This is a good argument for Mac OS X to become curated as well.
Except on OS X, we have a large number of users using "Little Snitch" or other such software who would catch such a thing in an instant and it would be front page news on every tech related news site and several mainstream media sites.
Secondly, more pertinently, is that the issue is not that "An SMS app needs access to SMS". The point is that once you have granted permission that app can then send SMS's behind your back without you knowing. Apple's iOS and App Store has various layers that prevent this sort of thing. From private API use, to some level of human-checking of apps and a reasonably robust review and rating system.
Quote:
Originally Posted by tonton
No, we're pointing out that there's no security when that SMS application, which may in fact have a legitimate need to access your SMSes, can also read them all, archive them, mine them for information like your friends' contact details, and sell those details or use them for spamming purposes.
They can search your SMSes for other details like credit card numbers and passwords, if you're stupid enough to send those things over SMS communications.
The example shown was for a SMS application that provided (by the looks of it) a conversation like of you SMS messages, allowing you to read them, and send them. It needs read and write access to your SMS messages, without it, it won't work.
Sure they may have written backdoor code it it, but so could anyone in the Apple world as well, Apple doesn't check code to approve an app, apps have been approved before by Apple that broke the Apple rules, they don't do anything it until after the fact.
And it you are going to moan about permissions, choose an app that doesn't actually need that functionality.
Quote:
Originally Posted by nvidia2008
With no screening process, how on Earth can you be sure these things aren't happening right now?
As I have said, even with Apples screening process rogue apps can and will get through.
Except on OS X, we have a large number of users using "Little Snitch" or other such software who would catch such a thing in an instant and it would be front page news on every tech related news site and several mainstream media sites.
Please provide usage statistics for Little Snitch. I don't know anyone that uses this program, especially at the price they are asking
So most AMERICAN Android users have little to worry about?
What utter BS.
I want to know the apps I download have been through Apple's rigorous clearing process. Nerds who've bought Google's PR garbage may call that a walled garden. I call it safe computing.
Not really. Today, this moment? Yes, no problem. A few days or weeks from now? I wouldn't feel so fat, dumb and happy. The technique is in the field and if Chinese Android App stores can be tricked into uploading malwar-ized legitimate apps, so can non-Chinese Android App stores.
The point is that you never know when or why they're doing it. There is no data security whatsoever once you give permission. And there's no app screening process, so there's no way to know which apps might have a secret back door. It's really scary, actually, especially when your most personal data is in the mix.
I'm very happy with the level of control under iOS, TYVM. I don't need the security mess that is Android.
Well, Apple is getting sued because it is alleged that Apple's screening process is deficient and that allows all kinds of apps to be getting all kinds of personal information.
Also the problem is compounded by jailbreaking/unlocking. You should be grabbing the source code for the jailbreaking/unlocking yourself, inspect them line by line so that you know that nobody is putting a back door on your iphone, and compile the jailbreaking program yourself...
I'm surprised it took this long for someone to create a botnet with Android phones. The Android Weedpatch is ripe for this kind of exploit.
Android top apps are mostly task killers now, but in the future there might be a boom in anti-malware apps. Just like there was a boom in anti-virus software on Windows. Google doesn't care. All they want is eyeballs on ads. You are what Google sells to advertisers. You're just a number to Google.
Please provide usage statistics for Little Snitch. I don't know anyone that uses this program, especially at the price they are asking
You do now. And it has allowed me to uncover at least one attempted malware javascript that tried to get out on a port other than 80 which I allow Safari to have.
It also puts a kibosh on some apps phone home behavior.
I'm surprised it took this long for someone to create a botnet with Android phones. The Android Weedpatch is ripe for this kind of exploit.
The problem is that there is NO botnet. Security software vendors says it COULD be a botnet
Quote:
Originally Posted by SockRolid
Android top apps are mostly task killers now, but in the future there might be a boom in anti-malware apps. Just like there was a boom in anti-virus software on Windows. Google doesn't care. All they want is eyeballs on ads. You are what Google sells to advertisers. You're just a number to Google.
False, since 2.0 task killers hasn't been necesary.
Please provide usage statistics for Little Snitch. I don't know anyone that uses this program, especially at the price they are asking
I love stupid comments like this. No one has access to these kind of statistics outside the developer(s), and I'm sure you know that.
