or Connect
AppleInsider › Forums › Mobile › iPhone › Millions of Android users hit by malicious data theft app
New Posts  All Forums:Forum Nav:

Millions of Android users hit by malicious data theft app - Page 5

post #161 of 211
Quote:
Originally Posted by Firefly7475 View Post

IMO this is the one major difference between the application stores. With Apple you are guaranteed that when you install an application it comes from the developer you think it does (because they are all signed).

Perfect, because all programmers are trustworthy and no one uses disposable email addresses. Completely airtight solution!
post #162 of 211
Quote:
Originally Posted by Gwydion View Post

No, I'm not defending Android vulnerability to spyware, I'm arguing about this specific app and the information that have been reported from the beginning.

If you read the thread, my first post was about the permission that has this application and the impossibility that with it the app collected SMS's, browser history, etc.

The way Android Market works makes it less insecure to spyware but this report, or the way it has been disclosed, make it's very doubtful.

They haven't said who accounted the downloads, Android Market shows downloads in ranges: 0-500, 500-1000, ..., 50.000-250.000 and >250.000

The server in china is the server where wallpapers are located for download, so accessing it is no rogue. They haven't said how send data there.

etc, etc.

That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.
post #163 of 211
Quote:
Originally Posted by Zaim2 View Post

"Android Phone Fans" have received clarification from the company.


"[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the devices phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemails password is also not transmitted unless you included the password in your phones voicemail number field.

Were not yet certain on what the developers intentions are for using the pieces of data it does send to China so we cant outright call it malicious but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyones been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data."

Damn! Facts aren't nearly as much fun as random kvetching. Killjoy!

Meanwhile, we can all rest assured that even without Apple apps letting us know what security risks each app will entail as Android does, everything in the App Store has undergone enough scrutiny to make it completely secure:

Quote:
In its analysis of free apps on the Android and iPhone marketplaces, Lookout found that fewer Android apps are able to access a person's contact list or retrieve location information compared with iPhone apps, while nearly twice as many iPhone apps can access contact data compared with Android.

http://news.cnet.com/8301-27080_3-20...?tag=mncol;txt


Quote:
Study finds 14% of free iPhone apps can snoop contacts

A survey of 300,000 applications for both the iPhone and Android devices found that 14 percent of free App Store software has the ability to access a user's contacts on their iPhone.

This week at the Black Hat conference in Las Vegas, Nev., security research firm Lookout revealed that it analyzed more than 300,000 free applications available on both the iPhone App Store and Android Market.

As noted earlier, the mobile security firm revealed a wallpaper application for Google's Android mobile operating system that allegedly captures a handset's SIM card number, subscriber identification and voicemail password, and reportedly sends it to the website www.imnet.us, owned by someone in Shenzhen, China.

In addition, Lookout also discovered that 14 percent of the surveyed free applications available for Apple's iPhone have the capability to access a user's contact data. That's more than on Android, where 8 percent of tested applications could view the contact list.

http://www.appleinsider.com/articles..._contacts.html


Quote:
Citi Discloses Security Flaw in Its iPhone App

In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved informationincluding account numbers, bill payments and security access codesin a hidden file on users' iPhones. The information may also have been saved to a user's computer if it had been synched with an iPhone.

http://online.wsj.com/article/SB1000...536355324.html


A useful comparison of security models:

Quote:
q. Distribution Medium Security: Apple vets every application that is put on the app store while Googles Market Place is unrestricted. How does this affect you security wise?

a. Approval Process: The biggest myth is that the vetting process is what will save you from malware on app store. IT WONT. The Apple app approval process isnt defined anywhere but in general it just states that it checks for apps to do what they say they will do. But they dont check the source code of the apps and static analysis of binaries can only take you so far (Heck, they have even been inept at catching a whole lot of apps that were using their disallowed private apis which can be found easily using simple tools) . So, anyone actually wanting to write a malware can do it trivially by making the malicious code to run after the app has been approved. The trigger could be time based or could even be done over the web remotely. The app could even have encrypted payloads or download new pieces of code over the web and run them. So, we can safely say that approval process is something that cant make things secure for you that way.

