Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

F-Secure: Android Accounted For 97% of All Mobile Malware In 2013

Soulskill posted about 8 months ago | from the going-for-the-high-score dept.

Android 193

An anonymous reader writes "Back in 2012, Android accounted for 79 percent of all mobile malware. Last year, that number ballooned even further to 97 percent. Both those data points come from security firm F-Secure, which today released its 40-page Threat Report for the second half of 2013. More specifically, Android malware rose from 238 threats in 2012 to 804 new families and variants in 2013. Apart from Symbian, F-Secure found no new threats for other mobile platforms last year."

Sorry! There are no comments related to the filter you selected.

And 80% of mobiles (0)

Anonymous Coward | about 8 months ago | (#46403745)

So let's not make a mountain out of a whorehill.

Clickbait post, shame on /. (4, Informative)

Camael (1048726) | about 8 months ago | (#46404911)

To the "anonymous reader" who posted the main article : If you link to TFA, at least post the less misleading title it used:

"F-Secure: Android accounted for 97% of all mobile malware in 2013, but only 0.1% of those were on Google Play"

Makes a world of difference. And yes, shame on you.

welcome to the big time (5, Insightful)

smash (1351) | about 8 months ago | (#46403751)

Linux is secure, right? Isn't Android Linux?

This is what you get running unsigned code from anywhere people! The last 30+ years of malware on Amiga, DOS, Windows, Unix, Linux, etc. should be a lesson. Trust code to execute by default and this is what you get. Rely entirely on the end user to determine whether or not code is legitimate, and this is what you get.

The average Joe is not capable of making that decision. Sure, it sucks, but them's the breaks.

Re:welcome to the big time (0, Flamebait)

jedidiah (1196) | about 8 months ago | (#46403831)

What kind of crack are you on?

Unix and Linux have no malware to speak of and they are completley open platforms.

On the other hand, Android has problems with "signed code". Yes. That's right. Android has problems with it's "app store". This isn't your grandfather's Windows style malware.

This is the end user installing stuff that's compromised.

All trojans all the time.

Entirely different problem.

Re:welcome to the big time (1, Insightful)

smash (1351) | about 8 months ago | (#46403851)

So, have you ever heard of a root kit [la-samhna.de] ? Linux has plenty of malware, and I have personally rebuilt compromised hosts. "Oh but that bug was in sendmail" or whatever you say. Cop out.

Re:welcome to the big time (2)

smash (1351) | about 8 months ago | (#46403869)

Also. You are arguing that trojans are NOT malware? Seriously? Of course they're fucking trojans. That's the point. The end user is in no way qualified to determine that software is NOT a trojan, and this is why them having root on a device with full ability to run any shitware trojan they like is never going to work. WE've had 30 years hammering this point home time and time again. It's not going to change.

Re:welcome to the big time (1)

symbolset (646467) | about 8 months ago | (#46404757)

If someone chooses to run apps from every random stranger on the Internet then theyshould not be surprised that some of those apps do things they didn't want them to do. That shouldn't even be called a Trojan - it needs it own name. 'Tardware is too insensitive. Maybe "surpriseware" or "Programmer's choice app". It seems the people who complain the most about Android security are the most "special".

Re:welcome to the big time (5, Insightful)

swillden (191260) | about 8 months ago | (#46404043)

Android has problems with it's "app store".

RTFA (I know, I know, new here and whatnot):

The title of the article is "F-Secure: Android accounted for 97% of all mobile malware in 2013, but only 0.1% of those were on Google Play".

Essentially all of the Android malware comes from non-Google app stores, or sideloaded APKs. And with respect to the malware that does manage to make it into the Play Store, F-Secure says "the Play Store is most likely to promptly remove nefarious applications, so malware encountered there tends to have a short shelf life.”

Re:welcome to the big time (1)

symbolset (646467) | about 8 months ago | (#46404681)

This is why I wanted to see the story posted. There is no significant risk as long as you use a trustworthy app store. I knew there were people to come to complain that Linux/Android was insecure and they needed a good correcting. Thanks.

Re:welcome to the big time (1)

WaffleMonster (969671) | about 8 months ago | (#46405147)

This is why I wanted to see the story posted. There is no significant risk as long as you use a trustworthy app store.

It is not possible to check every application to see if it is harmless or not. Nobody has those kinds of resources.

knew there were people to come to complain that Linux/Android was insecure and they needed a good correcting. Thanks.

I think it is 100% accurate to say Android is insecure by design in much the same way DOS era Windows file sharing is 100% insecure by design.

