or Connect
AppleInsider › Forums › Mobile › iPhone › New Android "RAT" infects Google Play apps, turning phones into spyware zombies
New Posts  All Forums:Forum Nav:

New Android "RAT" infects Google Play apps, turning phones into spyware zombies - Page 3

post #81 of 171
Quote:
Originally Posted by EricTheHalfBee View Post

80%? Where did you get that figure from. According to Google, it's 64%. .

According to the link you pointed me to the ASLR flaw was fixed with 4.0, then further improved with 4.1 Quote: "Android 4.0 Ice Cream Sandwich provides address space layout randomization (ASLR) to help protect system and third party applications from exploits due to memory-management issues." Maybe you didn't use a very good link. If accurate tho add in that 15+% and you get to 80%.
Quote:
Originally Posted by EricTheHalfBee View Post

Google changed the way they calculate the percentage of users on each version. They used to count ALL devices. Now they only count devices that SPECIFICALLY visited Google Play within the previous 7 days (in other words, the user visited the Store)..

Google talks about that. According to the Google Dashboard disclaimer "Because this data is gathered from the new Google Play Store app, which supports Android 2.2 and above, devices running older versions are not included. However, in August, 2013, versions older than Android 2.2 accounted for about 1% of devices that checked in to Google servers (not those that actually visited Google Play Store).
Quote:
Originally Posted by EricTheHalfBee View Post

Why do I have to provide proof of harm?
No harm no foul. Theoretical security issues are far removed from real world maliciousness. You know that.
Edited by Gatorguy - 3/7/14 at 8:48pm
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #82 of 171
I guess what I do get — and what hasn't been answered — is how Google can push lateral updates that fix all kernel and OS issues without seemingly updating the kernel and OS. If they have been updated then why not call them 4.4 "Kit Kat" and if they have only been patched with virtually duct tape then how can one say they have don't have the same holes that were discovered in those OSes?

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #83 of 171
Quote:
Originally Posted by EricTheHalfBee View Post


DING DING DING

We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.

This is true, but how much malware use actual kernel exploits? I got the impression that most android malware use social engineering to get the user to consciously install and run some mislabeled piece of software. It's like if I were to convince you to try this new messaging app on your mac which is really a script that runs "sudo rm -rf /". The situation is similar to that of OS X and Flashback, except there were actually some versions of Flashback that installed themselves without user intervention. 

post #84 of 171
Quote:
Originally Posted by Gatorguy View Post

According to the link you pointed me to the ASLR flaw was fixed with 4.0, then further improved with 4.1
If you bothered to read more about it you'd realize the "fix" in ICS was so half baked it wasn't really a fix. They did the equivalent of installing a lock on the front door but leaving the keys under the mat. There are numerous articles about how poor ASLR was in ICS. It was fully fixed in JB.

Quote:
Originally Posted by Gatorguy View Post

"Because this data is gathered from the new Google Play Store app, which supports Android 2.2 and above, devices running older versions are not included. However, in August, 2013, versions older than Android 2.2 accounted for about 1% of devices that checked in to Google servers (not those that actually visited Google Play Store).
No need to post something I already know. The bottom line is Google only counts devices where the user initiates access. Google used to count all automatic access (for example, if you had an older device that downloaded an updated App).

There are devices out there that are getting updates and yet still aren't being counted. So if I had an older phone with 10 Apps I use, and never bother to buy new Apps because my phone works good, then it will never get counted even though it's being used (and getting updated).

Quote:
Originally Posted by Gatorguy View Post

No harm no foul. Theoretical security issues are far removed from real world maliciousness. You know that.

So then I guess you're going to provide me with proof that Google's Verify Apps has successfully blocked all malware? Or to put it another way, since Verify Apps is nothing more than a fancy name for anti-virus software, are you claiming that Google has somehow managed to create a virus scanner with a 100% success rate?

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #85 of 171
Quote:
Originally Posted by d4NjvRzf View Post
 

This is true, but how much malware use actual kernel exploits? I got the impression that most android malware use social engineering to get the user to consciously install and run some mislabeled piece of software. It's like if I were to convince you to try this new messaging app on your mac which is really a script that runs "sudo rm -rf /". The situation is similar to that of OS X and Flashback, except there were actually some versions of Flashback that installed themselves without user intervention. 