http://tech.shantanugoel.com/2010/06...ty-models.html
post #164 of 211
Far worst than any Antennagate!!
A reputation is not built upon the restful domain of one's comfort zone; it is made out of stalwart exposition of your core beliefs, for all challenges to disprove them as irrelevant hubris.- Berp...
Reply
A reputation is not built upon the restful domain of one's comfort zone; it is made out of stalwart exposition of your core beliefs, for all challenges to disprove them as irrelevant hubris.- Berp...
Reply
post #165 of 211
Quote:
Originally Posted by NasserAE View Post

It saved banking data IN the bank app itself IN the iPhone. Not sending the data to Some hacker in China. Big difference.

You are 1/3 correct. It saved data but it saved that data outside of the app in an unsecured folder on the iPhone device (basically it was lazy developers). Meaning that app (or any other if they knew about this) could access that unsecured folder and get at your banking data.

Also vilifying Android is kind of dumb considering there has been apps that have passed Apple's strict security and compromised user data in the past. Saying it has never and will never happen again on an iDevice is living inside your own walled garden. Have some sense, people. There are millions of Apple devices being used and to think hackers and criminals won't try different things to compromise that data means you are blind to everything Apple.

EDIT: It is better to be a defensive driver than not to be. Apple is just as susceptible as other mobile devices. You should not think otherwise.
post #166 of 211
these things are more likely to happen on Android phones due to the fact that ANDROID and the ENTIRE ANDROID ecosystem is insecure.
post #167 of 211
Quote:
Originally Posted by KennMSr View Post

But the Flashlight App did exactly what it was supposed to do, although thru the back door. I already had two great Flashlight Apps but I did need a tethering App to help me consume my 2GB data plan minutes. I normally use 200-350MB /month so the months I would go over the 250MB would greatly exceed the price difference of the 2GB plan. And there are times when I want (Need) to use my laptop in the wild and this little tool in my toolbox will keep me from running to find a free WiFi hotspot

Yes, it did what it was intended to do. I already said that. As did the wallpaper app.

You seemingly missed the point.

Apple forbids tethering apps from the AppStore, but even with its so-called "walled garden", the app got through. Apple only pulled it when they found out from blogs that the tethering functionality was embedded within the Flashlight app.

Depending on what the wallpaper dev's purposes are in collecting your cellphone data, you can argue that his app does exactly what it was supposed to do too. It's not a great comfort to me that both markets deliver apps that have hidden payloads which deliver functions I'm not signing up for.

The walled garden has a few doors in it apparently.
post #168 of 211
Quote:
Originally Posted by Chopper View Post

The walled garden has a few doors in it apparently.



WAYYYYYYYYYYYYY FEWER than Android's.
post #169 of 211
Quote:
Originally Posted by LewysBlackmore View Post

Now shawnb - one niggling little detail - Apple NEVER claimed to be exhaustively or meticulously examining the code.

Agreed, but it is implied that the App store approval process vastly enhances end-user privacy and security. If Apple isn't exhaustively examining code, I would question whether the "strict vetting process" (per the article) really enhances end-user security. Apple could proactively pull any blatantly obvious malware, but any serious malicious effort would be cleverly hidden.

Google also has the "kill switch" ability to remotely pull malicious apps that were installed via the Android Market, so I don't see any iOS advantage there.

In light of this, I would argue that the only real security difference between iOS and Android is that Android has the *ability* to manually install 3rd party software.

BUT... this is rarely done by the "average" user because it literally requires the same level of technical skill and effort as jailbreaking iOS, and is usually unnecessary (since any legitimate app can be placed in the Market).
post #170 of 211
Quote:
Originally Posted by davesw View Post

these things are more likely to happen on Android phones due to the fact that ANDROID and the ENTIRE ANDROID ecosystem is insecure.

Repeating it a milion times won't make it more true
post #171 of 211
Quote:
Originally Posted by LewysBlackmore View Post

That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.

