Comments on: Android malware: Threat or FUD?

By: Anonymous

Anonymous — Mon, 21 Nov 2011 18:02:00 +0000

yea, the iphone is a really, really small niche market right now. thanks to droid. with “running custom roms” you sure sound like the average droid phone user. and yea you should consider your self lucky. for now.

By: Guest

Guest — Mon, 21 Nov 2011 17:27:00 +0000

its very interesting that always when the numbers of Google jump up drastically then the reports of malware starts flying out on the internet and Yet there is no proof of infected Android Phones
How can there be malware without infected phones

By: Jacob Singer

Jacob Singer — Mon, 21 Nov 2011 16:56:00 +0000

“proliferate through the system and gather up as
much personal data as possible, transmitting that back to the authors…”Wait, isn’t that Google’s whole purpose for Android to begin with?

By: Johannes Lørup

Johannes Lørup — Mon, 21 Nov 2011 16:09:00 +0000

Yeah, not everyone is smart enough to operate an Android phone. Get a boring apple product instead, will you?

By: Woody

Woody — Mon, 21 Nov 2011 13:52:00 +0000

Android’s entire model is based on data collection by Google to sell to advertisers. Which would imply, by your standards, that every Android phone on the planet is a steaming pile of malware ridden crap. I agree.

By: Nicholas

Nicholas — Mon, 21 Nov 2011 13:28:00 +0000

I’ve been keeping tabs on the newer Android phones, but I have to admit, I am a little wary of the idea of malware disrupting my ad company-developed data mining experience.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 13:00:00 +0000

“very simple basic stuff that people in todays world would be expected to know”

I assume you are referring to the 27 “permissions” that Android apps can request (on a take it leave it basis). Including

Install Packages, Read/modify Gmail, Read phone state and identity, Read logs / Read sensitive logs, Read contact data, write contact data, Make phone calls

which of the above would you accept?

By: Anonymous

Anonymous — Mon, 21 Nov 2011 12:28:00 +0000

But Android apps can get out of the sandbox. They just need to ask user for “permissions” which many ignore and which are confusing even for techies.

By: Woo

Woo — Mon, 21 Nov 2011 12:18:00 +0000

Malware free…my aunt fanny.

“In a study prepared for the NDSS 2011 conference, researchers from the Technical University of Vienna and the University of California, Santa Barbara worked with other universities to analyze 1,400 iPhone and iPad applications to determine the extent of personal data leakage by developers to third parties. The results showed that nearly half of the analyzed applications leaked various forms of sensitive data to third parties.”

So how does it feel to overpay for a worthless product and then lie to have to support it?

By: Holden Monaro

Holden Monaro — Mon, 21 Nov 2011 12:09:00 +0000

i have come to the conclusion that android is not for everybody. sure android has become the number 1 smartphone operating system in the world but it is obvious to me now that some people should not be allowed to buy android based handsets. grandmothers, soccer moms, hermits & iphone users come to mind. the type of people who dont know how to or are even aware they can change their desktop wallpaper or add a widget to a homescreen. very simple basic stuff that people in todays world would be expected to know. i agree now that using android requires the user’s ability to read & understand things & have a bit of sense when downloading stuff.

By: Woody

Woody — Mon, 21 Nov 2011 11:33:00 +0000

When in doubt, blame Apple. Who, incidentally, is virtually malware free.

By: Holden Monaro

Holden Monaro — Mon, 21 Nov 2011 11:25:00 +0000

& this irrefutable proof you have is…..? hmmm thought so. i must be one of the lucky ones, had android for over 2 years now with root on two devices, downloading apps not only from android market but also downloading from third party unapproved sites, running custom roms & never had anything that even looked like a security threat, but then again i run lookout security app. i get the feeling that most of this stuff is circulated by apple fans that dont like the fact that the apple’s iphones are going the way of apple’s computers, a very small, overpriced niche market.

By: member of public

member of public — Mon, 21 Nov 2011 11:16:00 +0000

@author: Looks like you didn’t have any real data to write about but just wrote a p.o.c scareware article anyways? take the time to do some research and post some empirical data to back up your story otherwise find some other job dude!!

By: Woody

Woody — Mon, 21 Nov 2011 10:57:00 +0000

It’s as real as can be. The proof is irrefutable. Fandroids are just in deep, deep, deep denial. Similar to the way they are about fragmentation and the utter lack of adequate, timely bug fixing updates on Android. They’re like “see no evil, speak no exil, hear no evil” monkeys who throw temper tantrums anytime their beloved mobile OS is critcized in any way.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 10:43:00 +0000

google wouldn’t like that. the chrome browser is something you can get rid of. the flavor of droid on your phone you are stuck with. would you like to know how many security holes your phone has? so you can just fix them. you can’t?! oh. well just sit tight. your hardware provider eventually (might) come up with a fix. or you can switch to bare bones droid.