Android is intended for a mass market audience of people who know nothing about computers or software threats... Knowing this the designers decided the only access controls would be take it or leave it DEMANDS made by APPLICATIONS. This is why Android is insecure by design... it totally and utterly fails to protect the USER in the most basic rudimentary way possible.

Re:welcome to the big time (1)

Anonymous Coward | about 8 months ago | (#46405155)

0.1 at that scale is actually a pretty big number.

Re:welcome to the big time (0)

Anonymous Coward | about 8 months ago | (#46404913)

Wow lay off the drugs.

Linux has plenty of malware, in the form of entirely self-contained binary executables that rely on nothing. But this is a minority.

The majority of malware for linux servers is in a form that can also affect FreeBSD, Mac OS X, and any other OS that has PHP on. This is of course the "deeply obfuscated rootkit"

But that's not what this article is about. This article is about client-end malware, which is a PEBKAC. No matter how hard we try, the average child is smarter than the average adult when it comes to bypassing security protections designed for their own protection.

As long as Android remains "rootable" , it will be heavily affected by malware. I don't see this ever changing, Android is a lost cause, and nobody cares because the hardware people (eg Samsung) only care about selling hardware, they could care less what you do with it. Likewise the cell phone carriers also don't care what you do with it. Hell they practically encourage malware by not demanding that their devices stay up to date, and the end-user is the one who pays for it with exorbitant data charges.

Want to see malware on mobile devices go away? Don't make the devices so easy to jailbreak/root. The standard distribution on the devices should not have access to the networking hardware of the device unless signed. Like the physical networking parts (802.11 and LTE), should refuse to talk to the operating system without loading signed firmware. Unsigned software should not be permitted to access the networking stack without the device consulting a blacklist/whitelist.

That only solves part of the problem.

The other half of the problem is the same way people play pirated software. Again the main solution to this is by only permitting software downloaded from the App store, but can also be accomplished the same way stuff on *nix servers are verified. That being that the software fingerprint is checked against the "trusted source"

Don't allow untrusted software to run. That's a given. Unfortunately the average end user doesn't know the difference, and when their buddy bobby from across the street tells them there's all this free stuff on the unofficial android store, he neglects to mention how it's all stolen and malware laden.

Re:welcome to the big time (2)

mcl630 (1839996) | about 8 months ago | (#46405191)

On the other hand, Android has problems with "signed code". Yes. That's right. Android has problems with it's "app store". This isn't your grandfather's Windows style malware.

Read TFA:

"Android accounted for 97% of all mobile malware in 2013, but only 0.1% of those were on Google Play"

Re:welcome to the big time (1)

Opportunist (166417) | about 8 months ago | (#46403959)

Security is the minimum of "how secure the system can be" and "how secure the user can be". Not the average of them. The minimum. The most secure system is worthless if a user allows any kind of code to run. Likewise is the best security professional without a chance when facing an inherently insecure system.

The only way to avoid this is to go the Apple way: Simply taking the choice out of the user's hand. You may only run what we deem ok.

There is no "right" or "wrong" in this. If you want to have control over your system, it is your responsibility to keep it secure. If you don't want to deal with it, hand it over to some entity that keeps you safe... or at least claims it does.

Re:welcome to the big time (4, Insightful)

symbolset (646467) | about 8 months ago | (#46404793)

If you can make a computer so simple even an idiot can use it, only an idiot will want to. I like Android's balance with Google play here. Stick with Google Play and you are good to go. Want to adventure? Enable side loading and have at it. Your choice. The complainers appear to be the sort who disable the safety features and then harm themselves, and blame Google for their own screwup.

Android isn't Linux. (0)

Anonymous Coward | about 8 months ago | (#46404037)

Android isn't Linux, it's a Linux distribution. It runs on a Linux kernel and is as much Linux as Debian, Ubuntu and Fedora. But it's not Linux.
The problem isn't really the OS. The problem is the rights the users and publishers are given. If anyone can side-load an app it's easy to get malware since there's no one but the user to verify the source.
I don't believe that restrictions work. People will just root or jailbrake and smaller businesses will have a harder time getting their apps out since they will have to be reviewed before they can get on a device running that OS.
The only proper solution is informing and teaching the end user about how to avoid malicious software.

Not a problem on Android (0, Interesting)

Anonymous Coward | about 8 months ago | (#46404059)

Since everyone says that only stupid people use iPhones, all Android users should have the tech expertise to navigate the malware minefield right? /s

Re:Not a problem on Android (0)

Anonymous Coward | about 8 months ago | (#46404121)

lol. So true. I thought Android was for hardcore techies and yet they're apparently the most naive and clueless users out there.

