Millions of Android users hit by malicious data theft app - Page 3

Goodbye Mac vs. PC ads. Hello iPhone vs. Droid ad campaign.

"Hi, I'm an iPhone"
"And I'm a Droid"

"Hey Droid, do you have problems with viruses?"
"Well actually, iPhone, I..." [battery dies]

Just had to create an account for this. The hatred here towards android is scary. For the record I own and have owned many products from both sides of this discussion.

I'm currently an Android user, I own an iPad, Macbook and PC and I don't and never will understand what can only be described as the fan boy behavior occurring on this thread.

Lets face it, if it weren't for Android, Apples major rival, there would be very little to no competition, causing the entire mobile market to become almost stagnant. Unless everyone here has very large steaks in AAPL you really should be glad of the competition which drives innovation. Now quit all this silly gloating and respect that both the App store and the Android market place both have their weaknesses and strengths . \

So on Android, we have Google watching, listening, and recording every move we make (presumably this is legal) and now we have a bunch of hackers doing the same (illegally).

Android = Hemorroid.

I like my 'closed' system on the iPhone.

Strange, my Mac is jail broken. I can download what I want on it when I want. Don't really see that as a problem. Apple has implemented adequate protection measures there. Yet, when it comes to the iPhone somehow people are advocating it be totally controlled by Apple and Apple is advocating it can't protect jail broken phones.

I wonder what people will think when Apple starts putting iOS on it's Macs and has them locked down as well. For what it is worth, this could have happened to an app in the app store as well. Recently, Apple removed applications from stealing people's iTunes account information and using it to purchase applications. Further, there was an application that was sold as a spot light application, but really had the hidden talent of allowing tethering.

Well said TBell. Since the dawn of the computing age until the iPhone, it was completely up to the user what software they were allowed to install on there computers. Admittedly the iOS method is very safe, but poses some very strict limitations.

I'd like to pose the question and I'm not being sarcastic here, I genuinely want to see peoples opinions. Why not put iOS or similar on all apple products, from iPod to Macs?

Until Jobs and his minions start believing that apple owners have enough intelligence to change the batteries in their products, Apple and its fanboys should stop bashing any other product, including Android.

How soon we forget about that "great" antenna design on the eyeFone 4.

One thing i don't get. The article mentions that 23% of the iPhone apps incorporated third party code (which may include malicious functions). So why is everybody being so happy while also they are maybe infected (although with a lower chance)?

// posting from a iMac so no mac-hater here

Besides the obvious, I think the lesson here is also ... why the heck is a "wallpaper app" allowed in the Android store or the app store in the first place?

These kind of apps are what people point to when they talk about the "crud" in the Apple app store. They serve no purpose other than directing a user to a private website which can of course be dubious. Apple might have an app with the same problem right now. The malicious code could just as easily be in the website you are connecting to as in the app.

These kind of apps should be web apps at best or banned form the store otherwise. The only difference between this and a "regular" wallpaper app (of which there ate a great number), is that the payload of this one was data mining, whereas the payload of the others is advertising.

Equally nefarious IMO.

Of course we forget non-issues. You think comparing the fact that in a very weak signal area you can make your an iPhone lose a signal by gripping it tightly with a totally unsafe, unsecured eco system? Really?

Is it me, or the text sounds a bit strange?

For example:


So they looked at apps from the market/appstore... I thought those app are 100%... so what are these numbers?!

Second:


This kinda means "Ok, it already happened on iPhone as well"... or am I misunderstanding it?!

Pls enlighten me ;-)

I think that the 23% with the 3rd party code is actually, mostly code for advertising. So if they use Admob for their advertising revenue, it is third party code, and potentially could send data to that third party.

"We are collecting your Credit Card Info for survey purposes"... or better yet: "We are collecting your Credit Card Info to verify you are an adult".

Hey AI... the main article probably needs an update. It looks like Gwydion was right. Feel free to gloat if you must.