You won't read those rant from me, I like like iOS but as you have said, "I am content that my phone works precisely the way I desire it to", perhaps with iOS 4 I will return to iPhone.
post #172 of 211
Quote:
Originally Posted by KennMSr View Post

But the Flashlight App did exactly what it was supposed to do, although thru the back door. I already had two great Flashlight Apps but I did need a tethering App to help me consume my 2GB data plan minutes. I normally use 200-350MB /month so the months I would go over the 250MB would greatly exceed the price difference of the 2GB plan. And there are times when I want (Need) to use my laptop in the wild and this little tool in my toolbox will keep me from running to find a free WiFi hotspot

Im not denying that it was necessary its simply an example that things slip through apples fingers. The apps usefulness has nothing to do with it
post #173 of 211
Quote:
Originally Posted by davesw View Post

these things are more likely to happen on Android phones due to the fact that ANDROID and the ENTIRE ANDROID ecosystem is insecure.

Actually, if you examine facts, both platforms have exactly the same number of true security threats -- zero. Well, technically one if you count the user behind the keyboard, which is the most insecure link of either platform.

Arguing Android security reminds me a lot of arguing OS X security. Yes, it could happen. But it has not. If it were so easy, it should be a rampant problem already. Until it becomes a real problem it is FUD, speculation, and much ado about nothing.

I am as worried about my Android phone as my Macs. Actually less, because I have far less personal information on the phone.
post #174 of 211
Quote:
Originally Posted by solipsism View Post

Its interesting, for the past decade weve been hearing that Macs dont get viruses because their marketshare is too small to be a concern.

Yet, Macs had viruses well before Mac OS X was introduced, back when they sold a lot less units and had even less marketshare. That doesnt consider the fact that Mac sales are about double that of the average PC sale which indicates that Mac users may be a better target for thieves due to more disposable income to access.

This completely shatters that pejorative security through obscurity mantra that since Android has less marketshare than iOS devices.

Well, at least Norton has a chance to make some money on smartphones now.




Sure, anything can happen. There are exploits in code and brilliant though unethical coders that find other ingenious ways to circumvent security, but Apple did conceive and implement a foundation that makes this harder.

The objective of a curated platform is place a policy before the very first user gets infected. There will always be a program(s) that will try to circumvent this but putting such a policy will make it bit harder to do.

But, not having a policy and reciting the poem of openness just shows that the company just wants to walk away from investing resources for testing the application & raising flags to the developers. And, the only objective is pull personal data out for it's own profit. The basic question is for any CE company is how much Pro-consumer it is (every single customer matters because it's not an Ad money).
post #175 of 211
Quote:
Originally Posted by solipsism View Post

How do you say that is Mandarin?



Heres an argument that backs up his point.

Andriods Trip of Death to China
post #176 of 211
First page was full of people saying iphone is more secure well here you go:

http://mobile.engadget.com/2010/07/2...bably-sending/

Quote:
Call us jaded, bitter or just downright unlucky, but we've received more new Citi card digits in the past two years than we know what to do with. Every other month or so, some prankster is breaking into some database and compromising some quantity information over at Citi (or at least that's how it seems), and now the frustrations have spilled over into the mobile realm. Citigroup recently fessed up to a security flaw in its iPhone app, and even Apple has joined in encouraging users to upgrade in order to maintain their dignity, identity and sanity. According to reports, just over 117,000 customers were affected, though "the bank doesn't believe any personal data was exposed by the flaw." Of course, if you'd like that to remain the case, we'd suggest you upgrade right away.

IMO this security flaw is more dangerous to the consumer then the android app since it allows anyone to gain access to your credit card number where as the android app just sent limited and trivial information about your phone to some chinese server.

Futher FUD by appleinsider disproved by engadget:

Quote:
Update: We received a note from Jussi Nieminen, who indicated the data fields being retrieved, as reported by VentureBeat, are incorrect. Texting and browser history are apparently not retrieved, but your phone number, phone ID, and voicemail fields are. And, since it's not unheard of for voicemail entries to include a password when setup on a phone, it's possible they could wind up with that too. Also, the popularity of the app was apparently misstated, with actual downloads somewhere south of 250,000

Now stop blowing this out of proportion kthx
post #177 of 211
Quote:
Originally Posted by LewysBlackmore View Post

That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.