 

No way to really know how much is due to kernel exploits. I used the term "kernel" to refer to the base OS itself, outside of Google Play Services. Google Play has no ability to modify the kernel so any past (or future) exploits outside of Google Play will not be able to get updates via Google Play.

 

All Verify Apps/Google Play will do is get the people writing malware to specifically target areas of Android that are outside their control.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #86 of 171
Quote:
Originally Posted by EricTheHalfBee View Post


You know exactly how to do that since it's you're trademark. Don't get offended when someone returns the favor.

You shouldn't talk about security when you know nothing about how OS's are designed. For starters read this:

http://en.wikipedia.org/wiki/Address_space_layout_randomization

Only Android JB has fully implemented this feature.

 

Just curious, how much android malware actually use kernel exploits that would be mitigated by ASLR? OS X lacked a proper ASLR implementation up through Snow Leopard, which is still used by one in five Macs, yet that hasn't been attributed to many real-world security problems.

post #87 of 171
Quote:
Originally Posted by DroidFTW View Post

Any stats on infection rates and geographic locations of those most at risk?  No?  I wonder why that could be.

If it just came out then that would be why. Previous incarnations that have been manually injected into apps will have bypassed bouncer too but they won't show up in malware tests until they know what to check for.
Quote:
Originally Posted by SolipsismX 
RAT has got to be the best acronym for malware.

There's a whole culture developed around this kind of malware already with the PC versions. They call the victims rats or slaves because the perpetrators (ratters/RATers or rat-breeders) watch them like they would a pet. There was a case last year where someone managed to do this to Miss Teen USA Cassidy Wolf:

http://edition.cnn.com/2013/09/26/justice/miss-teen-usa-sextortion/
http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams/

The camera light doesn't always come on and they record pictures/videos of them walking past the camera naked and they use the images/videos to bribe them into doing more explicit things just for them:

"The stalker claimed to have 1,000 photographs of one woman. As an FBI agent was speaking by phone to this young woman, she logged onto her Instagram account to find it populated by nude pictures of her, the complaint said."

Some people have targeted younger victims and they threaten to post the pictures to relatives and friends that they get from contacts lists if they don't do more explicit things in private via direct webcam. Then of course, they have both the original photos/videos and explicit webcam recordings. Not everyone gets naked in front of their computer, check the guy on the left in the following pic, this is an image from one of the news articles about it:



but there was one woman said she watches DVDs in the bath. Tablets take this to a whole new level because they can be used in all sorts of places.

Sometimes the perpetrators do it to mess around with people. They have control over browsers so they randomly popup really explicit pornography while they are just doing normal browsing. There's a girl here does it to some kid:



You can see near the end, they have a list of computers that they can freely connect to and watch in multiple locations, some have hundreds of victims. There are other videos (some explicit) if you search for darkcomet on youtube.
Quote:
Originally Posted by Dick Applebaum 
How could these denial of service attacks be fended off?

With a big enough data center and monitoring and limiting traffic. You couldn't do it to Google for example because they have so many servers, probably the same with Facebook. Google also uses a filter to block suspicious activity. I've had it with some search terms where it can't work them out quickly enough so it asks you to enter a captcha. There's a service called Cloudflare that you can sit your own server behind and traffic will be filtered through it (the server would have to reject direct traffic). They handled one of the biggest attacks known so far:

http://www.reuters.com/article/2014/03/05/us-cyber-ddos-idUSBREA240XZ20140305

400GB/s of connection data. People were trying to take down Spamhaus, which is a spam blacklist. If they'd managed it, people would trust Spamhaus less, which benefits the spammers.
post #88 of 171
Quote:
Originally Posted by Gatorguy View Post
 
Quote:
Originally Posted by mstone View Post

TLDW
bold italics, ha

Whenever I quote long passages from another source I'll usually italicize it for obviousness. As far as being too long the post was for Daniels' benefit. I don't expect others to take the time to read it since most don't care about any inconvenient facts anyway. They already learned all they want to know about it from DED's article. 1smile.gif

whatever... what you wrote seems like a total damage control piece. Hard to believe you are just a rational contrarian user and not a paid astroturfer

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #89 of 171
Quote:
Originally Posted by EricTheHalfBee View Post

So then I guess you're going to provide me with proof that Google's Verify Apps has successfully blocked all malware? Or to put it another way, since Verify Apps is nothing more than a fancy name for anti-virus software, are you claiming that Google has somehow managed to create a virus scanner with a 100% success rate?