Re:Not a problem on Android (2)

Bing Tsher E (943915) | about 8 months ago | (#46404307)

Since everyone says that only stupid people use iPhones

No. Everyone does not say that. In fact, a lot of Android users don't really care much one way or the other about iPhones.

Personally, I am disappointed in iOS but I certainly don't care about it enough to consider iOS/Android to be a glorious battle of the righteous. They're just two phone operating systems and I prefer Android. Can't we keep it that simple?

Re:Not a problem on Android (0)

Anonymous Coward | about 8 months ago | (#46405343)

If you use an iPhone, I can see how people might get that impression.

Your red herring has a fatal flaw: 80% market share. When you have most of the people, you will unavoidably get most of the stupid people. Just goes with the territory of being a runaway success. See: Windows.

Also, it helps to have a completely open platform, the apps for which aren't wholly dictated by the OEM... *cough* WALLED GARDEN *cough*... You know, when Apple thinks its users are too stupid to make their own decisions, you really don't have any room to bitch when others come to the same conclusion.

Re:welcome to the big time (2)

msauve (701917) | about 8 months ago | (#46404095)

It's just a matter of how big the target is. Right now, Android is the largest mobile platform, so that's where the malware is directed. It's a crime of opportunity, no different than Windows on the desktop.

It's not proof that Apple's iOS or MacOS or Windows mobile are intrinsically more secure, but that they're smaller targets. How much malware is there directed to FreeBSD or OpenBSD or vxWorks in comparison? Emphasis on comparison - sure, there's malware directed at anything which might be Internet facing, but the more esoteric stuff is more specifically targeted, like Stuxnet.

Re:welcome to the big time (1)

Anonymous Coward | about 8 months ago | (#46405025)

So if popularity is all ther eis to it, explain why apple hasn't been hit with anywhere near as much malware in the years between 2007 and 2010-2012 when they were the dominant smartphone platform? Answer: because popularity isn't the only factor.

Re:welcome to the big time (2)

DNS-and-BIND (461968) | about 8 months ago | (#46404287)

It comes down to: would you rather have Security, or Freedom?

Re:welcome to the big time (0)

Anonymous Coward | about 8 months ago | (#46404575)

The average Joe is not capable of making that decision. Sure, it sucks, but them's the breaks.

Average Joe crashes their car too. So they should not drive either?

It's rather sad that you blame the end user for their ability to exercise their freedom on Android devices. Might as well say "North Korea is Best Korea!".

http://www.ktlit.com/wp-conten... [ktlit.com]

android was never meant to be highly secure (1, Flamebait)

TheGratefulNet (143330) | about 8 months ago | (#46403753)

think of why it exists: it gets google your eyeballs and your time. with that, they are wildly successful.

beyond that, they could give a flying fuck. seriously. they don't exist for user experience, safety, privacy (ha!) or quality. as long as its 'good enough' to keep eyeballs glued there, that's all they care about.

I can't wait for a true '3rd option' (not apple and not android) to come on the market. I don't enjoy or trust either of the two existing choices.

Re:android was never meant to be highly secure (2)

rsborg (111459) | about 8 months ago | (#46403809)

I can't wait for a true '3rd option' (not apple and not android) to come on the market. I don't enjoy or trust either of the two existing choices.

What, WindowsPhone isn't good enough to qualify as that "3rd option"? Seriously, you can still get a blackberry, WinPhone or just a plain ol dumb phone that tethers really well (my TMO plan has free tethering) and run an iPod touch or equivalent.

Re:android was never meant to be highly secure (1)

Vermifax (3687) | about 8 months ago | (#46405303)

What dumb phone provides tethering?

Re:android was never meant to be highly secure (1)

smash (1351) | about 8 months ago | (#46403813)

There's.... Windows :D

Ironically, I would wager Windows mobile is probably the most secure of the mobile platforms at the moment.

Re:android was never meant to be highly secure (4, Funny)

skids (119237) | about 8 months ago | (#46403955)

True, leaving the device powered off permanently in its shrinkwrap on a store shelf does make it rather secure.

Re:android was never meant to be highly secure (1)

rmdingler (1955220) | about 8 months ago | (#46404055)

I'm wondering if he personally contacted all eleven users.

Re:android was never meant to be highly secure (0)

Anonymous Coward | about 8 months ago | (#46404481)

50 million users, dumb basement dwelling mouthbreathing dweeb, atleast update your bullshit. That's way more than desktop Linux.

http://www.ubergizmo.com/2014/... [ubergizmo.com]

Re: android was never meant to be highly secure (0)

Anonymous Coward | about 8 months ago | (#46403859)

>I can't wait for a true '3rd option' (not apple and not android)

With any luck, that option will be Jolla's Sailfish.

