Millions of Android users hit by malicious data theft app

1235711

Comments

  • Reply 81 of 216
    nsxroxnsxrox Posts: 1member
    Goodbye Mac vs. PC ads. Hello iPhone vs. Droid ad campaign.



    "Hi, I'm an iPhone"

    "And I'm a Droid"



    "Hey Droid, do you have problems with viruses?"

    "Well actually, iPhone, I..." [battery dies]
  • Reply 82 of 216
    zaphod0zaphod0 Posts: 7member
    Just had to create an account for this. The hatred here towards android is scary. For the record I own and have owned many products from both sides of this discussion.



    I'm currently an Android user, I own an iPad, Macbook and PC and I don't and never will understand what can only be described as the fan boy behavior occurring on this thread.



    Lets face it, if it weren't for Android, Apples major rival, there would be very little to no competition, causing the entire mobile market to become almost stagnant. Unless everyone here has very large steaks in AAPL you really should be glad of the competition which drives innovation. Now quit all this silly gloating and respect that both the App store and the Android market place both have their weaknesses and strengths . \
  • Reply 83 of 216
    So on Android, we have Google watching, listening, and recording every move we make (presumably this is legal) and now we have a bunch of hackers doing the same (illegally).



    Android = Hemorroid.



    I like my 'closed' system on the iPhone.
  • Reply 84 of 216
    tbelltbell Posts: 3,146member
    Strange, my Mac is jail broken. I can download what I want on it when I want. Don't really see that as a problem. Apple has implemented adequate protection measures there. Yet, when it comes to the iPhone somehow people are advocating it be totally controlled by Apple and Apple is advocating it can't protect jail broken phones.



    I wonder what people will think when Apple starts putting iOS on it's Macs and has them locked down as well. For what it is worth, this could have happened to an app in the app store as well. Recently, Apple removed applications from stealing people's iTunes account information and using it to purchase applications. Further, there was an application that was sold as a spot light application, but really had the hidden talent of allowing tethering.



    Quote:
    Originally Posted by MacTel View Post


    See Apple told you so!



    For those the jailbreak their iPhones they are more likely to get played by malware writers. Now that it is legal to jailbreak I'm sure more people will do it. We may even see a lawsuit from jailbroken iPhone users claiming Apple didn't protect them enough.



  • Reply 85 of 216
    zaphod0zaphod0 Posts: 7member
    Quote:
    Originally Posted by TBell View Post


    Strange, my Mac is jail broken. I can download what I want on it when I want. Don't really see that as a problem. Apple has implemented adequate protection measures there. Yet, when it comes to the iPhone somehow people are advocating it be totally controlled by Apple and Apple is advocating it can't protect jail broken phones.



    I wonder what people will think when Apple starts putting iOS on it's Macs and has them locked down as well.



    Well said TBell. Since the dawn of the computing age until the iPhone, it was completely up to the user what software they were allowed to install on there computers. Admittedly the iOS method is very safe, but poses some very strict limitations.



    I'd like to pose the question and I'm not being sarcastic here, I genuinely want to see peoples opinions. Why not put iOS or similar on all apple products, from iPod to Macs?
  • Reply 86 of 216
    gristangristan Posts: 25member






















    WHAT WILL HAPPEN TO THEIR LATEST ADS. BANNER, SAYING ON MacRumor, 9 to 5 Mac, Mashable





    " GO BEYOND THE i-TUNE!!!!!!!!!!!!!!!! "



    SUPPORTED BY " Google " AND " ADOBE "???????????????????
  • Reply 87 of 216
    Until Jobs and his minions start believing that apple owners have enough intelligence to change the batteries in their products, Apple and it?s fanboys should stop bashing any other product, including Android.



    How soon we forget about that "great" antenna design on the eyeFone 4.
  • Reply 88 of 216
    boppppbopppp Posts: 1member
    One thing i don't get. The article mentions that 23% of the iPhone apps incorporated third party code (which may include malicious functions). So why is everybody being so happy while also they are maybe infected (although with a lower chance)?



    // posting from a iMac so no mac-hater here
  • Reply 89 of 216
    prof. peabodyprof. peabody Posts: 2,860member
    Quote:
    Originally Posted by AppleInsider View Post


    An app distributed by Google's Android Market has collected private data from millions of users and forwarded it to servers China, validating Apple's uniquely strong stance on mobile security in the iPhone App Store.....



    Besides the obvious, I think the lesson here is also ... why the heck is a "wallpaper app" allowed in the Android store or the app store in the first place?



    These kind of apps are what people point to when they talk about the "crud" in the Apple app store. They serve no purpose other than directing a user to a private website which can of course be dubious. Apple might have an app with the same problem right now. The malicious code could just as easily be in the website you are connecting to as in the app.



    These kind of apps should be web apps at best or banned form the store otherwise. The only difference between this and a "regular" wallpaper app (of which there ate a great number), is that the payload of this one was data mining, whereas the payload of the others is advertising.