Ah an all or nothing guy. Despite your mention of virus, which there are not Android viruses AFAIK, I know what you meant. Which OS can you point to with a 100% success rate? Any OS at all?

If 99.99% avoidance of actually harmful malware will get you close enough there's been recent articles that talk about something in that range.
http://www.phonearena.com/news/Google-says-less-than-.001-of-Android-malware-evades-Google-Play-security-to-cause-harm_id47960

So going back to my original comment I thought DED's article was informative. I even added the additional fact that the new RAT had been found in Google Play itself. Almost inexplicable that DED missed the opportunity to announce it.

The last paragraph tho is easily shown to be untrue. If you were being honest you'd agree. It was never an argument over whether malware exists, It does. The disagreement was with Daniels assertion that Google doesn't care and that most old Google Android phones won't ever get security enhancements. They do and they have.

Otherwise I didn't voice any other issue with his article and it's entirely possible the last erroneous paragraph could be chalked up to his just not being familiar with Google efforts.
Edited by Gatorguy - 3/7/14 at 9:26pm
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #90 of 171
Quote:
Originally Posted by EricTheHalfBee View Post


There are devices out there that are getting updates and yet still aren't being counted. So if I had an older phone with 10 Apps I use, and never bother to buy new Apps because my phone works good, then it will never get counted even though it's being used (and getting updated).

I think you may be confused. App updates come from Google Play, and that old device getting an update to one of your 10 apps would be part of the Google Play count.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #91 of 171
Quote:
Originally Posted by Marvin View Post

If it just came out then that would be why. Previous incarnations that have been manually injected into apps will have bypassed bouncer too but they won't show up in malware tests until they know what to check for.

 

Dendroid may have just came out, but the code is more then likely not new.  Symantec states that Dendroid is likely based on AndroRAT which is a tool that's been around for quite awhile and is barely even useable anymore.  There's a very real chance that this $300 price won't get you the great lifetime of customer service, updates and support for all ones skid needs like what is advertised (a shock, I know) and instead is old code repackaged to scam wannabe haxorz out of their money.


EDIT:  I just noticed that DED left out the graphic that I'm referring to.  Here it is.

 


Edited by DroidFTW - 3/7/14 at 9:39pm
post #92 of 171
Quote:
Originally Posted by Dick Applebaum View Post


You dasen't correct Corrections!

I shan't warn you again!

 

Their They're now!

"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #93 of 171
Quote:
Originally Posted by Gatorguy View Post


I think you may be confused. App updates come from Google Play, and that old device getting an update to one of your 10 apps would be part of the Google Play count.

 

No, you're the one who's confused. I'll make it really simple for you:

 

- Google used to count a device whenever the device checked in with Google (for example, to look for updates).

- Google now only counts devices when a user specifically visits the Play store (like browsing for Apps).

 

From Google's announcement when they made the change:

 

Quote:
The new device dashboards are based on the devices of users who visit the Google Play Store (rather than devices that have checked-in to Google servers). As a result, the dashboards more accurately reflect the users most engaged in the Android and Google Play ecosystem—and thus most likely to download and use your apps.

 

This was all explained back when they made the change. As I stated above, your phone can get updates and still not get counted. Updates are not a user-initiated action. Updates are also no use to developers to see who's actually shopping for and buying Apps.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #94 of 171
DONT TELL ANDROID USERS JUST TO F*CK WTH THEM
post #95 of 171
Quote:
Originally Posted by EricTheHalfBee View Post
 

 

Android apps that were initially installed thru the Play Store (or ones that come preinstalled) get updated thru the Play Store.  I can't tell if you're aware of that by your post.  Apps don't directly update themselves in the background outside of the Play Store.  Facebook once tried to go that route and they were quickly put in their place by Google.

 

However, you seem pretty sure that Android apps do update themselves outside of the Play Store and without any user-initiated actions.  This is not normal native behavior for either the Android OS or Android apps.  May I ask if you own an Android device that does this and which one it is?  Also, which app(s) do this on that device?


Edited by DroidFTW - 3/8/14 at 12:16am
post #96 of 171
Android has improved over the years !

I believe in Apple ecosystem and touchwood I haven't had any viruses !!
post #97 of 171
This must be one of the more desperate DED articles to date. Very selective quoting and a serious exaggeration of the actual danger. How about these quotes from the same sources:
"Malicious apps are still found from time to time on Google Play, but they’re usually quickly removed."