Is this like that old study of Linux malware? (0)

Anonymous Coward | about 8 months ago | (#46403781)

Let me guess... they counted the same malware once for each make and model of phone it affected?

Re:Is this like that old study of Linux malware? (3, Informative)

smash (1351) | about 8 months ago | (#46403827)

No. Android security is currently just that bad. For several reasons, not least of which is likely due to the massive number of handsets that are abandoned software-update wise upon release.

Re:Is this like that old study of Linux malware? (2)

esldude (1157749) | about 8 months ago | (#46403881)

Well sort of. If you restrict yourself to Google's Play store for software the rate was .1%. The rest, almost all of it in this case, came from other stores for Android software. Mostly Saudi Arabia and India. So it would be nice if Android were more interested in security, but on the other hand it isn't the huge dramatic result that would warrant the headline. Stay with Google Play and things are pretty safe.

Re:Is this like that old study of Linux malware? (1)

smash (1351) | about 8 months ago | (#46403913)

Isn't the entire selling point of android that you can install software from wherever you like though? This study simply validates apples decision to more strictly control what software is allowed on their devices. For those users who do need to install anything they like, they can still do it without compromising the security of their device by getting a developer certificate.

Re:Is this like that old study of Linux malware? (2)

vux984 (928602) | about 8 months ago | (#46404215)

Isn't the entire selling point of android that you can install software from wherever you like though?

Well, one of several selling points.

This study simply validates apples decision to more strictly control what software is allowed on their devices.

97% of all murders happen in societies that don't put all their citizens in cages. Does that validate the idea that everyone should live in a cage?

For those users who do need to install anything they like, they can still do it without compromising the security of their device by getting a developer certificate.

What about 3rd party software that Apple doesn't allow on its app store from trusted parties? Like... most anything GPL? Should I really need a developer certificate to use a fully vetted repo maintained by the FSF or whatever?

What about, something like the humblebundle, where I can buy a license to a game for any platform its available on... except ios, even its available for ios because: Apple.

Or if steam wanted to include mobile games? Again: Not allowed on apple.

There's a lot of good things out there that Apple's lock in prevents. And no, a developer certificate, and an annual fee for the privilege of not using the apple store all the time is not a solution.

If you don't want to compromise the security of your device, don't do your app shopping in the equivalent of back alleys and asian night markets. And guess what, most android users don't. Nearly all north american android users stick to the default app store(s). And of those that don't, the vast majority of them are still fine -- they are using the humblebundle app in addition to google play for example to load their humble purchases.

Android malware really just affects that group of people who are trying to get pirate copies of paid apps and such on asian app stores... i mean how many warning bells should that set off?!!

And even on android its a small problem... if you have a million iphones and a million androids, and of them 3 iphones have malware, and 97 androids have malware, that's still 97% of malware is on android -- but its still a very minor problem, that only affects people who do REALLY stupid things.

Re:Is this like that old study of Linux malware? (1)

blargster (239820) | about 8 months ago | (#46404331)

And even on android its a small problem... if you have a million iphones and a million androids, and of them 3 iphones have malware, and 97 androids have malware, that's still 97% of malware is on android -- but its still a very minor problem, that only affects people who do REALLY stupid things.

I think you missed the part of the original posting where the 3% of the non-Android malware referred to Symbian. There were no instances of malware on iOS.

Re:Is this like that old study of Linux malware? (0)

Anonymous Coward | about 8 months ago | (#46405035)

Yes, you should get a developer certificate, download the source and compile/sign it yourself.

Re:Is this like that old study of Linux malware? (0)

Anonymous Coward | about 8 months ago | (#46405169)

When you buy a humblebundle that has iOS (or if you buy... from pretty much anyone something on iOS outside the app store) you are sent a redemption key. Nothing evil or different has changed.

As for FSF/GPL. That's a political organization akin to NSA/GunRights. By using such software you are making a political statement that freedumb trumps safety(tm), the vast majority of people around the world don't know freedumb from safety(tm) and that is why we don't let dumb people buy guns. Yet we invite dumb people to jailbreak their devices. It's a good thing that a cell phone can't kill people any easier when jailbroken. At least not yet.

By killing people of course I'm talking about setting the batteries to explode or inducing the charger to electrocute someone who handles it.

Re:Is this like that old study of Linux malware? (0)

Anonymous Coward | about 8 months ago | (#46404239)

"Entire selling point"? I'd like to look at marketing brochures where you read that.

