That is, that Android is just like "any other" system; especially one that has been around for a while.

To put it better: Nothing new, which saves Android, right?

Re:Why was Windows mentioned? (0)

Anonymous Coward | about a year and a half ago | (#43503585)

I have a Windows Phone, and I haven't seen this issue ;)

Apple users too..Nothing new here (1, Interesting)

tuppe666 (904118) | about a year and a half ago | (#43500083)

I'm never really sure why one scam virus scam manages to raise itself above others. but here is a link to some Apple suffering the same problem http://en.wikipedia.org/wiki/Mac_Defender [wikipedia.org] "The program appears in malicious links spread by search engine optimization poisoning on sites such as Google Image Search. When a user accesses such a malicious link, a fake scanning window appears, originally in the style of a Windows XP application, but later in the form of an "Apple-type interface". The program falsely appears to scan the system's hard drive. The user is then prompted to download a file that installs Mac Defender, and is then asked to pay US$59.95 to US$79.95 for a license for the software.

What reality matters is how quickly the OS is cleaned up In the case of Apple it took a month "The Mac security firm Intego discovered the fake antivirus software on May 2, 2011, with a patch not being provided by Apple until May 31"

Although it is worth pointing out all those poor computer experts(sic) that blame users on the lie that it must be porn or copyright programs that caused the damage when most of the time its simply lack of understanding of a single science.

Difference is, mobile vs. PC (1)

SuperKendall (25149) | about a year and a half ago | (#43502215)

I'm never really sure why one scam virus scam manages to raise itself above others.

Because those things are well known in traditional computers, but less expected on mobile devices which are supposed to be more secure.

in-app ads (1)

manu0601 (2221348) | about a year and a half ago | (#43500181)

I am not familiar with Android. How in-app adveitising works? Does each app deal with its own mecanism? Or is there a pool of third party company ready to give away software bits for that? Or is there a system-wide API provided by Google?

AdMob among others (2)

tepples (727027) | about a year and a half ago | (#43500249)

Or is there a pool of third party company ready to give away software bits for that?

Yes. As explained in Google's article [android.com] , each Android ad network distributes its library as a JAR file to include in a project.

Or is there a system-wide API provided by Google?

AdMob, a Google company, is one of the Android ad networks.

That's a damn shame (0)

Anonymous Coward | about a year and a half ago | (#43500253)

Android users got scammed enough when they bought a fucking Android device.

Great Value. Open source. Muliple Maufacturers. (1)

tuppe666 (904118) | about a year and a half ago | (#43500663)

Android users got scammed enough when they bought a fucking Android device.

It might seem like a scam, but you really do get great value smart phones at realistic prices(and choice). It achieves this by using an free open source OS, and providing a healthy ecosystem of manufactures. Its why 1.5 Million devices are sold daily http://www.engadget.com/2013/04/16/liveblog-google-eric-schmidt-at-dive-into-mobile-2013/ [engadget.com] "320 operators, 160 countries, 700,000 apps in the Play Store, and 1.5 million sales / activations of Android every single day. We'll cross a billion towards the end of this year. That gives you a sense of the reach. Android is the primary vehicle of smartphones -- we'll quickly get to the $100 price point, which is the key for those next five billion people looking to get connected."

Its incredible I know. Its why you can get phones like the Samsung's Galaxy S4 which has become the Android phone to wait for. The phone has a slew of new features, including an improved 13-megapixel camera, new software features and it responds to waves and gestures. It also has a 5-inch Super AMOLED 1080p screen.

Snake Oil Time (0)

SuperKendall (25149) | about a year and a half ago | (#43502251)

The phone has a slew of new features, including an improved 13-megapixel camera

More megapixels is not an improvement.

new software features and it responds to waves and gestures.

Not well according to reviews. Who is going to use them if they don't work reliably? It's the ultimate gimmick to say you can control something literally right in your hand with a wave. It requires more effort to wave than to drag a finger across the screen!

The "Pause video when eyes lose contact with screen" is the biggest software feature miss in history, with approximately 99% of viewers thinking the phone is broken when this happens and most just wanting a video to keep playing regardless of where the eyes go. It totally ignores how actual humans behave when out in the wild with mobile devices.

It also has a 5-inch Super AMOLED 1080p screen

Great, a giant screen with incredibly poor color reproduction.

The last fun fact about the S4 is that buying one shows support for misogyny [cnet.com] .

Re:Snake Oil Time (0)

Anonymous Coward | about a year and a half ago | (#43504825)

1) The camera has been improved in more ways than just the megapixel. The burst fire from the S3 is still present (can yours fire off 15-20 pictures in a few seconds and then automatically select the best one for you?) The S4 also has the capability to operate both cameras simultaneously in case you want to take a picture to send to the other person while on a vocie call.

2) What reviewers? I've seen reviews that say it works okay-to-good. These are features you can turn off (and might actually be off by default until you turn them on). I remember one or two people saying that the SmartStay function on their S3 wasn't active by default, though that might have been just them (they weren't technologically incline, nor did they care about some of the built in features. At least they're trying... I mean, I know some phones which lauded having a 5th row of icons as new and revolutionary...

