Google's Android Market web store opens new malware threat - Page 2

The reason it's an issue is because on any given day a good chunk of the news on APPLEInsider is about Android and some "flaw" or how it's "Inferior" to iOS in some way. Often the articles posted contain quite a bit of FUD and when corrections come out, the original article is never updated (and by corrections, I mean from official sources, not in comments).

If you want to post a comparison piece every once and awhile that's fine, but this sites tendency to jump on ANY Android story they can spin negatively speaks of something else entirely. Namely Click-Bait and pointless trolling. And don't point to Android forums as a comparison. Forums are fanboy/fandroid heaven, that's a given. But AppleInsider tries passing itself off as a news site about everything apple related.

Tell me, how is this "security flaw" Apple related? And why not, for a point of comparison, list the tens of thousands of dollars stolen from customers via their iTunes accounts?

And anything by DED isn't a good read. He has no clue about anything outside of Apple and (possibly) ATT. He's good at those things, he should stick to it. We get that he liked iOS, he's entitled to it. But if I wanted to read the entitled rantings of a pompous ass I would just read BGR's editorials.

Let's look at the above issue. in order for this to be a threat:
1- The hacker would have to upload malicious code to the google market. This is theoretically possible, but this code often gets reported rather quickly, and no one has done this yet. Google has the Kill Switch for this reason
2- He would have to hack your Gmail account. If someone has your account, there's more to be freaked out about than getting some apps on your phone.
3- He would have to install the app to your phone. Which would mean manual input unless he programmed a bot to work with Google's setup.
4- The user would have to be an idiot not to see the "app installed" notification with an app he doesn't recognize.
5- Idiot user would have to manually select to RUN the app from their phone. Aka: "Some app just installed itself on my phone and I have no idea what it does, let's open it and see what it's about"

This isn't a "now someone can hack your phone by hacking your gmail" threat, this still requires significant end user interaction, and has so many what ifs in it as to be "largely" a non issue.

And I can guess from all the trolls it brings out of the woodwork...... great stuff from DED!

Can you provide a couple of examples of such 'official corrections' that counter AI 'FUD'? Not disagreeing as much as asking you to back up your sweeping claim.

So its a PEBKAC issue, one that existed regardless of the web browser setup or not.


Still haven't proved that apps auto run upon install.


You can't fix stupid.


Yep, except this time it takes minutes and not hours.

Right. Mr. DED is the biggest hypocrite of them all. When apple whines about people stealing their ideas, its righteous vengeance. When anyone else does it, they are cry babies.

First of all, its uninformed people like you that make apple fanboys look bad. All phones on Verizon update incredibly fast and Sprint updated the Evo incredibly fast. Chances are, if you get an android phone on the same or on a higher caliber than the iphone, it will be updated fairly quickly. In addition, a simple root and flashing of CyanogenMod will increase any Android phone's performance quite a bit as well as update it to the latest version. For example, Android Gingerbread came out mid december. CyanogenMod with gingerbread came out a week later. While this is not as fast as iphone updates, it really is not that much of an issue. Also, android updates come out faster.

This article is pure FUD. Android's sandboxed VM model keep applications isolated. With regard to user data protection, like mentioned earlier on, the notification bar tells you than an application was installed and unless you requested the install, common sense dictates that you remove it. This is similar to running a trojan application on the Mac. If common sense fails on the part of the user, nothing can be done about it. I personally like the over the air install feature of the Android Market. It is more convenient than plugging in the iPod / iPhone / iPad if you want to browse and install apps using iTunes on the Desktop.

On a unrelated note, Cyanogen requires that you root your phone and void the warranties. To state that you get regular updates once you use Cyanogen just to put things on par with Apple is stupid. I do agree with performance improvement due to Cyanogen.

All anyone has to do is read an Android blog to see all the bitter complaints about all the recent-vintage phones that either won't or can't be upgraded. Motorola's latest Android phone, for example. And here are a few words about Verizon's "fast" updates. There are much bigger complaints out there, though, for anyone who cares to poke around.

Took about 30 seconds to factcheck Sonelone's statement, which isn't even close to being true. Not. Even. Close.

Do a search for ANY "security risk" article AI has run. the biggest ones being about the wallpaper app stealing your data. These were all big press releases that swept through sites like AI and others and then (often within 48 hours) the whole thing amounted to little less than fluff and clickbait.

Or this:
http://www.appleinsider.com/articles..._variants.html

which is a clickbait to imply that Google's counting these other OS's as android activations. When in fact it's third party organizations that are doing so (which the article explains, but the title was intentionally worded to hint otherwise) Something like this should be reported, but to point out that the numbers making their rounds now were including phones that Google doesn't count as android.