"While malware distribution on Android is harder to scale than on Windows, because Google has gotten much better at policing the Google Play store in recent years, there are variety of techniques that attackers can and have used to trick users into installing malicious apps on their devices. These techniques include distributing malicious apps through third-party app stores that are very popular in certain markets like China or Russia, using Windows malware to inject rogue messages into Web browsing sessions to claim the rogue apps are associated with trusted sites like online banking ones, and even selling phones with trojanized apps pre-installed on them.

And the Bouncer evading is unproven:
"they claim that the new RAT contains techniques to bypass detection by Bouncer, Google Play’s automated malware scanner, and other anti-virus programs. However, it’s not clear how effective those alleged techniques actually are."
Yet DED makes it sound as a certainty.

"We only detected a single application infected with Dendroid and it has already been removed from the Play Store"
So not so capable in evading Bouncer after all.

No idea why DED feels the need to make it appear as if the Google Android ecosystem (and read carefully Google Android, so Play Store only and no unknown sources) is malware infested while this clearly is not the case. And also no idea why he seems to have this urge to vilify Android at every little opportunity, with what often is misinformation.
Edited by Chipsy - 3/8/14 at 5:02am
post #98 of 171
Quote:
Originally Posted by EricTheHalfBee View Post

No, you're the one who's confused. I'll make it really simple for you:

- Google used to count a device whenever the device checked in with Google (for example, to look for updates).
- Google now only counts devices when a user specifically visits the Play store (like browsing for Apps).

From Google's announcement when they made the change:


This was all explained back when they made the change. As I stated above, your phone can get updates and still not get counted. Updates are not a user-initiated action. Updates are also no use to developers to see who's actually shopping for and buying Apps.

Eric, your's is certainly a unique interpretation of a simply concept. Google clearly explains how the count is done and even why the change was made:
"Beginning in September, 2013, devices running versions older than Android 2.2 do not appear in this data because those devices do not support the new Google Play Store app. Only the new app is able to measure the number of devices that actively visit Google Play Store and we believe this measurement best reflects your potential user-base."

And where do Android app updates come from? Google Play. And how are app updates initiated? You first have to visit Google Play. Note too that even if you visit to set up automatic updates for some of your apps if there are any significant permission changes with an update you'll still have to pay another visit to the Play Store to approve it first.
https://support.google.com/googleplay/answer/113412?hl=en

Prior to the change Google charted the OS versions for Android devices logging into any Google Services (Maps, Search etc.)
Since the stats are intended to aid developers and those who don't use Google Play are of little interest Google changed the reporting metric. After all it's for developer's benefit, not the press or you or me.

But to placate those curious souls who believe ten's of millions of old device OS's are left out of the stats Google periodically offers info on those too. You'll see that mentioned under this months chart. As of August 2013 the percentage of Google users with OS's older than 2.2 was an insignificant 1%. https://developer.android.com/about/dashboards/index.html

We'll just assume tho you visited Google's appstore and successfully set up every one of your ten apps to automatically update, none ever had permission changes, and you never visited since. Sounds as tho you'd be a rare exception but whatever for purposes of discussion. You can't be protected by these new security enhancements right? Surely ya gotta get an OS update or at least visit Google Play to be protected. With the default PlayStore app on your phone, even if you never use it, you're automatically getting those enhancements, no action on your part and no visit to the Playstore necessary. You may not know it, but they are there if you have Android 2.3 or better.

And that sir is the only thing I publicly took issue with from Daniel's article. He would claim "Google maintains no accountability for the devices that ship with Android (and) Most of these will never receive security updates." I believe he's incorrect on both counts. Am I right? It's a really simple question to answer but somehow I don't expect to get one..
Edited by Gatorguy - 3/8/14 at 7:39am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #99 of 171
Quote:
Originally Posted by EricTheHalfBee View Post
 

 

No, you're the one who's confused. I'll make it really simple for you:

 

- Google used to count a device whenever the device checked in with Google (for example, to look for updates).

- Google now only counts devices when a user specifically visits the Play store (like browsing for Apps).

 

Quote:
 The new device dashboards are based on the devices of users who visit the Google Play Store (rather than devices that have checked-in to Google servers). As a result, the dashboards more accurately reflect the users most engaged in the Android and Google Play ecosystem—and thus most likely to download and use your apps.