Blog entry at lookout showing how and which data is collected and how is send:

http://blog.mylookout.com/2010/07/mo...hat/#more-1380
post #178 of 211
Quote:
Originally Posted by samban View Post

The objective of a curated platform is place a policy before the very first user gets infected. There will always be a program(s) that will try to circumvent this but putting such a policy will make it bit harder to do.

But, not having a policy and reciting the poem of openness just shows that the company just wants to walk away from investing resources for testing the application & raising flags to the developers. And, the only objective is pull personal data out for it's own profit. The basic question is for any CE company is how much Pro-consumer it is (every single customer matters because it's not an Ad money).

Excellent point.


Quote:
Originally Posted by samban View Post

Andriods Trip of Death to China

Ill take the iPhone 4s Death Grip over Androids KungFu Grip.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #179 of 211
Quote:
Originally Posted by Gwydion View Post

Repeating it a milion times won't make it more true

actually it does.
post #180 of 211
Having a hard time understanding what the problem with the app was. Was it that a Chinese guy made some app that required registration, which was pre-filled with info on the phone? Or was this a wallpaper app that secretly grabbed data from the SIM card and sent it over to some guy in China?

If it's the first scenario - well it's not such a big deal. As long as users know that their info is being sent and agree to it, it becomes about social engineering and not malicious software.

If it's the second then I sure hope that Android adopts apple-like stance to pre screening their apps, though I'm not sure how they would save face if they did that.
--SHEFFmachine out
Da Bears!
Reply
--SHEFFmachine out
Da Bears!
Reply
post #181 of 211
Quote:
Originally Posted by notanapplefanboy View Post

Update: We received a note from Jussi Nieminen, who indicated the data fields being retrieved, as reported by VentureBeat, are incorrect. Texting and browser history are apparently not retrieved, but your phone number, phone ID, and voicemail fields are. And, since it's not unheard of for voicemail entries to include a password when setup on a phone, it's possible they could wind up with that too. Also, the popularity of the app was apparently misstated, with actual downloads somewhere south of 250,000

Thanks for the update. No doubt the kind folks at AI will eventually revise their story again to reflect the new information. Perhaps.

I doubt they'll change the headline for it in the news page though.
post #182 of 211
What's the best anti-virus and anti-spyware program for Android? Norton or McAffee?
post #183 of 211
Quote:
Originally Posted by ascii View Post

I don't think it's fair to blame Google for this. People know it's an open marketplace, so it's their responsibility to check out the developer, make sure they're reputable, before installing something. They have to think of their phone as same as a PC in that respect.

I agree, i cant believe theres anyone dumb and lazy enough to download a wallpaper app. Its so easy to make one of your own. I have a Droid and I'm very selective in which apps I download especially knowing its an open market. Just proves that a large portion of the population are idiots.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #184 of 211
Quote:
Originally Posted by gristan View Post

The best way to distribute malware that could exploit the flaw known as CVE-2009 1185 is via Android applications that customers might acquire free or buy from the Android Market. Installing the booby-trapped application would give root control of the device, Lineberry says. "Root is kind of God mode in the context of Linux. Once you have that, you have pretty much any system privilege."

This exploit has to be made from debug bridge with the phone connected to computer. An application can't exploit it.

Quote:
Originally Posted by gristan View Post

Part of the permission system in Android allows applications to tap each other's resources, so an application without permission to access the Internet might have access to an application that does and so use the Internet anyway, the researchers say.


Nop, when an application broadcast an intent to another application, permissions have to be equal for the intent.
post #185 of 211
is this better, or worse than the time (just a few short weeks ago) when itunes / app store accounts were being charged up to $1400 without permission from their owners, or knowledge?

http://thenextweb.com/apple/2010/07/...e-hack-itunes/
http://thenextweb.com/apple/2010/07/...unrelated-fix/

personally, sim card details, voicemail passwords are nothing compared to access my banking details and making transactions without my permission.

i do like apple insider. i like how they point their finger of hatred at apple's competition and tries to label them as incompetent. You know, exactly the same thing apple does. It's not admirable behaviour. Don't do it.

so.. to summarise. Android store, not perfect. iOS store, not perfect. One leaks phone details and some personal details, the other allows your hard earned cash to be unwittingly siphoned from your account.

i know which i'd prefer.