It is a selling point, but given the breadth of current Android user base and breadth of feature sets of current Android devices, I don't think it's anywhere near "entire selling point".

PS: By the way, did you know that the switch to enable third party software installs is off by default? The only difference is you don't need to ask kind masters from Cupertino to give you generous permission to control your own device.

Re:Is this like that old study of Linux malware? (1)

WaffleMonster (969671) | about 8 months ago | (#46405079)

Well sort of. If you restrict yourself to Google's Play store for software the rate was .1%. The rest, almost all of it in this case, came from other stores for Android software. Mostly Saudi Arabia and India. So it would be nice if Android were more interested in security, but on the other hand it isn't the huge dramatic result that would warrant the headline. Stay with Google Play and things are pretty safe.

Trusting security to app store screeners is not a viable solution. Either devices are designed to tolerate the most malicious software possible by default or they end up accounting for 97% of all mobile malware.

Even if there were no platform security vulnerabilities and the system worked 100% as intended I would not expect much to change. The core problem with Android is applications dictate privileges to the user in a take it or leave it manner rather than users having any ability to make decisions based on their interests. Fixing this problem, giving users the power undermines Google revenue streams.

Re: Is this like that old study of Linux malware? (0)

Anonymous Coward | about 8 months ago | (#46404691)

Visited a web site on Android the other day and found a new APK in my downloads related to some fake antivirus app. I suspect a lot of people end up installing these drive bys and get stung.

Suck it, fanboys (-1)

Anonymous Coward | about 8 months ago | (#46403785)

Please, do deliver your rationalizing blurtings.

saw that coming (1, Interesting)

invictusvoyd (3546069) | about 8 months ago | (#46403795)

Not surprised . When will I be able to run a full distro on one of them phones?

Open but not open enough. (0)

Anonymous Coward | about 8 months ago | (#46403803)

Google's abandonment of API's once they are moved into Google Play would have to have no small part in this.

Google Made a Core Mistake with "OPEN" (3, Insightful)

BoRegardless (721219) | about 8 months ago | (#46403871)

It sounds nice in the hacker world, but in the hands of the 'average Joe', an "Open Handset" is an invitation to have your bank account stolen.

Re:Google Made a Core Mistake with "OPEN" (0)

Anonymous Coward | about 8 months ago | (#46404071)

Number of Android phones I've seen customized by the end user because they're open source: 0

Re:Google Made a Core Mistake with "OPEN" (0)

Anonymous Coward | about 8 months ago | (#46404209)

You obviously haven't looked very hard, or more likely, not recognised it when you have seen it.

Never seen a CyanogenModed phone?

Re:Google Made a Core Mistake with "OPEN" (0)

Anonymous Coward | about 8 months ago | (#46404475)

welcome to management, here's a nice gold watch.

Re:Google Made a Core Mistake with "OPEN" (1)

EvilSS (557649) | about 8 months ago | (#46404701)

welcome to management, here's a nice gold watch.

You're obviously an impostor, otherwise you would know that the watches are made from platinum, dolphin leather, and powered by the tears of the poor.

We're number one! (0)

roc97007 (608802) | about 8 months ago | (#46403887)

But seriously, malware tends to target the top player in the market (by numbers). Nothing really to see here.

Re:We're number one! (0)

Anonymous Coward | about 8 months ago | (#46403925)

true. I also find it hard to believe they found "nothing to see" over there.

Re:We're number one! (1)

skids (119237) | about 8 months ago | (#46403987)

Nobody needs to write malware when you're accepting any cert from any server. You can do it all server side.

Re:We're number one! (4, Insightful)

smash (1351) | about 8 months ago | (#46403945)

Then explain the lack of similar quantities of malware for iOS between 2007 and 2012?

Re:We're number one! (3, Funny)

roc97007 (608802) | about 8 months ago | (#46403979)

Obviously, the malware is so well written that nobody has found it yet.

Re:We're number one! (0)

rmdingler (1955220) | about 8 months ago | (#46404133)

Just like the very best counterfeit money.

The Craftsman/Craftstress behind either shenanigan will not be needing to work, then, unless they get nicked.

Re:We're number one! (0)

Waffle Iron (339739) | about 8 months ago | (#46404177)

Then explain the lack of similar quantities of malware for iOS between 2007 and 2012?

It's for the same reason that the murder rate inside Disney World is very low.

Re:We're number one! (1)

Hamsterdan (815291) | about 8 months ago | (#46404479)

I dunno, there are now some Jar-Jar mascots

Re:We're number one! (4, Insightful)

steveha (103154) | about 8 months ago | (#46404397)

explain the lack of similar quantities of malware for iOS between 2007 and 2012?