Quote:
Originally Posted by Hiro
You do now. And it has allowed me to uncover at least one attempted malware javascript that tried to get out on a port other than 80 which I allow Safari to have.
It also puts a kibosh on some apps phone home behavior.
I use Little Snitch and at least a couple friends (that I know of) use it as well.
We desperately need an (official) app like this for iPhone/iPodTouch. I know there are options available through "back channels", but maybe we need some kind of petition for this...
I would not dream of using a computer hooked up to the net without Little Snitch (or an equivalent?). Try it out for a couple weeks and see how much your apps phone home and/or other random or unknown places. Fortunately, for LS users, it's merely an attempt to do so.
On your desktop/laptop, apps have nearly unlimited access to your personal information. Anyone who considers all apps to be 100% trustworthy is a fool. That's just not the way the real world operates. The majority are honest, but it only takes one bad egg to spoil things.
How so. In OS X the software will need to ask for a password to have the kinds of system access the Android malware has and VERY few apps should ever need a password, so this is a major red flag if it is unexpected. The Android app doesn't even need a password, it gets its permission merely from the fact you agreed to download it. And once it's there it can download and install other stuff without ever having to ask. That's a pretty big difference.
How so. In OS X the software will need to ask for a password to have the kinds of system access the Android malware has and VERY few apps should ever need a password, so this is a major red flag if it is unexpected. The Android app doesn't even need a password, it gets its permission merely from the fact you agreed to download it. And once it's there it can download and install other stuff without ever having to ask. That's a pretty big difference.
Meeec, to download the app you must agree to the permissions, if you don't agree the permissions you can't download or install the app.
And no it can't download and install stuff withouth asking your permission.
On iOS there is App already built-in SMS app, so anything I download that MAY ask for permission to my SMS will NOT to downloaded. It's simple folks. On android they have to downloaded everything, even apps to help the os to give functionality that we take for granted on iOS, poor bastards, bu they chose this , so let them suffer.
Also app killer is required for those that have old versions o he android os, wow what a wonderful advertisement !
Comments
deleted
This is a good argument for Mac OS X to become curated as well.
Except on OS X, we have a large number of users using "Little Snitch" or other such software who would catch such a thing in an instant and it would be front page news on every tech related news site and several mainstream media sites.
deleted
deleted
Secondly, more pertinently, is that the issue is not that "An SMS app needs access to SMS". The point is that once you have granted permission that app can then send SMS's behind your back without you knowing. Apple's iOS and App Store has various layers that prevent this sort of thing. From private API use, to some level of human-checking of apps and a reasonably robust review and rating system.
No, we're pointing out that there's no security when that SMS application, which may in fact have a legitimate need to access your SMSes, can also read them all, archive them, mine them for information like your friends' contact details, and sell those details or use them for spamming purposes.
They can search your SMSes for other details like credit card numbers and passwords, if you're stupid enough to send those things over SMS communications.
The example shown was for a SMS application that provided (by the looks of it) a conversation like of you SMS messages, allowing you to read them, and send them. It needs read and write access to your SMS messages, without it, it won't work.
Sure they may have written backdoor code it it, but so could anyone in the Apple world as well, Apple doesn't check code to approve an app, apps have been approved before by Apple that broke the Apple rules, they don't do anything it until after the fact.
And it you are going to moan about permissions, choose an app that doesn't actually need that functionality.
With no screening process, how on Earth can you be sure these things aren't happening right now?
As I have said, even with Apples screening process rogue apps can and will get through.
Except on OS X, we have a large number of users using "Little Snitch" or other such software who would catch such a thing in an instant and it would be front page news on every tech related news site and several mainstream media sites.
Please provide usage statistics for Little Snitch. I don't know anyone that uses this program, especially at the price they are asking
So most AMERICAN Android users have little to worry about?
What utter BS.
I want to know the apps I download have been through Apple's rigorous clearing process. Nerds who've bought Google's PR garbage may call that a walled garden. I call it safe computing.
Not really. Today, this moment? Yes, no problem. A few days or weeks from now? I wouldn't feel so fat, dumb and happy. The technique is in the field and if Chinese Android App stores can be tricked into uploading malwar-ized legitimate apps, so can non-Chinese Android App stores.