(i have an android phone, and an ipad)
post #186 of 211
Response from the app developer:

Quote:
In my applications I collected some device data, not user data.
I collected the screen size to return more suitable wallpaper for the phone. More and More users emailed me telling that they love my wallpaper apps so much, because that even Background cant well suited the phones screen.
I also collected device id,phone number and subscriber id, it has no relationship with user data.
There are few apps in Android market has the favorites feature. Many users suggest that I should provide the feature so I use the these to identify the device, so they can favorite the wallpapers more conveniently, and resume his favorites after system resetting or changing the phone.
I am just an Android developer, I love wallpapers and I use different wallpaper every day. All I want is to make the greatest Android apps.
I am wondering why the the ceo of Lookout or the Author of venturebeat.com attacks me and make irresponsible points.

http://www.scribd.com/mobile/documents/35072457
post #187 of 211
Quote:
Originally Posted by shao View Post

is this better, or worse than the time (just a few short weeks ago) when itunes / app store accounts were being charged up to $1400 without permission from their owners, or knowledge?

http://thenextweb.com/apple/2010/07/...e-hack-itunes/
http://thenextweb.com/apple/2010/07/...unrelated-fix/

personally, sim card details, voicemail passwords are nothing compared to access my banking details and making transactions without my permission.

i do like apple insider. i like how they point their finger of hatred at apple's competition and tries to label them as incompetent. You know, exactly the same thing apple does. It's not admirable behaviour. Don't do it.

so.. to summarise. Android store, not perfect. iOS store, not perfect. One leaks phone details and some personal details, the other allows your hard earned cash to be unwittingly siphoned from your account.

i know which i'd prefer.

+1 Insightful

Those who keep parroting Jobs' line about curated stores being inherently more secure just have their heads in the sand. The reason for the curated store is just to put Apple in the central role of collecting a tax on every app sold. Any other explanation for it is merely rationalization.
post #188 of 211
This story is BS, the app doesn't even ask for the permissions required to attain the information that is allegedly being leaked.
[ Follow up article ]

Quote:
Originally Posted by AppleInsider View Post

An app distributed by Google's Android Market has collected private data from millions of users and forwarded it to servers China, validating Apple's uniquely strong stance on mobile security in the iPhone App Store.

The exploit, tied to an app that appeared to simply load free custom background wallpapers, was downloaded "anywhere from 1.1 million to 4.6 million times. The exact number isnt known because the Android Market doesnt offer precise data," according to a report by Dean Takahashi of VentureBeat.

The app "collects a users browsing history, text messages, your phones SIM card number, subscriber identification, and even your voice mail password. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China," the report noted (see the update by Lookout below).

The data upload was only discovered afterward, through forensics performed by mobile security firm named Lookout which sells virus and malware protection software for Android, Windows Mobile and BlackBerry devices. The problem was announced at the Black Hat security conference being held in Las Vegas.

(Update: Lookout has clarified in followup comments with AppleInsider that the intent of their "App Genome Project" research was to "identify security threats in the wild and provide insight into how applications are accessing personal data and other phone resources."

The group noted that the Android wallpaper app was "not proven to be malicious," but that the app does "ask the user for specific information around the phone details and that information is transferred to a server [in China]."

Correcting the original VentureBeat story, Lookout stated that "the apps from these developers send several pieces of sensitive data to a server, including a devices phone number, subscriber identifier, and currently programmed voicemail number. The applications we analyzed did not access a devices SMS messages, browsing history, or voicemail password (unless a user manually programmed the voicemail number on the device to include the voicemail password)."

Lookout also reiterated there is "no proof of malicious intent and in the past apps have been a bit overzealous in getting access to sensitive data with no ill intent." Lookout compared the Android wallpaper app copying local data to a Chinese server with a recent App Store title that purported to be a flashlight app while actually including a hidden SOCKS proxy that could be used for tethering.