Because of Apple's "walled garden". The only way to get apps for iOS is from Apple's store, and Apple tries to keep the malware out.

Apple always charges $100 to put an app in the store, so malware has to make at least $100 before it is discovered or the person who put the malware on the store loses money.

The "walled garden" does have advantages.

Personally, I like having a device where I can install anything I want... but I pretty much just get stuff from the Google Play store. If I need an SSH app, and I see one with over 30,000 votes rating it 4 or 5 stars, I'm pretty sure it won't be malware when I download it.

And according to TFA, almost all of the malware was side-loaded. Almost none of the malware came from the Google Play store. Thus, Android gives me the advantage of the walled garden, while still being more free than iOS.

P.S. The reason I went with Android rather than iOS was Apple's policy of no interpreters and no emulators. I wanted Python and games emulators. Apple has since then unbent a bit, but Android has always allowed you to install whatever sorts of apps you prefer.

Thus I am able to install interpreters and emulators, without rooting my phone, and getting them from the Google Play store. Why wouldn't I want this?

Re:We're number one! (1)

Vitriol+Angst (458300) | about 8 months ago | (#46404737)

Is it $100 each time, or is that $100 for the development kit?

Re:We're number one! (1)

Anonymous Coward | about 8 months ago | (#46404401)

Apple already took all your available cash?

Re:We're number one! (1)

Vitriol+Angst (458300) | about 8 months ago | (#46404729)

"You run OS X?"

Yeah, your brother's sister's hairdresser had all this malware -- and of course all those security firms who present dire warnings every week in order to drum up business.

Did "You" actually have malware that effectively exploited your machine? Or are you just here to add balance because you've "heard" rumors? What was the name of this malware -- what did it do? How did it exploit the system?

There are problems and benefits of all kinds of systems -- but what we don't need is people throwing around FUD -- leave that to the experts at Forbes or some computer magazine.

Re:We're number one! (0)

Anonymous Coward | about 8 months ago | (#46404155)

Targeting is one thing but being 97% successful is something else. I mean Android is a fucking sieve apparently.

Re:We're number one! (1)

Bing Tsher E (943915) | about 8 months ago | (#46404339)

So you think the statistic means that any malware publisher will be 97% successful in penetrating any phone running android that they target?

Where were('nt) you educated?

Re:We're number one! (1)

invictusvoyd (3546069) | about 8 months ago | (#46404447)

Anything which comes out of pure commercial interests will eventually perish .. due to bad / "spreadsheet led" decisions . The whole mobile thing going around these days is built around commercial interests unlike the "Linux" thing we had going some years (decades) ago which was primarily academic with some commercial participation . I miss that "old" purist feel .
There is no number one here :(

Re: We're number one! (0)

Anonymous Coward | about 8 months ago | (#46404905)

"Anything which comes out of pure commercial interests will eventually perish ... "

Yeah... like banks, automobiles, and credit cards

Re:We're number one! (0)

Anonymous Coward | about 8 months ago | (#46405013)

Anything which comes out of pure commercial interests will eventually perish .. due to bad / "spreadsheet led" decisions .

Like agriculture? Or Prostitution? or The shipping industry. or Mining?

Yes I see your point.

Android allows users to install apps, news at 11 (0)

Anonymous Coward | about 8 months ago | (#46403891)

This is really only news if they managed to get apps into a reputable app store, in particular Google Play. If they got malware into some chinese android piracy site, that's not news.

Hey look, the second half of the headline, suspiciously omitted covers this: "but only 0.1% of those were on Google Play"

Whichever marketing droid for $AndroidCompetitor who got this slanted summary onto slashdot has earned his money.

android is junk! (-1)

Anonymous Coward | about 8 months ago | (#46403943)

crap crap crap!!

This feels like a distraction... (0)

Anonymous Coward | about 8 months ago | (#46403983)

We've just leaned that an iOS bug has left it wide open for how many years? OSX too...and the patch/hole was just released/announced last week?

Re:This feels like a distraction... (0)

Anonymous Coward | about 8 months ago | (#46404153)

The bug didn't make iOS "wide open" even by a stretch, and it's not years, it's about months - the bug was introduced in iOS 7 and OS X 10.9. It's not present in iOS 6 or OS X 10.8.x.

Simply solution (0)

jgotts (2785) | about 8 months ago | (#46404007)

By default most Android phones (which today means made by Samsung) will not install anything from outside the Google Play store, and in the case of only Samsung phones outside the Google Play store and the Samsung store. Most users do not adjust this setting, so virtually nobody is susceptible to this malware. F-Secure is making mountains out of molehills.