 

Google has other web properties besides the Play Store, such as Gmail and YouTube. I interpret the announcement as merely saying that a device won't be considered an Android device simply because it uses Gmail. The ability to access the Play Store is what distinguishes a Google-certified device from a no-name white-box build using the Android source code, such as what you might find in China. Thus it makes sense to only consider devices that access the Play Store.

 

It would not make sense for Google to distinguish automated Play Store access from user-initiated Play Store access when measuring the Android population. Once users have found all the software they need, they aren't going to keep looking for apps. If you only count user-initiated app store accesses, you will only see mostly the users new to the platform.


Edited by d4NjvRzf - 3/8/14 at 5:36am
post #100 of 171
Quote:
Originally Posted by NexusPhan View Post
 

It's insanely easy to avoid malware in Android. 

Don't buy Android phone. Insanely easy.

Fun and relaxing way to prepare Japanese Language Proficiency Test (JLPT) test with Juku Apps
Reply
Fun and relaxing way to prepare Japanese Language Proficiency Test (JLPT) test with Juku Apps
Reply
post #101 of 171
Quote:
Originally Posted by Gatorguy View Post

But to placate those curious souls who believe ten's of millions of old device OS's are left out of the stats Google periodically offers info on those too. You'll see that mentioned under this months chart. As of August 2013 the percentage of Google users with OS's older than 2.2 was an insignificant 1%. https://developer.android.com/about/dashboards/index.html

First, thank you for the factually informative post. Once in a while you are a very valuable poster :)

 

Second of all, it's funny to see that there are almost as many people running older versions than gingerbread than there are people running KitKat. Play Services will eventually hit an wall and this failure to update devices will become very apparent.

 

And in my opinion, Android evolution really stopped at 4.1, and that was a small step after 4.0. There's almost 0 differences for casual users. No difference in speed, no features, no visual changes (just little UI corrections).

post #102 of 171
Originally Posted by pedromartins View Post

There's no malware problem at all, far from it. Android is awesomely secure (maybe it's not as secure as iOS, different business model) and the casual user never had any sort of problem related with virus, trojans and malware. And, most likely, they will never have.

 

 

Sorry about the TEN MEGABYTE gif, but it’s of ludicrously better quality than any of the video clips of this uploaded anywhere.

Originally posted by Marvin

Even if [the 5.5” iPhone exists], it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone exists], it doesn’t deserve to.
Reply
post #103 of 171
Quote:
Originally Posted by pedromartins View Post
 

First, thank you for the factually informative post. Once in a while you are a very valuable poster :)

 

Second of all, it's funny to see that there are almost as many people running older versions than gingerbread than there are people running KitKat. Play Services will eventually hit an wall and this failure to update devices will become very apparent.

 

And in my opinion, Android evolution really stopped at 4.1, and that was a small step after 4.0. There's almost 0 differences for casual users. No difference in speed, no features, no visual changes (just little UI corrections).

Android development has mostly been iterative since 4.1. Before then, most of the work had gone into developing the backend features. The underlying OS reached maturity in 4.0, and Jelly Bean was the first release that paid attention to achieving a 60fps user interface. In a way, the evolution of Android is opposite to that of iOS, which instead made UI performance its first priority and slowly added backend features over time.


Edited by d4NjvRzf - 3/8/14 at 6:45am
post #104 of 171
Quote:
~~Android users can adopt the same protections that Windows PC users did during the malware crisis that plagued Microsoft's platform ten years ago. That includes not installing apps from untrusted sources and installing third party malware scanner tools. Over the past ten years however, a significant portion of Windows users have simply switched from the wide open, malware saturated Windows platform to Apple's Macs and iOS devices. Macs never became a significant malware target, an advantage Apple advertised and worked to preserve.

 

Mr dilger, that has to be one of the worst constructed arguments that I have seen in some time.

 

Are you suggesting that Macs can't get malware?

 

And that Apple actively try to keep the install base of OSX small enough to discourage malware writers?

post #105 of 171
Quote:
Originally Posted by Tallest Skil View Post

 

Sorry about the TEN MEGABYTE gif, but it’s of ludicrously better quality than any of the video clips of this uploaded anywhere.

So, again: Another discussion where you have absolutely nothing to add, another discussion where you simply ignore facts and try to manipulate half-truths to get on with your wrong and even delusional view of the world.

 

Thanks for the awesome gif, but that doesn't make up for the fact of how fantastic and secure Android is, neither does it change the fact and even in the US most people specifically chose Android, despite the Apple power and every other reason we might think about.