Lookout added that it hasn't "yet" published a report detailing the Android wallpaper app, suggesting that it is continuing to look at the situation.)

Mobile data theft on the increase

The issue recalls a recent AT&T website leak that could hypothetically have enabled a malicious hacker to access 144 thousand of iPad 3G user's email addresses.

However, the Android app data theft was actually perpetrated by malicious hackers and not just demonstrated by researchers; it involves far more sensitive data; and affected far more victims--by more than an order of magnitude.

iOS vs Android in app security

Apps on any platform can access personal data and forward that data to an external server, but the Lookout research found that 47 percent of the selection of Android apps it looked at incorporated third party code (which may include malicious functions), while only 23 percent of analyzed iPhone apps did.

Apple also approves iOS apps through a strict vetting process before listing them in the App Store, while Google's Android Market app security involves simply warning the user that an app needs permissions to perform certain functions during the install.

Unlike other mobile platforms secured by Lookout, Apple's iOS platform doesn't have a live virus problem because third party iPhone apps can only be distributed through Apple's curated App Store, and apps are forced to run in a segregated sandbox environment where they can't infect the system. That doesn't necessarily mean iOS apps can't forward user data inappropriately however; Apple has discovered and pulled apps that have violated its privacy policies.

Apps must also be signed by a certificate created by Apple, which makes it much harder for malicious developers to anonymously distribute software designed to cause problems or steal data. Apple's security measures also make such efforts less attractive financially, despite the iOS platform's installed base being much larger than Android's.

Exploitable vulnerabilities in the iOS platform have been reported elsewhere, including the Safari browser, but crafting a malicious attack via the browser requires luring users to a malicious site rather than simply distributing a bad app that appears to be useful and genuine.

Lookout chief executive John Hering said in the report that "he believes both Google and Apple are on top of policing their app stores, particularly when there are known malware problems with apps," but the report noted it's "unclear what happens" when apps don't actually do what they represent.
post #189 of 211
post #190 of 211
Quote:
Originally Posted by davesw View Post

these things are more likely to happen on Android phones due to the fact that ANDROID and the ENTIRE ANDROID ecosystem is insecure.

I just love ludicrous propagandists spamming ignorant and debunked FUD. I really fail to see the rational behind it, but I am not an expert in psychological troubles.
post #191 of 211
Quote:
Originally Posted by shawnb View Post

Actually, if you examine facts, both platforms have exactly the same number of true security threats -- zero. Well, technically one if you count the user behind the keyboard, which is the most insecure link of either platform..

So sending all your personal information to China is not a security threat? It's really funny how the Android fans will accept anything as long as it's 'open'.

Quote:
Originally Posted by dasanman69 View Post

I agree, i cant believe theres anyone dumb and lazy enough to download a wallpaper app. Its so easy to make one of your own. I have a Droid and I'm very selective in which apps I download especially knowing its an open market. Just proves that a large portion of the population are idiots.

So it's the user's fault for not being a 'leet' whizkid? It's OK to have an insecure system with apps that steal your personal information and send it to China because the really leet users know to do an extensive search on any application before installing it - because it can cause so much damage.

Doesn't that simply prove what iPhone users have been saying all along? Android devices are a pia.

Quote:
Originally Posted by shao View Post

is this better, or worse than the time (just a few short weeks ago) when itunes / app store accounts were being charged up to $1400 without permission from their owners, or knowledge?

http://thenextweb.com/apple/2010/07/...e-hack-itunes/
http://thenextweb.com/apple/2010/07/...unrelated-fix/

personally, sim card details, voicemail passwords are nothing compared to access my banking details and making transactions without my permission.

i do like apple insider. i like how they point their finger of hatred at apple's competition and tries to label them as incompetent. You know, exactly the same thing apple does. It's not admirable behaviour. Don't do it.

so.. to summarise. Android store, not perfect. iOS store, not perfect. One leaks phone details and some personal details, the other allows your hard earned cash to be unwittingly siphoned from your account.

i know which i'd prefer.