If you don't use a Samsung Android phone, I commend your spirit of adventure. It's not worth the hassle for me. There's where you start becoming susceptible to this type of malware, among other problems.

But don't catch me saying that Samsung phones are the best. They're just what everybody else is using and helping debug so I don't have to.

That kills the developer market. (0)

Anonymous Coward | about 8 months ago | (#46404103)

I remember the hoops I had to go through to run a JavaME program on my own damn Sprint phone. At least Sprint would let you. But it was enough of a pain that I simply gave up on the platform. If you don't have the developers you don't have the apps.

Moral of the story: (5, Insightful)

Johnny Loves Linux (1147635) | about 8 months ago | (#46404027)

Don't install apps from back alleyways:

At the very bottom of the list was Google Play itself, with the lowest percentage of malware in the gathered samples: 0.1 percent. F-Secure also noted that “the Play Store is most likely to promptly remove nefarious applications, so malware encountered there tends to have a short shelf life.” While that’s great news for most Android users, it

Why would anybody shop for apps on their android phone/tablet like a crack addict looking for their next hit is beyond me. Are people really that naive?

Re:Moral of the story: (1)

liwee (3407373) | about 8 months ago | (#46404495)

Don't install apps from back alleyways: ... Are people really that naive?

Not really sure naive is the problem. The habits from using windows is carried over I think. Android is in some ways similar to Windows where you can literally install anything from everywhere. Not saying that Windows does not get malware but Windows at least do get periodic system updates and most people install some sort of anti-virus / anti-malware solution. Both of these seem to be missing in many Android phones.

Re:Moral of the story: (1)

joeflies (529536) | about 8 months ago | (#46405063)

That may be true in the US, but i've heard from friends overseas that other markets prefer their own stores, like a Chinese phone will have a custom rom and local app store, of which the legitimacy of the apps may come into question.

Re:Moral of the story: (0)

Anonymous Coward | about 8 months ago | (#46405209)

First, anyone who loves Linux is a cock-sucking faggot. Second, there are places in the world where Google Play is simply not available on Android Phones. So, fuck you.

This is why I use windows phone (0)

Anonymous Coward | about 8 months ago | (#46404079)

No one uses it so no one cares to exploit.
See, Microsoft is deliberately making their OS crap so there will be less mallware for it.

Left out a key piece of the original headline (5, Insightful)

Kelson (129150) | about 8 months ago | (#46404149)

"...but only 0.1% of those were on Google Play"

So that vast majority is practically all third-party installations (something which isn't even an option on iOS).

Re:Left out a key piece of the original headline (-1)

whisper_jeff (680366) | about 8 months ago | (#46404395)

...(something which isn't even an option on iOS).

Wait. You just acknowledge that the VAST majority of malware comes from sideloaded apps and then make a snide comment about iOS because sideloading malware-laden apps isn't an option.

REALLY??

Only on Slashdot is the inability to load malware-riddled apps on your phone viewed as a negative...

Re:Left out a key piece of the original headline (5, Insightful)

Shados (741919) | about 8 months ago | (#46404497)

The ability is off by default, you have to go pretty deep in the options to turn it on, when you do turn it on, you get all sorts of warning telling you to watch out. And if you do turn it on and do something stupid, you may get malware

That's leagues better than not having the option at all (or to have to use what basically amount to root exploits to enable it), as well as better than having the option on by default for everyone.

There's some collateral damage (the cheap bozos who wants to save 5 bucks and get owned in the process), but its worth it.

Re:Left out a key piece of the original headline (1)

WaffleMonster (969671) | about 8 months ago | (#46405227)

The ability is off by default, you have to go pretty deep in the options to turn it on, when you do turn it on, you get all sorts of warning telling you to watch out. And if you do turn it on and do something stupid, you may get malware

Alright so Joe Smith goes and installs an app requiring access to SMS, dialer, contact lists, phone number, network stack and file system. Most apps ask for everything as a matter of course and no user has any idea why. Seems like more than enough access to fuck over Joe Smith to me... what about you?

http://xkcd.com/1200/ [xkcd.com]

Re:Left out a key piece of the original headline (1)

Anonymous Coward | about 8 months ago | (#46404505)

Logic fail much?

You're saying, basically, "VAST majority of vehicular manslaughter accidents happen outside, but only on Slashdot is the inability to leave your basement and walk in the crosshairs of all those madmen and their wheeled machines of death viewed as negative..."

Re:Left out a key piece of the original headline (1)

aybiss (876862) | about 8 months ago | (#46404561)

Only on Slashdot is the inability to load malware-riddled apps on your phone viewed as a negative...

