Android malware up 472% since July, unlikely to slow down - Page 2

kartu · 11-18-2011, 07:12 AM

Quote:

Originally Posted by EowynCarter

Android, iOS, windows, .. You're safe as long as you're careful with what you downloading.

A lot of _known_ exploits do not require you to download anything. God knows how many not yet revealed ones, used by US, Chinese and other governments (and not only) are out there in the wilds.

Andrew H. · 11-18-2011, 11:17 AM

Quote:

Originally Posted by kartu

So essentially you are safe neither with Android nor with iOS, but with the latter you feel "safe", which is actually even more dangerous.

No, you are much safer with iOS. Not perfectly safe, however. (And, really, you're pretty safe on both platforms.)

afv011 · 11-18-2011, 11:41 AM

Quote:

Originally Posted by Andrew H.

... is this malware actually capable of executing on a phone, or is it more theoretical? ...

On a non-rooted phone, you need to watch for permissions like make calls and send sms, as those are the ones that could cost you money - but some common sense should suffice here. If you have a rooted phone, then there is the potential for the app to harm your phone (potentially brick it), but you would have to explicitly grant the app root access when it starts. Rule of thumb, check the permissions of the apps you install and, if they look iffy, don't proceed with the install.

I rather have the "flea market" as others call it than a walled garden; I am a developer myself and I don't want my apps to be held for days or weeks before they get published, or get potentially rejected by unknown or obscure reasons.

HappyMartin · 11-18-2011, 12:33 PM

I hate that thing when apps use your location. It's an invasion of privacy. When I downloaded gps mapping software I refused to let it use my location. Now if I can just figure out where I am...........

clashcityrocker · 01-23-2012, 03:25 AM

This thread saddens me. Some people are REALLY stupid it seems.

1/ Percentage increases are almost always used to create sensationalist news that is otherwise uninteresting.

2/ The App count has grown MUCH bigger than 472%, so the malware "threat" is lower.

3/ It's only a malware threat if you untick the "use non-marketplace apps and ignore the warning". Sideloading apps and not reviewing permission requests for your apps is the REAL problem here.

Prestidigitweeze · 01-23-2012, 04:58 AM

It would be nice if the conversation only involved statistics. Sadly, I don't think it does.

The Android Market is relatively free and open, and while that's good in many ways, we now have to be as careful about what we download to our phones and tablets as we have been with Windows PCs.

Last week, I grabbed a slightly decent skin for Launcher Pro called Galaxy S2 Plus. I was thinking about collecting variables for my UI color scheme at the time and not much else. An hour later, I noticed the top of my desktop and the left side of the alert bar were each taken up with spammed messages about gambling and viagra. I'm afraid to meet the man who would find that useful.

This wasn't a matter of wallpaper animation -- the skin had actually taken over the part of the bar that tells you whether or not you've received messages and was using it as flashing spam ticker tape. It was also registering false alerts every few moments. Since I'd grabbed about ten skins and updated six or seven apps in that one session, it took me a moment to track down the cause and uninstall it.

[Update: I'd originally reported a half-dozen instances of seemingly anonymous SMS spam as possibly being connected to the above issue. Talking with Sprint over the next day led to no callback at first and then the revelation the sender was "probably" a partner of theirs. They pushed an update to me removing CIQ and much of their proprietary software and I've received nothing spamlike since.]

One problem is that, due to Google's proprietary model and the domineering concerns of cellphone providers, we're forced to suffer a plethora of scripts. Google wants you to think its software is free, but in the ad-free sense, it really never has been.

At this point, Android needs effective antivirus software.

I have to agree that iOS and Linux seem the best platforms for avoiding venal complications. If in a year's time you run into me and find I'm carrying an iPhone, this would be the only reason: Comparatively less advertising and malware. None of the platforms are safe, but Apple's walled garden is actually useful in this one way.

I'd love it if we had Linux Mobile as a choice, but then you'd hear about casual users locking themselves out of their own hardware or being unable to reformat because they'd inadvertently password-protected a 700MB partition in their phones' internal memory. Scary thought: Accidental line commands on a touch screen bouncing around in your pocket.

BWinmill · 01-23-2012, 12:44 PM

There is a really simple technique to avoid most of the malware out there: verify that the permissions are reasonable. If a game asks for permission to the "phone state and identity" or "full internet access", it should raise some red flags in your head because it shouldn't need that type of access.

And for what it's worth: Android is Linux. Except that Android is probably more secure because it gives more fine-grained control over permissions. Yet none of that control works if people don't use it.

Prestidigitweeze · 01-23-2012, 10:49 PM

Good point about avoiding malware. When it comes to the Market, I'll admit having been more lazy than diligent.

Still, the issues remain the same and are not merely statistical.