The main reason that the people I know used to jailbreak their phones was to activate tethering. That's the reason I did as well. Now that AT&T actively supports tethering it's not an issue for me. I bought an iPhone 4 and have no plans to jailbreak it.

That said, it would be very nice indeed if Apple would support turning the iPhone into a wireless access point instead of just the Bluetooth connection. It would be slightly more convenient for me and invaluable when traveling in groups. And yes, I'm aware that the battery draw would go up significantly. That's not a problem on Amtrak which is where I do 99% of my business travel.

Symantec and McAfee are lovin' it.

The Apple fanboys don't care about that update. They just want something so they can "show those Android fanboys". Just like when the Android fanboys are unrelenting once an apple issue (accurate or not) starts. This site is entertaining because its like a giant nerd-fest of people defending their products like they were personally attacked--although the Apple nerds seem to think they're less nerdy than the Android nerds

They probably scanned the binary files (on the iPhone that would require jailbreaking the device) and looked for linkages. Those would tell you what code was being used. If their statistics are trustworthy it means that 1/4 of iPhone apps use third-party libraries and 1/2 of Android apps do. That only means something if there are malware code libraries floating around that people are using.


So far as anyone is aware there haven't been any actively malevolent applications in the App Store. Some apps in the App Store violated Apple privacy policies, e.g., used your contacts without your knowledge and were pulled.

The points to take away from the story are that Android apps aren't thoroughly "sandboxed". That means the apps on the phone are restricted in terms of what data they can access. On iOS devices apps can't access other apps data and have only limited access to user data. So it wouldn't be possible for an iOS app to access your SIM card unless the app writer found an iOS defect.

The second point is that no one really looks at the apps in the Android market place. Apple actually tries each and every app and rejects those that don't do what they say they do. They also run some automated binary analysis routines looking for red flags. That said, a malware writer could possibly sneak something like this into the App Store. But it wouldn't be able to access the same amount of data that the Android app would and there's a much higher possibility of detection before it gets into the store.

Hello all. After reading the three page discussion that's taken place on this site concerning the app that may/may not have been collecting personal data, I felt compelled to create an account and ask a few questions.

Now I understand that this site is about as Apple-biased as you can get, but come on.. do you guys spend all day just looking for things wrong with Android? Is it an insecurity thing or do you really think iOS is the best thing since sliced bread? Your hatred of all things Android is absolutely ridiculous! I mean, it seems like somebody that worked at Google killed your best friend or something. I don't think there could be any more bitterness and hatred here.

Let me get one thing straight- I love Android. I have used both iOS and Android for enough time to decide which I preferred (I had an iPhone for a few months) and made sure not to knock either before I tried them. I'm almost positive none of the commenters here have done that. I'm sure you/your mom/your grandma bought an iPhone, you used it, and decided that nothing in the world can be better, and that's fine- everybody has their own preferences. But good lord, why is it that all Apple fanboys are so closed-minded? As I previously mentioned, I've used both Android and iOS and I can name strong-points and weak-points of each (including hardware).

Examples- I love the design of the iPhone. From the screen to it's overall look and feel- it's very well designed. Better than most Android phones, for sure. The iPhone keyboard is also better than the stock Android keyboard. It's MUCH easier to type on (perhaps because of the spacing of the keys?). I also like the proximity sensor on the iPhone, as my MyTouch 3g doesn't have one. Some apps are also much better on the App Market when compared to what you find on the Marketplace (Chase bank app, Facebook, etc.).

See? Just because I use and love Android doesn't mean I have to spend all day searching for faults in other OS's. Sure, I love that I can sideload apps onto my phone without having to root it, and I actually prefer the Android Marketplace to the App Store (even though there is a higher chance of there being dangerous apps on it). The way I see it, I would rather be able to decide for myself if something is safe than have somebody else decide for me, and that's exactly what Android lets you do when it tells you what information an app has access to. Don't blame Android because people don't pay attention to warnings. If you see a calculator app is going to have access to your passwords, IMEI, stored passwords, and credit card, you probably shouldn't download it.