You must be new here.

Re:Left out a key piece of the original headline (3, Insightful)

danbob999 (2490674) | about 8 months ago | (#46404639)

...(something which isn't even an option on iOS).

Wait. You just acknowledge that the VAST majority of malware comes from sideloaded apps and then make a snide comment about iOS because sideloading malware-laden apps isn't an option.

REALLY??

Only on Slashdot is the inability to load malware-riddled apps on your phone viewed as a negative...

Because it is negative. Just like a car limited to 30 km/h is negative, even if it prevents accidents. You know, with a real car you have the option of staying under 30 km/h if you want to. And with Android you have the walled garden option if you want to. Just don't activate the sideload option. If you are too stupid to activate it and you get malware, you have earned it.

Re:Left out a key piece of the original headline (2)

mdielmann (514750) | about 8 months ago | (#46404699)

Yes, on Slashdot, the majority of users promote the idea of unfettered access to their systems, coupled with education so you know what to do with it. Seems pretty consistent to me.

My kids have android tablets, I pointed out the feature to them, told them not to use it unless they had a good reason to, and to talk to me first. As their education improves, I expect them to ask me less. So far, the only sideloaded app they have is flash player. It's from the adobe site so I don't think it counts as malware - except for being flash. I expect it to be uninstalled once better tools become available to replace it.

Re:Left out a key piece of the original headline (2)

Charliemopps (1157495) | about 8 months ago | (#46404755)

THREATS are not attacks. It's not possible to install sideloads on iOS, that doesn't make it more secure, that makes it suck. It's like saying your house is better because you don't have doors. Fine, it's harder for people to get in. I can lock my doors or I can choose not to, that's up to me. But you don't even have an option. This is the same bullshit walled garden crap that Apples been spewing since the 80s.

Re:Left out a key piece of the original headline (0)

Anonymous Coward | about 8 months ago | (#46405207)

Only on Slashdot is the inability to load malware-riddled apps on your phone viewed as a negative...

Yeah, how dare you be able to run apps not sanctioned by a huge company in their corporate app store!

Because, there could never be any use for something like Adblock Plus or Xposed!

Re:Left out a key piece of the original headline (0)

Anonymous Coward | about 8 months ago | (#46404785)

>something which isn't even an option on iOS
https://cydia.saurik.com/

Fearmongering ... (0)

Anonymous Coward | about 8 months ago | (#46404157)

Fearmongering is central to the business model of all the "antivirus" scam artists.

google play .. (1, Interesting)

invictusvoyd (3546069) | about 8 months ago | (#46404221)

why does an app ( from google play) which just produces fart sounds ( just like 80% of the other apps) want permissions to access my browser bookmarks , call information, data store and what not .

That is beyond my understanding

Re:google play .. (0)

Anonymous Coward | about 8 months ago | (#46404327)

why does an app ( from google play) which just produces fart sounds ( just like 80% of the other apps)

80% of the apps in google play just produce fart sounds? I must be missing something here.

Re:google play .. (0)

Anonymous Coward | about 8 months ago | (#46404501)

oh! There's also angry birds and temple run clones .. which ocaasionally produce fart sounds

Re:google play .. (2)

Max Threshold (540114) | about 8 months ago | (#46404333)

So they can serve you ads.

Makes sense (-1, Offtopic)

rsilvergun (571051) | about 8 months ago | (#46404249)

My kid's 2 year old iPhone runs iOS 6 (albeit without some features). In contrast, my 2 year old Android (an el cheapo, It's been a tough couple years, and I'd rather the kid have a nice phone than me) runs 2.3.3.

Re:Makes sense (1)

jrumney (197329) | about 8 months ago | (#46404649)

So both yours and your kids 2 year old phones are running the previous major version release of their respective operating system (as Android 3.x was never released for phones). What was your point again?

Does Apple Maps count? (1)

dohzer (867770) | about 8 months ago | (#46404773)

Surely the software wasn't that bad without malicious intent.

Is there a android malware scanner for the PC (1)

Trax3001BBS (2368736) | about 8 months ago | (#46404947)

It's possible to download Android apk's at developers sites as well as other places,
be nice to scan them for malware before transferring/installing them to the Android.

An example is AdAway which I assume is safe from malware, you can't download this from play.google.com
https://f-droid.org/repository... [f-droid.org]

I've Googled this query and have gotten no results, figure I'd hit on a geek :}

0.1% of 804? (0)

Anonymous Coward | about 8 months ago | (#46405139)

if 0.1% out of the 804 were on the play store.. Then there was only one app that made it on the play store..

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?