Or the Samsung return rate article:
http://www.appleinsider.com/articles...ad_just_2.html

Samsung updated with official numbers. On top of that, that article posted from a SINGLE ipad source (Verizon corp stores).

And others. A site for Apple related news is one thing. A site that uses it's platform to sling mud at competitors via shoddy journalism is another thing entirely.

The Droid took awhile to get 2.1, but it was already on 2.0, and on top of that it was still one of the quickest devices to get 2.1. It was one of the first handful to get 2.2 as well. Alpha's for Gingerbread on the Dx and D2 already exist, and they do for the Evo as well (and by extension the Dinc)

In fact, on the current Verizon android lineup, there is only three phones that arn't 2.2 (and they're all 2.1) and all three have very good reasons. The Citrus is a POS for idiots who demand free and the continuum/fascinate are samsung.

If you think samsung will update ANYTHING you're fooling yourself. Heck, I got a samsung Blu-Ray for black friday and it already is out of date with some apps. That's a manufacturer problem.

As for that other link about Motorola's upgrade path, Alpha (official) builds for Gingerbread on the DX already exist, so that article, like DED's, is Fud.

It only took general knowledge of the android platform to factcheck your statements, which arn't even close to being true. Not. Even. Close.

These are actually poor examples of a sweeping claim of AI 'FUD' on your part.

The first story, by your own admission, was reported by many outlets (i.e., not just by AI) and you also agree that the article itself explains that. Perhaps the headline was a tad overblown, but that's hardly FUD. Even mainstream papers sometimes adopt that technique. AI is not NPR, it's an Apple fan site.

Re. the second story, I missed Samsung's update with the official numbers for Galaxy Tab returns -- can you please point to a link or cite?

http://www.slashgear.com/samsung-gal...er-2-03130575/ This is the first of many articles on it. I read it originally on AndroidCentral but BGR and Engadget (two who reported initial story) both posted the update.

and I'm not going to dig through AI's articles to point out the fud. I've been reading this site off and on since I was in college and I've watched it's descent from a decent news source to clickbait.

Any article about android + security invariably has fud in it. In fact, most Android related articles intentionally misconstrue information to try and make a point. I understand that this is an apple site, so it has to take a pro-apple spin to articles, but that doesn't mean they're required to post on EVERYTHING android supposedly messes up on. I have yet to read a popular Android/WindowsPhone/Palm blog that does the same about iOS.

And misleading article titles are FUD because they're clickbait. They exist purely to pull traffic to the site with a misleading title so that AI can collect the Adwords revenue. The fact that printmedia does the same thing doesn't justify the practice.

Print media also often understands next to nothing about tech, that doesn't mean tech blogs can be idiots as well.

Everytime a DED article runs he still posts the old information.

His article headline about a CEO trashing android was also flame bait.

TL;DR:

If your password is compromised, you're in trouble. Same is true for iTunes store. imagine waking up and finding out you've purchased the entire Beatles back catalogue.

No amount of security can compensate for carelessness.

You are right about this. I followed up on the links, and Samsung does, indeed, say that it's 2% returns (not sure if that's that point of sale, but that's OK). Also, in its IR presentation of results from the most recent quarter, the slides talk about 'strong sales' Samsung Android products (which presumably includes the Tab).

They could easily clear up much of this if they would simply report the numbers for units sold versus shipped for the Tab. Unfortunately, the coyness on their part simply feeds misinformation and speculation.

Most hardware companies report units sold. Why? Because that's the ONLY number that matters. Once someone, ANYONE buys their product, even if it's best buy, they get paid. If best buy sells them or doesn't, it doesn't matter.

The misinformation comes from two-bit journalists who'd rather misquote to get a better headline (not saying AI here specifically, WSJ and others do as well) instead of spend a bit of time clarifying before they go to print.

Okay kids.
First off, as many have mentioned... if my Google password was compromised then I have bigger problems.

Second, any time you 'remote install' an app it pops up in your notification bar.
You cannot hide this....

Third... now you have this 'malware' on your device.
You have to actually run it for it to do anything.
Now, the user CAN simply touch it on their notification bar and it will run.

Fourth, Google has been known to remote wipe stuff that sneaks into the market.
It's likely this will get nuked pretty quickly but there will be collateral damage...
(not that I approve of Google's remote app wipe feature..)

Last but not least.. why would anyone read too much into FUD from a security company that has a sole purpose of spreading said FUD (Fear, Uncertainty, and Doubt) in order to sell it's AV products?