    Equally nefarious IMO.
  • Reply 90 of 216
    MacProMacPro Posts: 19,697member
    Quote:
    Originally Posted by notafanboy View Post


    Until Jobs and his minions start believing that apple owners have enough intelligence to change the batteries in their products, Apple and it’s fanboys should stop bashing any other product, including Android.



    How soon we forget about that "great" antenna design on the eyeFone 4.



    Of course we forget non-issues. You think comparing the fact that in a very weak signal area you can make your an iPhone lose a signal by gripping it tightly with a totally unsafe, unsecured eco system? Really?
  • Reply 91 of 216
    space2space2 Posts: 4member
    Is it me, or the text sounds a bit strange?



    For example:



    Quote:

    Apps on any platform can access personal data and forward that data to an external server, but the Lookout research found that 47 percent of the selection of Android apps it looked at incorporated third party code (which may include malicious functions), while only 23 percent of analyzed iPhone apps did.



    So they looked at apps from the market/appstore... I thought those app are 100%... so what are these numbers?!



    Second:



    Quote:

    That doesn't necessarily mean iOS apps can't forward user data inappropriately however; Apple has discovered and pulled apps that have violated its privacy policies.



    This kinda means "Ok, it already happened on iPhone as well"... or am I misunderstanding it?!



    Pls enlighten me ;-)
  • Reply 92 of 216
    gristangristan Posts: 25member
    Quote:
    Originally Posted by notafanboy View Post


    Until Jobs and his minions start believing that apple owners have enough intelligence to change the batteries in their products, Apple and it?s fanboys should stop bashing any other product, including Android.



    How soon we forget about that "great" antenna design on the eyeFone 4.















    >Recently I have switched to Verizon when I got my HTC Incredible. The phone is awesome and smart phones rule, but the poor sound quality, poor reception, and more dropped calls than I care to remember with Verizon makes me despise them. I love the incredible for what it can do. But I hate Verizon for what it can't.



    >P.S. I also got to play with a friends iphone 4. The first thing I tried was to block the reception since it had no bumper. I found that to be an impossible task. The thing had full bars!





    >Today I was playing with HTC Desire and I could easily kill the signal using the "iphone death grip" on it. And it was a total surprise to me. 4 bars to zero in a few seconds. No wrestling, just a normal grip.

    First time I heard about the iPhone's issue I was like OMG, but apparently quite a few phones out there share this issue. It's a pity that nobody treats other phones' deathgrips seriously. Frankly, it's ridiculous. Seems that no-one cares about other phones.

    .

    Meanwhile I do not care how big an issue it is on other phones, finger vs. a completely casual left hand grip is ALL THE SAME to me. Since the issue is there, one way or another, I'll be getting an iPhone 4.

    .

    Fingers vs. grips - all the same, since they effect the exact same, so called "normal use".
  • Reply 93 of 216
    djmikeodjmikeo Posts: 180member
    Quote:
    Originally Posted by bopppp View Post


    One thing i don't get. The article mentions that 23% of the iPhone apps incorporated third party code (which may include malicious functions). So why is everybody being so happy while also they are maybe infected (although with a lower chance)?



    // posting from a iMac so no mac-hater here



    I think that the 23% with the 3rd party code is actually, mostly code for advertising. So if they use Admob for their advertising revenue, it is third party code, and potentially could send data to that third party.
  • Reply 94 of 216
    Quote:
    Originally Posted by Zaim2 View Post


    "Android Phone Fans" have received clarification from the company.





    "[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device?s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail?s password is also not transmitted unless you included the password in your phone?s voicemail number field.



    We?re not yet certain on what the developer?s intentions are for using the pieces of data it does send to China ? so we can?t outright call it malicious ? but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone?s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data."





    So not as bad as reported, but bad nonetheless.



    "We are collecting your Credit Card Info for survey purposes"... or better yet: "We are collecting your Credit Card Info to verify you are an adult".
  • Reply 95 of 216
    firefly7475firefly7475 Posts: 1,502member
    Quote:
    Originally Posted by Zaim2 View Post


    "Android Phone Fans" have received clarification from the company.





    "[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device?s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail?s password is also not transmitted unless you included the password in your phone?s voicemail number field.



    We?re not yet certain on what the developer?s intentions are for using the pieces of data it does send to China ? so we can?t outright call it malicious ? but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone?s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data."





    So not as bad as reported, but bad nonetheless.







    Hey AI... the main article probably needs an update. It looks like Gwydion was right. Feel free to gloat if you must.





    Quote:
    Originally Posted by Gwydion View Post


    No, this thread proves nothing, mainly because is full of wrong facts. An app with that permission can't read any personal data (SMS's, bookmarks, history, voice mail passwords, etc)



  • Reply 96 of 216
    ctwisectwise Posts: 48member
    Quote:
    Originally Posted by MacTel View Post


    From my encounters, the main reason people jailbreak is to get on T-Mobile and away from AT&T. Then they can tether and do all kinds of things AT&T doesn't like. Get the iPhone on T-Mobile and many will stop jailbreaking as it wouldn't be worth it then.