Anyways, I'm done. If you get nothing else out of what I said, understand this- just because you're a fanboy doesn't mean you have to hate everybody else. Apple and Android need each other, just face it. The competition is great for everybody, right? So just sit back, stop your hating (unless you've actually used Android and can explain in detail WHY you don't care for it), and enjoy your phone.

Speaking of which: I didn't had any signal loss problems with my Sony-Ericsson X10... nor was Sony-Ericsson even mentioned in the "antennagate" ... so I lived happily ever after ;-)

So, a more open platform has disadvantages (not that something like this can't happen with the Apple model), but that doesn't mean a closed platform doesn't also have disadvantages. It is strange how people can't see that while Apple's closed model has some major advantages, like security, that it doesn't mean it is perfect. It is possible for Apple's closed model to remain secure and yet allow more flexibility.

I don't think it's fair to blame Google for this. People know it's an open marketplace, so it's their responsibility to check out the developer, make sure they're reputable, before installing something. They have to think of their phone as same as a PC in that respect.

But then it means that if a 3rd party app is simply using another 3rd party library (maybe just for decoding a jpeg image), then it's immediately flagged as malicious?!



Android has a sandboxing model as well: by default an application cannot access another application's data (since each app has it's own user id, and the data folders are protected). To access other apps (or system) data, application needs permissions. To make it user-friendly, the user has to accept all permissions at once, when intsalling. IMHO this is still better compared to the old java era when you were asked every time when an app accessed the internet, and then every time when it tried to read the contacts, etc.

So as I see, the problem is the following:
* Android is more open, more flexible: applications can access a wider range of data. But users (including me of course ;-) ) tend to ignore the permission list, they just accept it.
* iOS is more strict, apps can access only a very limited data, hence iOS is more secure.

Question: is the above correct? Is it really the case that an iOS app cannot access the browser history at all? Even if the app supposed to do that (for example if the app is called BrowserHistorySynchronizer?)

If this is the case, then the problem is a matter of preference: does one prefer to live a bit more dangerously but have more functionality in the phone or not.

harmoniousDISCORD

You think this place is bad go to Droidforums.net the Apple Bashing is much worse than the Android discussions I have seen here.

Apple haters have to grab every little detail they can to put down the iPhone.

For me the iPhone works perfectly out of the box.
Both Android and iOS have there benefits.
Since I am moving to Verizon I am looking at the new Droid and learning about how it exist in my environment.

Syncing Outlook with iOS is easy and requires no 3rd party application. From what I have gathered you cant do that with Android out of the box.
I like Motorola as thats all I used before switching to Apple. but they also dont provide functionality in a device they market as an iPhone Killer.

Free Anti-App Virus protection thanks to lockline or norton for everybody..

You can, since Android 2.1

Let your words be sweet and tender. You may have to eat them tomorrow.

It seems someone is already taking advantage of people trying to jailbreak their iPhones. It appears to affect Windows machines. Here is the link regarding the trojan that is disguised as a jail-breaking program.
http://news.softpedia.com/news/iPhon...e-149613.shtml

Beware.

Rofl

harmoniousDISCORD, frankly I think Android fanboys are much worse, speaking from my experience here.

The reason is that they want to claim Android is "open", yet, at the same time, they want to maintain control of Android and not have device manufacturers forking it and creating versions independent of what they want it to be. (Google is nefarious enough without us having to invent even more nefarious scenarios than what they actually do.)

Interestingly, the Chinese have forked Android and replaced the proprietary parts with their own proprietary parts, so that the version of Android that is being implemented their isn't really Android at all, and thus of little or no value to Google.

Yes you are correct. It seems based on the comments I've read that most people don't understand what sandboxing and 3rd party libraries mean. I can't speak for Android, only as an iOS developer.

3rd party libraries include such things as analytics packages and as you say some help frameworks that make life easier. It's possible that such a lib could have malware embedded in it. However...