By: Asdf Jkl;

Asdf Jkl; — Mon, 21 Nov 2011 10:39:00 +0000

It’s FUD!

Read: https://plus.google.com/u/0/114765095157367281222/posts/ZqPvFwdDLPv

By: Anonymous

Anonymous — Mon, 21 Nov 2011 10:36:00 +0000

family and friend’s computers. phones. there is a (not so) slight difference. first of all soon there will be way more (not so) smart droid phones out there than there are computers. in a family of 4 there definitely will be 4 (or more) phones wheres not necessarily 4 computers. in a family of 5 or 6 with a few teenagers…. uhh.. i’ll stop there… when all those start calling the mothership than you have a serious problem. not a security problem but a really, really serious problem. the main issue is that this is an (almost) open source os. and while those types of systems make a perfect sense when used on machines controlled by “nerds” and used to serve internet content or solve some awesome math problems, in the hands of johnny and chachi – after being mangled with by samsung and htc and anybody else that think that they know better and add all these cool “enhancements” – they are almost a warfare tool. even microsoft played it safely. they do allow hardware companies to install windows on their collection of chips but don’t allow any of those companies to modify the os. specially not on machines that are sold to “family and friends”. and still you probably have heard about the “bot armies” currently used by “the hackers”. now multiply that by the number of teenagers with the latest cool app off of a chinese droid market.
somebody in the article – some security company “expert” – correctly claims that the “apple app store checking policies” are rather the ones that save the iphone and not necessarily the os. although some people beg to differ. which points to the only currently known solution – the “walled garden”. the way apple does it. add that to the recent adobe rather apologetic announcement about the shitty flash thing on phones. apple should replace that open letter with a short “apology accepted” statement. signed ‘steve’.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 10:34:00 +0000

As I mentioned above the Android “take it or leave it” permissions system is completely broken. Users are effectively given no choice other than avoiding the app store entirely. Android apps have far more control over your device than iOS apps have. Even if the user gave permission, no iOS app would be able to install and run arbitrary code for example.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 10:31:00 +0000

“”In a study prepared for the NDSS 2011 conference, researchers from the Technical University of Vienna and the University of California, Santa Barbara worked with other universities to analyze 1,400 iPhone and iPad applications to determine the extent of personal data leakage by developers to third parties. The results showed that nearly half of the analyzed applications leaked various forms of sensitive data to third parties.”

I would consider a 50% rate of apps data mining to be significant. If you read the report it does not ever give hard numbers. It reads like a sales pitch to the largest segment of the market (Android). Without hard numbers, percentages are meaningless; e.g., an increase from 1 to 5 is a 400% increase.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 10:29:00 +0000

Sand-box. That is all. Read up or shut up.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 10:14:00 +0000

This is more about current threats than older older ones — though with such extensive android fragmentation, all are a concern.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 09:53:00 +0000

Android apps potentially have a lot more permissions than iOS apps including the ability to access phone records, make phone calls, access internet and even install other software. All the developer has to do is click some checkboxes to allow this functionality. The user is told about these permissions but on a “take it or leave” it basis. Users cannot switch off permissions after installation. Most games etc seem to “require” a whole host of irrelevant permissions so even the minortiy of users who actually check permissions unable to distinguish between safe and dangerous apps.

Any OS can be hacked, but with android dodgy devs don’t need to hack, they just select the options they want. Android is insecure by design.

Personally I would not own an Android phone on contract, only on pay as you go.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 09:48:00 +0000

Education is key. Anyone who is stuck fixing family and friend’s computers knows that a simple change in behavior can prevent most problems. Any smartphone user should understand that they need practice due diligence and read app descriptions and comments before downloading. If you read one or two comments on any of these apps then you would know not to touch them. Sure it may take a few days to weed them out of the market, but the freedom is better than having someone you don’t even know (and shouldn’t trust IMO) make the choices for you. People need to take responsibility for their actions.

By: Anonymous

Anonymous — Mon, 21 Nov 2011 09:48:00 +0000

Shouldn’t the focus be more on companies not fixing known vulnerabilities in their phones? There are a lot of Android phones with older versions of Android on them with known vulnerabilities that have already been fixed in newer version of Android. Either the fixes should be backported or the phones upgraded to the latest Android version.

Wont help against malware that you willingly give permission to though. Don’t know how to fix that one since you can’t easily categorize permissions into good or bad ones.

By: Willy Gross

Willy Gross — Mon, 21 Nov 2011 09:42:00 +0000

It’s time for Google to call out the bug hunting season on Android like they do with their Chrome browser!