    The main reason that the people I know used to jailbreak their phones was to activate tethering. That's the reason I did as well. Now that AT&T actively supports tethering it's not an issue for me. I bought an iPhone 4 and have no plans to jailbreak it.



    That said, it would be very nice indeed if Apple would support turning the iPhone into a wireless access point instead of just the Bluetooth connection. It would be slightly more convenient for me and invaluable when traveling in groups. And yes, I'm aware that the battery draw would go up significantly. That's not a problem on Amtrak which is where I do 99% of my business travel.
  • Reply 97 of 216
    plovellplovell Posts: 824member
    Symantec and McAfee are lovin' it.
  • Reply 98 of 216
    st3v3st3v3 Posts: 63member
    Quote:
    Originally Posted by Firefly7475 View Post






    Hey AI... the main article probably needs an update. It looks like Gwydion was right. Feel free to gloat if you must.



    The Apple fanboys don't care about that update. They just want something so they can "show those Android fanboys". Just like when the Android fanboys are unrelenting once an apple issue (accurate or not) starts. This site is entertaining because its like a giant nerd-fest of people defending their products like they were personally attacked--although the Apple nerds seem to think they're less nerdy than the Android nerds
  • Reply 99 of 216
    ctwisectwise Posts: 48member
    Quote:
    Originally Posted by space2 View Post


    So they looked at apps from the market/appstore... I thought those app are 100%... so what are these numbers?!



    They probably scanned the binary files (on the iPhone that would require jailbreaking the device) and looked for linkages. Those would tell you what code was being used. If their statistics are trustworthy it means that 1/4 of iPhone apps use third-party libraries and 1/2 of Android apps do. That only means something if there are malware code libraries floating around that people are using.



    Quote:
    Originally Posted by space2 View Post


    This kinda means "Ok, it already happened on iPhone as well"... or am I misunderstanding it?!



    So far as anyone is aware there haven't been any actively malevolent applications in the App Store. Some apps in the App Store violated Apple privacy policies, e.g., used your contacts without your knowledge and were pulled.



    The points to take away from the story are that Android apps aren't thoroughly "sandboxed". That means the apps on the phone are restricted in terms of what data they can access. On iOS devices apps can't access other apps data and have only limited access to user data. So it wouldn't be possible for an iOS app to access your SIM card unless the app writer found an iOS defect.



    The second point is that no one really looks at the apps in the Android market place. Apple actually tries each and every app and rejects those that don't do what they say they do. They also run some automated binary analysis routines looking for red flags. That said, a malware writer could possibly sneak something like this into the App Store. But it wouldn't be able to access the same amount of data that the Android app would and there's a much higher possibility of detection before it gets into the store.
  • Reply 100 of 216
    Hello all. After reading the three page discussion that's taken place on this site concerning the app that may/may not have been collecting personal data, I felt compelled to create an account and ask a few questions.



    Now I understand that this site is about as Apple-biased as you can get, but come on.. do you guys spend all day just looking for things wrong with Android? Is it an insecurity thing or do you really think iOS is the best thing since sliced bread? Your hatred of all things Android is absolutely ridiculous! I mean, it seems like somebody that worked at Google killed your best friend or something. I don't think there could be any more bitterness and hatred here.



    Let me get one thing straight- I love Android. I have used both iOS and Android for enough time to decide which I preferred (I had an iPhone for a few months) and made sure not to knock either before I tried them. I'm almost positive none of the commenters here have done that. I'm sure you/your mom/your grandma bought an iPhone, you used it, and decided that nothing in the world can be better, and that's fine- everybody has their own preferences. But good lord, why is it that all Apple fanboys are so closed-minded? As I previously mentioned, I've used both Android and iOS and I can name strong-points and weak-points of each (including hardware).



    Examples- I love the design of the iPhone. From the screen to it's overall look and feel- it's very well designed. Better than most Android phones, for sure. The iPhone keyboard is also better than the stock Android keyboard. It's MUCH easier to type on (perhaps because of the spacing of the keys?). I also like the proximity sensor on the iPhone, as my MyTouch 3g doesn't have one. Some apps are also much better on the App Market when compared to what you find on the Marketplace (Chase bank app, Facebook, etc.).



    See? Just because I use and love Android doesn't mean I have to spend all day searching for faults in other OS's. Sure, I love that I can sideload apps onto my phone without having to root it, and I actually prefer the Android Marketplace to the App Store (even though there is a higher chance of there being dangerous apps on it). The way I see it, I would rather be able to decide for myself if something is safe than have somebody else decide for me, and that's exactly what Android lets you do when it tells you what information an app has access to. Don't blame Android because people don't pay attention to warnings. If you see a calculator app is going to have access to your passwords, IMEI, stored passwords, and credit card, you probably shouldn't download it.



    Anyways, I'm done. If you get nothing else out of what I said, understand this- just because you're a fanboy doesn't mean you have to hate everybody else. Apple and Android need each other, just face it. The competition is great for everybody, right? So just sit back, stop your hating (unless you've actually used Android and can explain in detail WHY you don't care for it), and enjoy your phone.
Sign In or Register to comment.