 

There are reasons for that. Being ignorant about them is your only choice, but at least keep it to yourself.

 

Again, this thread is pointless and, as my previous post shows, only AI cares and there's a reason for that, too: Spreading pathetic FUD.

post #106 of 171
Quote:
Originally Posted by pedromartins View Post



So, again: Another discussion where you have absolutely nothing to add, another discussion where you simply ignore facts and try to manipulate half-truths to get on with your wrong and even delusional view of the world.

Thanks for the awesome gif, but that doesn't make up for the fact of how fantastic and secure Android is, neither does it change the fact and even in the US most people specifically chose Android, despite the Apple power and every other reason we might think about.

There are reasons for that. Being ignorant about them is your only choice, but at least keep it to yourself.

Again, this thread is pointless and, as my previous post shows, only AI cares and there's a reason for that, too: Spreading pathetic FUD.

The only acceptable response is for you to close your account and never visit these threads again.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #107 of 171
DroidFTW and Gatorguy.

I know neither of you are developers, but do you have any acquaintances that are? If so, then ask them to log into their developer account at Google. Then head over to distribution and see the percentages for Apps they developed and compare them to Google's distribution.

And if we have any other developers here I encourage them to do the same (I'll be posting after the weekend from the office - I need to remove identifying info for clients before posting up their data).

You're going to have a tough time explaining how REAL numbers from Google for SDK version distribution are different from Googles distribution chart (that uses creative accounting).

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #108 of 171
Quote:
Originally Posted by pedromartins View Post

Then, shame on most AI posters to fall for it, and to be so so ignorant about Android. Being ignorant is never good.

You mean like GG? A poster who knows absolutely nothing about the underlying architecture of Android or how to code for it, yet posts up opinions as if they were facts? And when you try to engage him he switches lanes as he lacks the technical knowledge to go beneath the surface?

If so I agree.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #109 of 171
Quote:
Originally Posted by SpamSandwich View Post

The only acceptable response is for you to close your account and never visit these threads again.

 

Why? Besides you can't do it on AI. Believe me, because of the ignorance of some posters here, I tried.

 

Quote:
Originally Posted by EricTheHalfBee View Post

You mean like GG? A poster who knows absolutely nothing about the underlying architecture of Android or how to code for it, yet posts up opinions as if they were facts? And when you try to engage him he switches lanes as he lacks the technical knowledge to go beneath the surface?

If so I agree.

I quoted his last post and I found it to be very good. Everybody takes those Google numbers as fact and not even once did I hear/read any dev complaining about it.

post #110 of 171
Quote:
Originally Posted by Gatorguy View Post

. With the default PlayStore app on your phone, even if you never use it, you're automatically getting those enhancements, no action on your part and no visit to the Playstore necessary. You may not know it, but they are there if you have Android 2.3 or better.

And that sir is the only thing I publicly took issue with from Daniel's article. He would claim "Google maintains no accountability for the devices that ship with Android (and) Most of these will never receive security updates." I believe he's incorrect on both counts. Am I right? It's a really simple question to answer but somehow I don't expect to get one..
Quote:
Originally Posted by EricTheHalfBee View Post

DroidFTW and Gatorguy.

I know neither of you are developers, but do you have any acquaintances that are? If so, then ask them to log into their developer account at Google. Then head over to distribution and see the percentages for Apps they developed and compare them to Google's distribution.

And if we have any other developers here I encourage them to do the same (I'll be posting after the weekend from the office - I need to remove identifying info for clients before posting up their data).

You're going to have a tough time explaining how REAL numbers from Google for SDK version distribution are different from Googles distribution chart (that uses creative accounting).

Still flopping around and avoiding a direct answer I see. Your reply has nothing at all to do with the erroneous paragraph I objected to, nor have your previous ones. I'll take that as the closest I'll get to your admitting Daniel was wrong.

Note that unlike you I don't avoid questions you raise either. I'm not a developer but it doesn't make me helpless to try and find an answer. To that end I've already looked at the SDK distribution numbers, courtesy of AppBrain, as of Feb. 13 this year. You'd probably agree they're a good source with access to data from a huge number of developers. They show an even higher percentage of KitKat users than the OS distribution chart Google publishes, 5.7%. and overall about 90% on 2.3 or better. Google might be shortchanging themselves.