Simply put it's not as 'simple' as they put forth.
The guys that wrote this clearly have never used an Android deice, and never used this market feature either.
The only way your going to get something installed on the deice without the user knowing it is to swipe it, install the app and put it back before it's discovered missing.
The same goes for an iPhone, BlackBerry or any other device.

Now stop this Android vs. iPhone dribble.
They both have their flaws and strengths.
Be secure in your purchase!
It's getting old now.

+1000

Readers on this forum seem completely oblivious to the fantastic innovations google has made on the mobile front. So much so that apple cry babies resort to name calling and cheap insults.

Googles innovations are good for everyone. Wireless tethering comes immediately to mind, originally found on the nexus one. Only today apple users are finally receiving such benefit, and what a great benefit indeed.

I think there is some jealousy here that uncharacteristically, google has made something more user friendly than the iTunes store, heaven forbid. Anywhere I go, I can browse apps from a computer, using googles propriety search technology, to find apps i want, and to seamlessly send them to my phone. And how impressive and seamless it is.

The comments regarding security here are frankly stupid. If any user is dumb enough to let someone get hold of that password, or any password for that matter, are just asking for bad things to happen to them. For the record your password is asked for again during the purchasing phase in case you have saved it previsouly. The security alone is enough.

And at least purchases on android can be refunded in the first 15 minutes. In the unfortunate and highly unlikely event that you have apps purchased under your name, just refund them and reset your password. But this scenario has essentially zero chance of happening, unless you invite psychos into your house.

iTunes is crap plain and simple. As an android+iPad user, I dread the iTunes system, and apple device dependancy on the program is not a good thing. It's slow, it's ugly, and it crashes, the iPad iteration crashes when loading one too many results in a search. On the other hand the android market is clean, well spaced out, and has great features, including having the decency to actually show you that you have already purchased something when viewing an uninstalled app. Only in the last few days has apple quietly added this functionality on the iTunes store. And i applaud them for that.

Just face it. Competition is healthy, for both sides of the fence. I can understand that some people dont like android, but that's no excuse to rat on it every day in articles. Read android blogs. Hardly any even mention apple. We are not concerned with you. We see the benefits in everything, whereas exclusive apple users have tunnel vision, and let apple dictate to you how to think. And for that you miss out on great things elsewhere, and i feel sorry for you.

There are posts here telling us Apple fans to quiet down, not to bash others, not to defend Apple, not to call others by the term ****fanboys, not to discuss etc. etc.
Lets get some things straight, yes you know who you are:
1) The term Apple fanboy was coined by M$ zealots first then it caught on with the Android
crowd. I am no boy, I am a man, you can call me Apple fanman, I don't mind, actually I like the
term.
2) This is OUR webblog, not android or M$ follows but ours. Hence you people who are Apple
Haters either behave or leave, its that simple
3) We can bash crap, yes android and M$ crap, its our right to, don't like it ? Tough luck
4) We can argue the merits of Apple vs brand X, it's our site, we have full rights to

The nerve and utter arrogance of you people telling, no ordering, us Apple fans on how to behave on our own webblog, the audacity is truly spine snapping.

A lot of you Apple Haters have parked your carcasses for way too long, and its time to move on.
Please leave our site.

Now back to the article DED, writes good stuff, he has obviously hit a raw nerve many a times with the anti-Apple brigade, that is why there is so many posts attacking him, even on a personal level.
If you disagree, state your stance, articulate it so it's fit for adult consumption, and don't do personal attacks, if you cannot abide these simple rules, you are free to move on.
Every time there are issues with android, up comes the force field, usually in the guise of attacking Apple first, then imply that the issue does not exist, or if it does, it can be minimised or removed with ease. Its amazing that the pro-android crowd always follows these methods, if they were a clock (Casio) you could set your time (+- 5 mins) by them.
There are unknown tribes in the Amazon that know how android lovers will react to any negative stories about their beloved and perfect system.

Some have, rightly suggested that these Apple Haters go and view some of the nasty comments that android owners have of their phones, but I guess these people don't exist in the eyes of the android lover, they must be Apple fans, how dare they complain out the perfect android product.

I have never heard such arrogance, ignorance, unintelligence, obnoxious bile frothing from the mouths of some of the people on this webblog. Some are so vile, that one questions their sanity.
Get a grip, its AI, its for us Apple lovers, we can mock, ridicule android and M$ to our heart's contents, don't like, then LEAVE PLEASE.