(i have an android phone, and an ipad)

You're ignoring, of course, the fact that the issues are entirely unrelated. The one your citing is people who had their passwords stolen and misused. Now, Apple could require more secure passwords, but beyond that, there's nothing anyone can do. A user gives someone their password and that someone uses it maliciously. It's not a flaw in the system (and certainly not a flaw in iOS since it had absolutely nothing to do with iOS).

OTOH, you have the Android flaws being discussed here where the users's personal information is being sent to China without permission.

Surely even an Android fanboy can see the difference, no?

Quote:
Originally Posted by mastermind777 View Post

I'll just leave this here...

http://www.androidtapp.com/android-w...user-data-fud/

ROTFLMAO. Whining self-defense. Basically, he says it's OK for the app to send your personal information to China because other apps do it, too.

Oh, and I love the part about needing 8 permissions to run a wallpaper app.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #192 of 211
Quote:
So sending all your personal information to China is not a security threat?

All your personal information? Even for you, that's extreme Android-hatred running amok. You apparently have left any sense of reality behind in your paranoia. Show even a single piece of evidence that "all" of anybody's personal information was sent to China. You can't? You're exaggerating in order to irrationally attack Android for some reason too weird to imagine? Why am I surprised?

Quote:
So it's the user's fault for not being a 'leet' whizkid?

'Leet' is a pathetic strawman. How about every user takes some responsibility for providing their personal info to anybody?

Quote:
Now, Apple could require more secure passwords, but beyond that, there's nothing anyone can do.

What a pity you don't hold Apple to the standards you apparently expect from Apple's competitors. That's known as hypocrisy. You practise it like an expert.

Quote:
OTOH, you have the Android flaws being discussed here where the users's personal information is being sent to China without permission.

Flaw? Intentional mining of data, as apps on the AppStore are also able to do, and actually do, is hardly a flaw.

Surely even an Apple fanboy can understand those simple concepts, no?

Quote:
Basically, he says it's OK for the app to send your personal information to China because other apps do it, too.

Just like AppStore devs do. But you're right that neither platform's devs should collect and disseminate personal data without express permission. And I'll have some respect for your position when I see you castigating Apple here on this forum for permitting its devs to do that.

I won't be holding my breath.
post #193 of 211
As the smoke clears on this whole debacle one has to wonder if those left with egg on their face for jumping to conclusions and not checking facts are at all embarrassed?

It seems at least AI was at least decent enough to acknowledge the facts in an update of the original article. One wonders if certain forum users will show the same decency? I assume not.
post #194 of 211
Quote:
Originally Posted by Chopper View Post

Just like AppStore devs do. But you're right that neither platform's devs should collect and disseminate personal data without express permission. And I'll have some respect for your position when I see you castigating Apple here on this forum for permitting its devs to do that.

Really? Please name the Apple AppStore apps which have sent the same information to China for millions of users as this wallpaper app. It's easy for you to lie and pretend things, now try to prove it.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #195 of 211
Quote:
Originally Posted by jragosta View Post

Really? Please name the Apple AppStore apps which have sent the same information to China for millions of users as this wallpaper app. It's easy for you to lie and pretend things, now try to prove it.


http://www.macworld.com/article/1437...n_numbers.html

http://i-phone-home.blogspot.com/sea...l%20of%20Shame
post #196 of 211
Quote:
Originally Posted by solipsism View Post

Its interesting, for the past decade weve been hearing that Macs dont get viruses because their marketshare is too small to be a concern.

Yet, Macs had viruses well before Mac OS X was introduced, back when they sold a lot less units and had even less marketshare. That doesnt consider the fact that Mac sales are about double that of the average PC sale which indicates that Mac users may be a better target for thieves due to more disposable income to access.

This completely shatters that pejorative security through obscurity mantra that since Android has less marketshare than iOS devices.

Well, at least Norton has a chance to make some money on smartphones now.




Sure, anything can happen. There are exploits in code and brilliant though unethical coders that find other ingenious ways to circumvent security, but Apple did conceive and implement a foundation that makes this harder.

Oh im sorry did you mean to make sense?

Ok well, lets see.

Windows still commands around 89% installed user base. Its about getting to a vast audience, not about money. Its about doing damage to as many as possible.