So the SDK distribution numbers you alluded to don't change the end result at all. Most Google Android users are receiving security updates even languishing on old OS versions and Google still accounts for them. Kernel changes? Gotta have an OS update. we both agree on that. Security improvements? A lot can be done and is being done with no OS update required. We both should agree on that but you can't seem to bring yourself to admit it. Why?
http://www.appbrain.com/stats/top-android-sdk-versions

Android SDK version table

Android SDK version/ share/ Change in the last 30 days
2.0-2.1 (Eclair) 3.4 % ↓ 13 %
2.2 (Froyo) 3.4 % ↓ 10 %
2.3 (Gingerbread) 18.1 % ↓ 9 %
3.0-3.2 (Honeycomb) 0.7 % No change
4.0.x (ICS) 12.9 % No change
4.1-4.3 (Jelly Bean) 55.7 % ↑ 2 %
4.4 (KitKat) 5.7 % ↑ 40 %
Edited by Gatorguy - 3/8/14 at 10:35am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #111 of 171
Quote:
Originally Posted by dasanman69 View Post


That is incorrect, the contraction for 'it is' is indeed 'it's', but to show possession it is 'its'

You missed out a full stop at the end of the sentence. There should be a semi-colon after 'incorrect' instead of a comma.

 

Its a pleasure

“I wasted time, and now doth time waste me.”
Reply
“I wasted time, and now doth time waste me.”
Reply
post #112 of 171
Quote:
Originally Posted by Corrections View Post
 

 

 

 

Also remember that "it is" as a contraction becomes its not it’s. 

No, you have it backwards:

 

 Its is the possessive form of it ( the dog licked its paw), while it's is the contraction of it is ( look, it's a dog licking its paw) or it has ( it's been too long). The apostrophe in it's never denotes a possessive. The confusion is understandable, since other possessive forms (singular nouns) do take an apostrophe + s, as in the girl's bike or the president's smile.

post #113 of 171
Quote:
Originally Posted by pedromartins View Post
 

For starters, shame on AI to try to spam FUD everywhere about Android and a supposed malware problem, going to the sad lengths of comparing it with Windows.

Then, shame on most AI posters to fall for it, and to be so so ignorant about Android. Being ignorant is never good.

 

There's no malware problem at all, far from it. Android is awesomely secure (maybe it's not as secure as iOS, different business model) and the casual user never had any sort of problem related with virus, trojans and malware. And, most likely, they will never have.

 

Again, this is a non-issue, and every single most used tech website doesn't even care about posting this stuff, despite the potential lucrative clicks.

Being ignorant is often good. If you listen to an amazing piece of music for the first time, your ignorance can be good.

 

Conversely, if you were locked up in a cell for eternity to listen to the Cheeky Girls on repeat, you might construe your lack of ignorance as a bad thing.


Edited by Benjamin Frost - 3/8/14 at 10:18am
“I wasted time, and now doth time waste me.”
Reply
“I wasted time, and now doth time waste me.”
Reply
post #114 of 171
Quote:
Originally Posted by Gatorguy View Post


The article was actually pretty informative, at least until it strayed into misinformation at the very end. Every Google Android device with 2.3 and above (that's pretty much all of them) have received security updates even if the OS itself is still an older version. Security and feature updates can come directly from Google via Play Services and have.

 

Google does issue security updates but mostly to manufacturers and carriers. Google sends them directly to pure Android systems like their Nexus, Motorola and a few others. Carriers and manufacturers stand in the way of the end user actually receiving them in many cases. This is changing with many manufacturers but the carriers (Verizon is a big offender) make updates available long after they have been released by Google and/or the manufacturer. The truth is they won't get the updates because the carriers will tell them they need a new phone in order to sell new phones. Play Services in many cases is not controlled directly by Google on all Android phones. The carriers like to control it and they do it in conjunction with the manufacturer on some. The carrier controls it so they can control when updates are issued. Remember Android is an open source system and Google loses a lot of control once it gets out into the wild. They are trying to fix that but Verizon and AT&T are wild horses. The bloatware they put on top of a good phone like the Samsung Galaxy S4 can bring it to the performance of a cheap free phone.

 

 

post #115 of 171
Quote:
Originally Posted by mnbob1 View Post

Play Services in many cases is not controlled directly by Google on all Android phones. The carriers like to control it and they do it in conjunction with the manufacturer on some. The carrier controls it so they can control when updates are issued.