Wow, 1st post, what a rant from an obvious troll. Okay I will bite.
I own an iPad, iPod & iPhone, I use iTunes for ALL my app purchases, and it has NEVER CRASHED on me. let me repeat, its has NEVER crashed.
So your statement is a brazen lie, and because it is, so is the rest of your rant, no need to waste my precious time in pointing out the obvious lies.
You android lovers don't mock us ? What planet are you living on, I haven't read so much vile bile in all my life, until an android fan opens it's mouth or posts.
Your arrogance is over whelming.
Intelligence is inversely proportional to arrogance.

There was an interesting article about this on Daring Fireball, have a read, as the mathematics do give some reason to doubt the sincerity of Samsung's claims.

So when did the big, tough "Droid does" scud missile thing turn into a little, snivelling girl's toy, sitting next to a Chihuahua in a pink handbag?

Thats for people like you who have poor or selective memories.
I see your rants on RDM, if you hate DED so much, as you obviously do, then why do you chase him all over cyber space to get your "pound of flesh" ?
I'm just curious.
You never refute any of his arguments, but simply go on a personal attack, quite immature don't you think ?

AppleInsider now has a solid reputation as a site where Android trolls hang out to derail Apple conversations.

Look, you go to a site called AppleInsider and your agenda is basically anti-Apple, then you're a sad little troll.

This is a website by and for Apple product users. Of course Apple can and should be criticized when we think it messes up. But NOT when the haters think it messes up, which would be all the time.

That's a nice way of saying get lost.

Antennagate.

I think there's one person here who needs to get a grip.

it's a publicly available forum, which invites registration. You wouldn't come here if it was an all round circle jerk. DED writes articles which inflame, he responds in kind on his own website, and clearly writes stuff which gets hits, draws people to this site. This in turn, generates clicks and means this site is paid, so people can get on here and righteously rant about OUR site and OUR beloved this and that. It's not YOUR anything.

Have you used Kies, PC companion, PC Sync, LG mobile support tool, etc ?

Seeing as you brought up the subject of software, all of the above junk requires Windows to run most of it is required to update Android phones.

Google fans' defense of the company which is mining their data is really quite shocking; there's a chump born every minute, perhaps, but surely it's obvious that a company distributing a "free" knockoff OS, must have a larger agenda?

Where the lunacy reaches an apex, however, is in Android fan's denial that Google copied the iOS look and feel, albeit poorly. Now they "travel" around in rabid packs swarming onto Apple websites to reduce intelligent conversation to name-calling and aggression.

I can only imagine these people are young, emotionally immature males, probably still at school, whose teenage enthusiasms are this year aimed at cheap smartphones and the defense thereof.

That's all very well, but do we really want our conversation interrupted, or opinions formed by, fourteen year olds?

AppleInsider needs much stricter moderation on this site; if most forum feedbacks degenerate to the levels of this one, all but the brawlers will abandon this site for quieter and saner pastures.

They are even crapier than iTunes

Your right, that could never happen. Thats why we have no spambot networks.
Oh, wait, we do have spambot networks ... !!!

And yes, iOS is superior to Android.

J.

Been lurking for awhile , but finally felt compelled to throw my 2 cents in with this topic.

First of all, to all the detractors insinuating this is a FUD tactic, it most certainly is not. As a current Android user (HTC Droid Eris) who's used the new online Market to install an app, it works exactly as stated, which is a huge security risk.

As a somewhat fairly competent Android user (rooted phone, XDA Dev member), I would know right away if my account ever got hacked and someone bought and/or installed apps remotely to my phone. But for many casual Android users, those who've never heard of "rooting" their phones, the unprompted install of a malicious app could very well slip by their radar.

Consider this scenario: Jane/John Doe is a casual Android user who mainly uses their smartphone for calls and texting, with the occasional web browsing and Angry Birds session every now and then. After unlocking their phone one day, they discover a notification in the status bar saying the application "Ringtone Maker by yadayadayada" has been installed. Now not knowing any better, they open the app drawer and discover said app. Thinking they must have downloaded this and just forgot they did, or maybe their carrier did OTA, they open the app to "check it out".

Now, unbeknownst to them, they've just activated a piece of malware, that the've mistakenly assumed is legit. To you and I this may seem far fetched, but this similar situation happens everyday to ordinary unassuming people via phishing scams and other nefarious tactics.

All that Google would have to do to mitigate this security risk, is provide a dialog prompt alerting the user whenever an application is remotely being installed to an Android device. At which point, the install can be either accepted or denied. Simple. To those who choose so, they can even be provided with an opt-out on future installs.

As it stands, right now, this is very much indeed a serious flaw imo, and hopefully Google addresses it swiftly for the sake of all Android users, whether they be technically inclined or not.