The point is that you never know when or why they're doing it. There is no data security whatsoever once you give permission. And there's no app screening process, so there's no way to know which apps might have a secret back door. It's really scary, actually, especially when your most personal data is in the mix.
I'm very happy with the level of control under iOS, TYVM. I don't need the security mess that is Android.
Well, Apple is getting sued because it is alleged that Apple's screening process is deficient and that allows all kinds of apps to be getting all kinds of personal information.
Also the problem is compounded by jailbreaking/unlocking. You should be grabbing the source code for the jailbreaking/unlocking yourself, inspect them line by line so that you know that nobody is putting a back door on your iphone, and compile the jailbreaking program yourself...
deleted
Android top apps are mostly task killers now, but in the future there might be a boom in anti-malware apps. Just like there was a boom in anti-virus software on Windows. Google doesn't care. All they want is eyeballs on ads. You are what Google sells to advertisers. You're just a number to Google.
Please provide usage statistics for Little Snitch. I don't know anyone that uses this program, especially at the price they are asking
You do now. And it has allowed me to uncover at least one attempted malware javascript that tried to get out on a port other than 80 which I allow Safari to have.
It also puts a kibosh on some apps phone home behavior.
I'm surprised it took this long for someone to create a botnet with Android phones. The Android Weedpatch is ripe for this kind of exploit.
The problem is that there is NO botnet. Security software vendors says it COULD be a botnet
Android top apps are mostly task killers now, but in the future there might be a boom in anti-malware apps. Just like there was a boom in anti-virus software on Windows. Google doesn't care. All they want is eyeballs on ads. You are what Google sells to advertisers. You're just a number to Google.
False, since 2.0 task killers hasn't been necesary.
The problem is that there is NO botnet. Security software vendors says it COULD be a botnet
No, but it just became almost trivial to propagate one. And we all know nature abhors a vacuum.
No, but it just became almost trivial to propagate one.
Trivial propagate? Exactly like in OS X.
Please provide usage statistics for Little Snitch. I don't know anyone that uses this program, especially at the price they are asking
I love stupid comments like this. No one has access to these kind of statistics outside the developer(s), and I'm sure you know that.
You do now. And it has allowed me to uncover at least one attempted malware javascript that tried to get out on a port other than 80 which I allow Safari to have.
It also puts a kibosh on some apps phone home behavior.
I use Little Snitch and at least a couple friends (that I know of) use it as well.
We desperately need an (official) app like this for iPhone/iPodTouch. I know there are options available through "back channels", but maybe we need some kind of petition for this...
I would not dream of using a computer hooked up to the net without Little Snitch (or an equivalent?). Try it out for a couple weeks and see how much your apps phone home and/or other random or unknown places. Fortunately, for LS users, it's merely an attempt to do so.
On your desktop/laptop, apps have nearly unlimited access to your personal information. Anyone who considers all apps to be 100% trustworthy is a fool. That's just not the way the real world operates. The majority are honest, but it only takes one bad egg to spoil things.
Trivial propagate? Exactly like in OS X.
How so. In OS X the software will need to ask for a password to have the kinds of system access the Android malware has and VERY few apps should ever need a password, so this is a major red flag if it is unexpected. The Android app doesn't even need a password, it gets its permission merely from the fact you agreed to download it. And once it's there it can download and install other stuff without ever having to ask. That's a pretty big difference.
How so. In OS X the software will need to ask for a password to have the kinds of system access the Android malware has and VERY few apps should ever need a password, so this is a major red flag if it is unexpected. The Android app doesn't even need a password, it gets its permission merely from the fact you agreed to download it. And once it's there it can download and install other stuff without ever having to ask. That's a pretty big difference.
Meeec, to download the app you must agree to the permissions, if you don't agree the permissions you can't download or install the app.
And no it can't download and install stuff withouth asking your permission.
Nope, you just download any app and it has access to do pretty much anything it wants to do.
Honestly, just look at those permissions for simple apps... Any rational person would question
the whole scheme of Android permissions. The dialog box should just read:
"Would you like to give everything about yourself away to everyone and anyone? Click OK to proceed.
Oh, BTW, we will have full access to making your phone do whatever we want without you knowing."
Ummmmm of course Handcent SMS needs permission to receive and send SMS msgs, that's what the app does. Find better examples please.
Also app killer is required for those that have old versions o he android os, wow what a wonderful advertisement !