Incorrect. Carriers have no control over Play Services or it's updates. Zero. That's one reason it exists. Google created a way to completely bypass uncooperative manufacturers and inflexible carriers to deliver security enhancements and feature updates directly to Android users. With Play Services delivering some of the newest features of Google Android no longer rely on an OS update that may never come from a manufacturer/carrier who's in no rush.
http://arstechnica.com/gadgets/2013/09/balky-carriers-and-slow-oems-step-aside-google-is-defragging-android/
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #116 of 171
Quote:
Originally Posted by Gatorguy View Post



Still flopping around and avoiding a direct answer I see. Your reply has nothing at all to do with the erroneous paragraph I objected to, nor have your previous ones. I'll take that as the closest I'll get to your admitting Daniel was wrong.

Note that unlike you I don't avoid questions you raise either. I'm not a developer but it doesn't make me helpless to try and find an answer. To that end I've already looked at the SDK distribution numbers, courtesy of AppBrain, as of Feb. 13 this year. You'd probably agree they're a good source with access to data from a huge number of developers. They show an even higher percentage of KitKat users than the OS distribution chart Google publishes, 5.7%. and overall about 90% on 2.3 or better. Google might be shortchanging themselves.

So the SDK distribution numbers you alluded to don't change the end result at all. Most Google Android users are receiving security updates even languishing on old OS versions and Google still accounts for them. Kernel changes? Gotta have an OS update. we both agree on that. Security improvements? A lot can be done and is being done with no OS update required. We both should agree on that but you can't seem to bring yourself to admit it. Why?
http://www.appbrain.com/stats/top-android-sdk-versions

Android SDK version table

Android SDK version/ share/ Change in the last 30 days
2.0-2.1 (Eclair) 3.4 % ↓ 13 %
2.2 (Froyo) 3.4 % ↓ 10 %
2.3 (Gingerbread) 18.1 % ↓ 9 %
3.0-3.2 (Honeycomb) 0.7 % No change
4.0.x (ICS) 12.9 % No change
4.1-4.3 (Jelly Bean) 55.7 % ↑ 2 %
4.4 (KitKat) 5.7 % ↑ 40 %

 

Shall I go back over your history and give you a list of all the topics/questions you skirt around or avoid? It's your MO, and everyone here knows it.

 

You are a liar if you claim you don't avoid questions. Outright, plain and simple liar.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #117 of 171
Quote:
Originally Posted by SpamSandwich View Post
 
Quote:
Originally Posted by pedromartins View Post



So, again: Another discussion where you have absolutely nothing to add, another discussion where you simply ignore facts and try to manipulate half-truths to get on with your wrong and even delusional view of the world.

Thanks for the awesome gif, but that doesn't make up for the fact of how fantastic and secure Android is, neither does it change the fact and even in the US most people specifically chose Android, despite the Apple power and every other reason we might think about.

There are reasons for that. Being ignorant about them is your only choice, but at least keep it to yourself.

Again, this thread is pointless and, as my previous post shows, only AI cares and there's a reason for that, too: Spreading pathetic FUD.

The only acceptable response is for you to close your account and never visit these threads again.

Good riddance!

post #118 of 171
Quote:
Originally Posted by Gatorguy View Post

Incorrect. Carriers have no control over Play Services or it's updates. Zero. That's one reason it exists. Google created a way to completely bypass uncooperative manufacturers and inflexible carriers to deliver security enhancements and feature updates directly to Android users. With Play Services delivering some of the newest features of Google Android no longer rely on an OS update that may never come from a manufacturer/carrier who's in no rush.
http://arstechnica.com/gadgets/2013/09/balky-carriers-and-slow-oems-step-aside-google-is-defragging-android/

Paid by Samsung?

post #119 of 171
Quote:
Originally Posted by SudoNym View Post

Paid by Samsung?

Marvin already let us in on what you're up to. Carry on sir. The regulars aren't fooled.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #120 of 171
Quote:
 The practice of selling such a malware package targeting Android is so common it has a pet name among security researchers: an "Android RAT," for Remote Administration Tool

One of the more amusingly ignorant sentences I've seen in an AI article. The acronym 'RAT' is a common industry phrase - sticking 'Android' on the front to denote the platform isn't a pet name any more than 'iOS RAT' is.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • New Android "RAT" infects Google Play apps, turning phones into spyware zombies
AppleInsider › Forums › Mobile › iPhone › New Android "RAT" infects Google Play apps, turning phones into spyware zombies