And yes, Android is Linux-based. But so far as I know, its development has been specifically tailored to the kinds of advertising-riddled, user-monitoring tasks that standard Linux has tended to avoid and which the Linux philosophy opposes.

I've been running Debian variants on PCs and laptops for ages and never encountered any of the issues I have with Android. A version that stayed truer to the Debian ideal might not have certain of the problems I mentioned in the earlier post.

I appreciate the fact that the required permissions for an app are listed before it can be downloaded from the market. But warning people before installation about permissions which legitimate Android software also requires is not ideal whether people "make use of it" (i.e., look) or not. And the permissions list of information and installations in standard Linux is completely controllable, whereas unrooted carrier-tweaked commercial Android allows carriers to make a point of withholding control.

Permissions or not, I'd have thought it was time for consumer-targeted anti-viral software from Google. Security programs like Lookout promise that sort of protection already.

Unfortunately, the old desktop wisdom no longer seems practical.

That was before I happened to read this, which echoes what you've said about checking requests for SMS send and receive permissions, phone call permissions, contacts lists permissions and, to a lesser degree, access to one's location. It also explains why conventional virus software isn't entirely effective.

Quote:

Originally Posted by BWinmill

There is a really simple technique to avoid most of the malware out there: verify that the permissions are reasonable. . . .

And for what it's worth: Android is Linux. Except that Android is probably more secure because it gives more fine-grained control over permissions. Yet none of that control works if people don't use it.

Namekuseijin · 01-25-2012, 02:16 PM

Never got virus on Windows, never getting them on Android either.

Stupid users clicking and spreading everything, never bothering with permissions or sources just to get their hands in the latest gimmick, that's the problem and, thankfully, it's not mine.

GreenMonkey · 01-25-2012, 04:46 PM

Quote:

Originally Posted by Namekuseijin

Never got virus on Windows, never getting them on Android either.

Stupid users clicking and spreading everything, never bothering with permissions or sources just to get their hands in the latest gimmick, that's the problem and, thankfully, it's not mine.

You can pick up a virus from a javascript or flash script, especially a day-1 exploit, even from a popular site.

It's not all user-fails (although social engineering is a big part of it).

Prestidigitweeze · 01-26-2012, 12:53 AM

I'll admit to thoughtless behavior when it comes to having downloaded a skin without paying attention to permissions. But the inference that one mistake makes a person inherently stupid suggests that learning itself is unimportant.

You're leaving out people's exposure to exploits on legitimate sites, as GreenMonkey mentioned, and you're certainly leaving out the inexactitude and misfires of touchscreened devices in public situations. But you're also leaving out the fact that certain longtime Windows users, who have only come to own smartphones recently and aren't so much computer-literate as computer habitués -- can have learned the rote ways to avoid catching a virus without recognizing that different routines are required on Android.

I, too, have never gotten a virus on Windows and have always avoided obvious dangers. But my grillfiend has gotten them more than once and it would be a mistake to call her stupid. It's flash exploits we were talking about in the first place, and she's been a full-time web designer for the past ten years. IT people sometimes come to her to solve certain problems.

And in my opinion, the dumbest thing one can do is to angrily dismiss other people as stupid. Patience is a sign of intelligence. I've met hydrocephalic people who dismissed the rest of the world as idiots.

For the latter, I have sympathy. Perhaps some of them are incapable of understanding that bad choices are not a sign of inferiority, and that declarations to the contrary can come off as a display of self-importance.

Or perhaps they are capable of that insight, but the insight is hard-won -- as it seems to be for many of us.

I make a point on these forums of being open about my mistakes. I tend to think I'm not alone in making them, and that someone might either learn from them or feel less self-conscious about making mistakes of their own.

Quote:

Originally Posted by Namekuseijin

Never got virus on Windows, never getting them on Android either.

Stupid users clicking and spreading everything, never bothering with permissions or sources just to get their hands in the latest gimmick, that's the problem and, thankfully, it's not mine.

Giggleton · 01-26-2012, 02:24 AM

The word is a virus.

Meaning DNA/RNA, meaning you are a virus. One man's malware is another's some other kind of ware. Perhaps we should be discussing why some feel the need to create this malware in the first place?

afv011 · 02-02-2012, 05:05 PM

Quote:

The service isn't actually new (it's been around for "a number of months"), and the company says it has already resulted in a 40% decrease in the number of potentially-malicious downloads from the Market.