3) Incredibly poor color reproduction? Just because the colors are more vivid than you're normally use to doesn't make it a poor reproduction.

Re:Great Value. Open source. Muliple Maufacturers. (0)

Anonymous Coward | about a year and a half ago | (#43502903)

If an obvious Microsoft shill got on here dropping advertisements like you do, we'd run him out of here and mock him the entire way. You on the other hand are modded up. Is Slashdot now the place where Google employees hang out after hours?

Shilling for free software (1)

tepples (727027) | about a year and a half ago | (#43503189)

Shilling for software distributed under a free software license is more generally accepted on Slashdot than shilling for non-free software. Apart from a few applications available only to OHA licensees, such as Google Play Store, Android is free software. It consists of Linux, which is distributed under the GNU GPL, and AOSP, which is distributed under the Apache License.

Re:Great Value. Open source. Muliple Maufacturers. (1)

dehole (1577363) | about a year and a half ago | (#43504111)

To understand what gets modded up on Slashdot, you have to see what's in the bandwagon that everyone has hopped onto. If it isn't in the bandwagon, then your criticisms will get modded up.

Bandwagon: Google, Android, Linux, GCC, Windows 7

Not in Bandwagon: Apple, iOS, Windows 8, CLANG, Nook, Yahoo, Bing, Windows Phone, Apple OS etc..

So my comments like: "I'd rather trust a dirty whore with telling me the truth, than to trust Google's advertising platforms such as GMail, Google Search, Google Calendar, Andriod." Is modded down, even though Google is an advertising company who's profit is derived from selling your private information.

Re:Great Value. Open source. Muliple Maufacturers. (0)

Anonymous Coward | about a year and a half ago | (#43503601)

People who tout big megapixel CCDs with a small footprint obviously don't know shit about optics and really shouldn't comment on the subject. They'd be much better rolling it back a few megapixels and put the savings into just about anything else.
 
That aside, you're giving Windows fanbois plenty of credit too for doing The Right Thing(tm) by your own metric.

Re:That's a damn shame (0)

Anonymous Coward | about a year and a half ago | (#43501219)

You were scammed when your mommy told you were smart. Turns out you're a dipshit.

Nothing new... (0)

Anonymous Coward | about a year and a half ago | (#43500481)

This kind of stuff has been going on for years. First it was fake battery apps, now it's fake antiviruses. Meh.

mod uP (-1)

Anonymous Coward | about a year and a half ago | (#43500747)

Raymond in His [goat.cx]

you insensitiXve clod! (-1)

Anonymous Coward | about a year and a half ago | (#43500943)

tangle 0f fatal anotherd troubled

Open is better (0)

moonwatcher2001 (2710261) | about a year and a half ago | (#43501255)

Android is better than iOS because it's open. Android is better than iOS because it has more malware.

Android unsecure (0, Insightful)

Anonymous Coward | about a year and a half ago | (#43501885)

Leave it to Google to use linux and make it the most unsecure OS on the planet. How the hell do you mess that up?

Re:Android unsecure (0)

Anonymous Coward | about a year and a half ago | (#43503011)

Leave it to Google to use linux and make it the most unsecure OS on the planet. How the hell do you mess that up?

By getting a very significant user base attracting the attention of the malware business.

Ad blocking == security measure (2)

erroneus (253617) | about a year and a half ago | (#43502527)

Advertisers? Are you getting this?

You should be teaming up right now putting together a trusted and guarded source with a built-in regulated system that says "we will not annoy the user." It should be trusted and verifiable. The content of ads should be reviewed for various things.

Get your stuff organized and legitimized, advertisers, as I will stop blocking you.

Also, I have never seen malware on my phones or tablets. I wonder why...

You're using passives again (1)

tepples (727027) | about a year and a half ago | (#43503209)

You should be teaming up right now putting together a trusted and guarded source

Guarded by whom?

with a built-in regulated system

Regulated by whom?

The content of ads should be reviewed for various things.

Reviewed by whom?

Look at all these constructions with passive participles. Your reliance on them leaves your proposal vague as to who is doing the guarding, regulating, and reviewing, when one of the big issues in mobile device security is who has the power to do the guarding, regulating, and reviewing.

Re:Ad blocking == security measure (1)

dehole (1577363) | about a year and a half ago | (#43504151)

It is amazing to see how people can handle so many advertisements. I always block ads and scripts from running, simply because I can't trust the advertising networks. They have shown repeatedly that they are willing to push malware. I also install a Host's file which does a good job at blocking ad's (I don't buy a platform that I can't install at least that).

Ignorance is not stupidity. (0)

Anonymous Coward | about a year and a half ago | (#43511903)

Get off your collective high-horses. None of you are typical users, and they will often believe whatever the device says, why would they even question it. If you are making an OS for people who do not know about these things then it is your job to protect them.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?