The fact that Macs even HAVE viruses completely destroys YOUR argument! Only having roughly 10% marketshare is very much a big reason why we dont see very many viruses on macs.
post #197 of 211
Quote:
Originally Posted by nvidia2008 View Post

Love to see the fandroids response to this...

"Serious" users don't use fancy wallpapers by others on their smartphones. It's not a toy.


The info in that article is extremely sketchy, vague, unspecific, and deniable. And the author and editor have managed to totally avoid using the name of the suspect app in an 848 word article! Amazing, isn't it?

I don't trust this "news". At all.

Before anything else this article looks designed to incite distrust towards Android without any hard, checkable facts (to avoid future litigation?). So I suspect this comes from the iPhone camp, who, unsurprisingly and quite correctly, see the onslaught of Android – at the expense of iOS – as a direct threat. Because it is.
post #198 of 211
Quote:
Originally Posted by ericblr View Post

Oh im sorry did you mean to make sense?

Ok well, lets see.

Windows still commands around 89% installed user base. Its about getting to a vast audience, not about money. Its about doing damage to as many as possible.

The fact that Macs even HAVE viruses completely destroys YOUR argument! Only having roughly 10% marketshare is very much a big reason why we dont see very many viruses on macs.

FACT: Mac OS has more marketshare than in the 90s yet it has less viruses.

FACT: Macs many times more units than they sold in the 90s yet have less viruses.

That blows your "security through obscurity" argument out the Windows, but if you want to live in your dream bubble then go right ahead, reality isnt for everyone.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #199 of 211
Quote:
Originally Posted by solipsism View Post

FACT: Mac OS has more marketshare than in the 90s yet it has less viruses.

FACT: Macs many times more units than they sold in the 90s yet have less viruses.

That blows your "security through obscurity" argument out the Windows, but if you want to live in your dream bubble then go right ahead, reality isnt for everyone.

I don't feel like getting involved in fanboyish arguments, but since when does an increased market share and number of units mean that the overall ratio has increased? When the Macintosh first launched, it didn't have much competition, but when Microsoft eventually became the standard, dominant OS in the market, malware developers moved to Windows to tap into the larger user base. If Macs became widely used, a.k.a. greater than 7% versus 90%, then malware coders would have a greater incentive to target Macs.

Macs are still pretty obscure right now, so there's hardly any reason for anyone to target a small 7% of the market when they can go for a more lucrative 90%.
post #200 of 211
Quote:
Originally Posted by mastermind777 View Post

I don't feel like getting involved in fanboyish arguments, but since when does an increased market share and number of units mean that the overall ratio has increased? When the Macintosh first launched, it didn't have much competition, but when Microsoft eventually became the standard, dominant OS in the market, malware developers moved to Windows to tap into the larger user base. If Macs became widely used, a.k.a. greater than 7% versus 90%, then malware coders would have a greater incentive to target Macs.

Macs are still pretty obscure right now, so there's hardly any reason for anyone to target a small 7% of the market when they can go for a more lucrative 90%.

And you ignore the time when Apple was nearly bankrupt, had less much less marketshare, a fraction of the yearly sales, and were much more obscure with mostly only ever seeing Macs in some dusty, dilapidated corner of a computer store (if lucky) yet had more viruses presents prior to Mac OS X.

When Mac OS X was out a couple years the argument was that it hasnt been on the market long enough, but its been over 8 years, or is that not enough time to write viruses for Mac OS X? Where is there 7% of the viruses? Where is the accountability for Macs costing double the average the non-Mac PC or that targeting cheap $400 machines to steal personal data would typically yield worse results than hacking a machine from a buyer willing to plop down a couple grand for a machine.

The argument is foolish that Macs are obscure. Even now we have viruses for phones. Its the nature of things. When your business mode is to create a platform any manufacturer can use and are required to support legacy code much longer than is necessary because of said business model it makes proactive safeguarding considerably more difficult, if not impossible. As a result Android is much more susceptible to more malicious attacks than WebOS, iOS, WP7 or BB OS. Its the nature of things. The more you spread your kingdom the less overall fortified it becomes.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Millions of Android users hit by malicious data theft app