Is FUD since you have to have the mail account compromised

Wouldn't a better solution be to increase the security on Google account login?

There are a bunch of ways to do this, all the way from simply selecting your personal image when you log on to security code dongles or SMS verification.

I offered the exact same solution when the iTunes accounts we "phished" and a bunch of money was stolen from them.

A username/password is no longer a secure way to access an account. Especially for anything related to your finances. It's just that simple.

Disclaimer: there may already be a way to optionally switch something like this on in a Google account, I haven't researched it. If it does exist, feel free to explain how to do it.

What Sophos have said is a load of rubbish and nothing more than a silly attempt to draw attention to their company and products.

I am a mac owner and I love my mac, but I use an Android phone, not an iPhone. In fact I ditched my iPhone 3G for an Android device because it offers me so much more than an iPhone.
Being able to conveniently buy an app online and then send it to my phone is just one of the many innovations that Android has, which trump the iPhone.

As others have already said, the excellent notification system on Android would show you that an app was installed, giving you the option to simply uninstall it.

Also, Google actually does control the Market to an extent, to keep out crapware and every user who comes across such an app can report it from within the Market immediately, so that Google can investigate.

I must say that I am disappointed in Apple Insider for always taking potshots at Google and Android, instead of reporting on Apple news. Are you just a mouth piece for Apple, used to feed that Apple kool aid to the masses and shoot down any and all competition?

Try reporting on Apple news only, with accurate content and professional journalism instead please. Maybe I'll still keep reading you then...

I presented actual links to back up my point, while all you needed was "general knowledge" to "prove" what I was saying wasn't true. How interesting. How typical.


Apparently that's the way YOU do your research, so you assume that's the way I'd do it. You're wrong. And, just like the other clown, you substitute your assumptions and tired, unsupported allegations for actual facts.

Not all that hard to do nowadays with all the phishing and other email scams. I actually had a friend not to long ago fall victim to an email scam asking for his gmail password (promptly admonished him for giving it out, then helped him reset it).


I don't know, to me that seems a more difficult solution to the problem, since most people after having setup their Gmail account, never go back and mess with the settings. It shouldn't be hard for Google to implement some kind of warning prompt for remote installs, hell they already have one in place with receiving files over bluetooth.

deleted

So, you're sort of a drive by troll who missed his target, drove around the block a few times to try again, then left when he heard the sirens, without even grazing anyone?

Oh, it's been considered, and they do all make sense.

Well thank you for all of the Android fans showing up (again) and spelling out all of the reasons exactly why we recommend to out friends and family, Apple products over MSFT or Google variants of stolen IP (see Java).


Bluest says it all... but let me get this into a scenario using my 80+ year old parents, who as of Christmas have an iPad. Chalk that up to my Dad who refused to wait any longer to get "up to date" with the PC revolution.

A potential telephone conversation if they would have an Android device instead:

Me: Hey Dad, BTW... don't click on anything suspicious if it happens to show up... or doesn't show up... or maybe like... I don't know... could under certain circumstances show up... well ya know... don't click on anything... because then you'll have to "root your Android device using Cyanogen".

Dad: Uhm? What? Don't click on anything because then I'll need a "root-canal after eating the Cinnamon Bun?" What the...????

My Mom in the background: Oh I just love Cinnamon Buns but I had a root canal just a few months ago (5 years really)... and it was soooo horrible.... blah...blah...blah.

Me: Well no Dad... I said you'll have to "root your device with CyanogenMod... uhm... and Gingerbread".

Dad: Well what is it son? Cinnamon Buns or Gingerbread? Whatever... I am not getting a root canal!

Me out loud, but more to myself: I knew I should have gotten them an iPad and then just send 'em to the Apple Store! Naturally my Mom would develop "Instant-Bionic-Hearing" abilities as usual, and surely quip," well ya know, an Apple a day keeps the Doctor away...hee, hee".

No.. my parents aren't dumb. Yes, they are computer illiterate... and God-fearing, trusting (why would anyone one want to, "Fish me" did ya say?) good souls... and I love 'em dearly. I would think that 70% or more of the populace could say the same thing or tell the same story.

That's why a Geek-Squad device should NEVER be recommended to a loved one, and why I'm thankful that the geeks and their devices exist.

How better to make our sales pitch to loved ones that much easier, by pointing out the geekiness factor in these "other, alternative, cheaper, open" devices.

Thank You Geeks... and my Dad says to stay off his lawn, 'K?!

Funny, but yoiur grandpa doesn't have to be worried.