Sandboxing: People, this means that apps can't see each others data at all. Two sandboxed apps might as well be running on two different phones. On iOS there is no possibility to "Ask for permission" to enable such acces, it just doesn't exist.

The only possibility for malware would be some sophisticated inter-process messaging or exploiting a hole in the APIs from Apple. Writing such malware would be hard to sneak by Apple's analysis tools.

Everything is possible of course, but it's extremely unlikely that this is going to happen. Especially when there are so many other easier to target options available to hackers.

Kua da

I think this makes it evidently clear that Apple's more closed and scrutinized app store model is much better than something so wide open.

What kind of idiot installs a wallpaper app that warns you it will be accessing your personal information?

No Nazi or Adolph Hitler reference - if you're going to go there - go all the way!!

I'm pretty much a SE "fanboi", if you will, but I don't find the X10 to be a compelling phone at all. First of all, there are many users reporting poor battery performance, though there are users saying it's great. It's the uncertainty that I don't like. But absolutely WORST of all reasons not to get an X10 is one of the problems with Android itself. The X10 currently ships with Android 1.6. It's not even 2.1. 2.1 for X10 is "expected" in October of this year. Which probably means it'll ship in February 2011. 2.2 isn't even on the map, and there's no indication whatsoever whether 2.2 or greater version will ever be released for the phone.

There are a good number of high-profile Android apps from major developers that REQUIRE 2.0 or greater. As 2.2 becomes more widely available, there will be many apps that require that version, etc. But your X10 cannot run them.

With iOS, we are guaranteed that the iPhone 4 will be upgraded to every version of iOS 5.x. All iPhone 4s (and iPod Touch 4.0 after it's released) will be upgradable to iOS 5.x, to the last of whatever "x" is before iOS 6.0 is released.

Forget Flash. Android 1.6 can't even run HTML5.

It's unbelievable that a phone that ships TODAY runs a version of Android that was obsolete 9 months ago. Not only that... at the time the X10 was released, Android 2.0 was already almost 6 months old. I don't have to worry about that with iOS. My September, 2009 iPod Touch is working fantastic with full support for iOS 4.0, and can run every single iOS app that doesn't require the camera, telephone or GPS.

Do you think the fanboys here know that they are talking about? No way! The same about editors, especially about Daniel and Prince.

Have anyone of them read about manifest file in android apps and Android security program? Do anyone know that an Android application executes in its own sandbox and have no access to another application data? Do they know that user must look through all permissions he gives the application before it is downloaded?

And I recall about some strange SMS that gives hackers access to user data on iPhone. Is it fixed in iOS 4 ?

IMO this is the one major difference between the application stores. With Apple you are guaranteed that when you install an application it comes from the developer you think it does (because they are all signed). You have no such guarantee with the Android application store.

Apart from that the stores seem similar. Apple give no guarantee that applications vetted for the store are free from malware. There is a surprising number of people that have this false belief that Apple will somehow protect them from the evils of the world where that is simply not the case.

I'm also surprised that AI haven't put an update on the article. At this point there is nothing to indicate any kind of malicious act and everything to indicate that it was not.

Not to say that something wrong hasn't been done here. Personal information (phone number, carrier id and message bank number) was gathered without user consent, but the tracking of user data is a industry concern with a scope that reaches far beyond one Android application.

I think this was the point of the security conference rather than simply calling out one application.

Yep, millions of minions. Who don't have to change batteries because *gasp* the batteries don't need to be replaced! And then they don't have phones that blow apart everytime they're dropped because there's no way to build a slim device that has a battery with decent life AND a secure coverplate to keep it in place. Nearly every touch-screen smartphone is an incremental of the benchmark established by the iPhone. Poor guy. Too much time under the bridge, the sunlight hurts the eyes a bit doesn't it - you need to get out more.

Exactly.


Android = Windows of mobile. Insecure, crappy, bloated.