Source

01-23-2012, 04:58 AM	#21
Prestidigitweeze Fledgling Demagogue Posts: 2,384 Karma: 31132263 Join Date: Feb 2011 Location: White Plains Device: Clara HD; Oasis 2; Aura HD; iPad Air; PRS-350; Galaxy S7.	It would be nice if the conversation only involved statistics. Sadly, I don't think it does. The Android Market is relatively free and open, and while that's good in many ways, we now have to be as careful about what we download to our phones and tablets as we have been with Windows PCs. Last week, I grabbed a slightly decent skin for Launcher Pro called Galaxy S2 Plus. I was thinking about collecting variables for my UI color scheme at the time and not much else. An hour later, I noticed the top of my desktop and the left side of the alert bar were each taken up with spammed messages about gambling and viagra. I'm afraid to meet the man who would find that useful. This wasn't a matter of wallpaper animation -- the skin had actually taken over the part of the bar that tells you whether or not you've received messages and was using it as flashing spam ticker tape. It was also registering false alerts every few moments. Since I'd grabbed about ten skins and updated six or seven apps in that one session, it took me a moment to track down the cause and uninstall it. [Update: I'd originally reported a half-dozen instances of seemingly anonymous SMS spam as possibly being connected to the above issue. Talking with Sprint over the next day led to no callback at first and then the revelation the sender was "probably" a partner of theirs. They pushed an update to me removing CIQ and much of their proprietary software and I've received nothing spamlike since.] One problem is that, due to Google's proprietary model and the domineering concerns of cellphone providers, we're forced to suffer a plethora of scripts. Google wants you to think its software is free, but in the ad-free sense, it really never has been. At this point, Android needs effective antivirus software. I have to agree that iOS and Linux seem the best platforms for avoiding venal complications. If in a year's time you run into me and find I'm carrying an iPhone, this would be the only reason: Comparatively less advertising and malware. None of the platforms are safe, but Apple's walled garden is actually useful in this one way. I'd love it if we had Linux Mobile as a choice, but then you'd hear about casual users locking themselves out of their own hardware or being unable to reformat because they'd inadvertently password-protected a 700MB partition in their phones' internal memory. Scary thought: Accidental line commands on a touch screen bouncing around in your pocket. Last edited by Prestidigitweeze; 01-26-2012 at 01:16 AM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Android Most Targeted Mobile Malware in Q2 2011: McAfee‎	RockdaMan	Android Devices	4	08-25-2011 03:25 PM
The 5 Best Android Phones Under $60 (US Only) - July 2011	RockdaMan	Android Devices	4	07-30-2011 10:44 PM
latest round of Android malware makes it seem like the problem isn't going to go away	RockdaMan	Android Devices	6	06-06-2011 08:05 AM
Android 21 Apps pulled from Android Market - malware	sarah11918	enTourage Archive	6	04-08-2011 11:24 AM
Android malware reported on ZDNET	slayda	Nook Color & Nook Tablet	6	01-02-2011 09:05 PM

11-18-2011, 12:33 PM	#19
HappyMartin Martin Kristiansen Posts: 1,546 Karma: 8480958 Join Date: Aug 2007 Location: Johannesburg Device: Kindle International Ipad 2	I hate that thing when apps use your location. It's an invasion of privacy. When I downloaded gps mapping software I refused to let it use my location. Now if I can just figure out where I am...........

01-23-2012, 03:25 AM	#20
clashcityrocker Member Posts: 12 Karma: 529450 Join Date: Jun 2011 Device: PRS-650	This thread saddens me. Some people are REALLY stupid it seems. 1/ Percentage increases are almost always used to create sensationalist news that is otherwise uninteresting. 2/ The App count has grown MUCH bigger than 472%, so the malware "threat" is lower. 3/ It's only a malware threat if you untick the "use non-marketplace apps and ignore the warning". Sideloading apps and not reviewing permission requests for your apps is the REAL problem here.

01-23-2012, 12:44 PM	#22
BWinmill Nameless Being	There is a really simple technique to avoid most of the malware out there: verify that the permissions are reasonable. If a game asks for permission to the "phone state and identity" or "full internet access", it should raise some red flags in your head because it shouldn't need that type of access. And for what it's worth: Android is Linux. Except that Android is probably more secure because it gives more fine-grained control over permissions. Yet none of that control works if people don't use it.

01-25-2012, 02:16 PM	#24
Namekuseijin affordable chipmunk Posts: 1,290 Karma: 9863855 Join Date: Feb 2011 Location: Brazil Device: Sony XPeria ZL, Kindle Paperwhite	Never got virus on Windows, never getting them on Android either. Stupid users clicking and spreading everything, never bothering with permissions or sources just to get their hands in the latest gimmick, that's the problem and, thankfully, it's not mine.

01-26-2012, 02:24 AM	#27
Giggleton Banned Posts: 1,687 Karma: 4368191 Join Date: Jan 2011 Location: Oregon Device: Kindle3	The word is a virus. Meaning DNA/RNA, meaning you are a virus. One man's malware is another's some other kind of ware. Perhaps we should be discussing why some feel the need to create this malware in the first place?

Advert

Advert