as an owner of every gen of iphone, and an ipad 2 and mac minis and mac books and such, Visa and Amex dont think im an apple hater but it is absolutely a walled garden or gated community if you will...I forget who said this but the best describtion is that the web and internet in general (think wide open) is like a big city, lots of interesting things happening and artsy districts, great indy music scene, night life, farmers markets and such, with downsides like crime. iOS apps are the suburbs, low crime, cookie cutter houses and neighborhood committies that make you explain to your nosey neighbors why you want to paint your house a color other than beige, but its clean predictable and "nice" if you are into that sort of thing..
Perhaps its my libertarian side but Andriod is looking better all the time - I dont like being told that my home screen must be a grid of icons because Steve likes it that way.
good post.
besides the article doesn't seem to mention where the malware is located. given that a majority of android devices allow sideloading I'm sure most of those apps aren't market hosted.
It isn't Androids fault if idiots install apps without either reading the permissions or checking the source.
It isn't Androids fault if idiots install apps without either reading the permissions or checking the source.
Except for the fact that the lion's share of the population fits exactly that description. Android isn't just for geeks anymore. They've crossed over to the land of people that can't (or don't bother) wiping their own bottoms (to use an earlier poster's analogy). So when hoards of people end up walking around with feces in their Android underpants, you will learn the difference between being at fault and being a facilitator through negligence.
Or maybe it is Apple has thirty years of experience designing operating systems and is far more familiar with keeping security in mind. Google didn't build Android from the ground up. Security measures are an after thought.
Interesting you say that, because the security available on Google's online accounts system (for accessing GMail, Calendar and Android Market etc) is far, far beyond anything Apple has offered.
I will never switch away from GMail unless an alternative provider offers the same 2 step authentication methods. It's amazing that Apple charges an annual fee for its email service, yet the only protection offered to users is a password. Not secure at all.
For the same reasons some Red Sox fans like to dis the Yankees, and for the same reasons that some Christians like to harp on the evil of other sects of Christians, and some political folks like to demonize people with different leanings.
It's a black/white, hooray for our side, good/evil, "we're better", "I'm a winner" thing for the insecure among us.
I hope you realize that observation goes both ways, but considering your posting history, I'm afraid you sincerely believe that iOS fanboys are somehow worse, or that there are many more of them.
Quote:
Originally Posted by GranmaStak
I only hate android because the fandroids are obnoxious activists with some serious mommy and daddy issues that will buy anything but apple just because.
^ this
While I don't think the percentage of fandroids is higher among all Android users, relative to iOS fanboys, I can wholeheartedly agree that Android fanboys are a million times more annoying. I'm more or less indifferent to Android as a whole, even though I don't like the philosophy behind it, but I've been around on forums of many, many different kinds of technology (not just electronics by the way) to conclude that fandroids take the cake for being obnoxious. It's actually pretty sad and pitiful, and it taints my opinion about Android as a platform. To me, it seems you have to be a total jackass to really like Android, even though I know that's not true. Fandroids are not helping the platform.
I would compare fandroids to the kind of people you see arguing which one is better: PS3, Xbox 360 or PC. It's about at about the same level of lameness. That said, at least with consoles and PC games, you know most of the extremely rabid fanboys are 12 year olds, so I can forgive them...
Interesting you say that, because the security available on Google's online accounts system (for accessing GMail, Calendar and Android Market etc) is far, far beyond anything Apple has offered.
I will never switch away from GMail unless an alternative provider offers the same 2 step authentication methods. It's amazing that Apple charges an annual fee for its email service, yet the only protection offered to users is a password. Not secure at all.
The previous poster was talking specifically about Android, not Google's online services, and his statement was 100% correct. That is what the entire article and comment thread is about too. This is not a moratorium on Google's corporate practices, or anything. Just an observation that Google has little experience in developing operating systems for personal devices. The G services live on servers that are 100% in their control, so that experience doesn't exactly apply. The mantra "don't be evil" will only get you so far when you give everyone else partial control of your products.
The previous poster was talking specifically about Android, not Google's online services, and his statement was 100% correct. That is what the entire article and comment thread is about too. This is not a moratorium on Google's corporate practices, or anything. Just an observation about Android.
Thompson
Just note that Android itself isn't inherently more insecure or open to malware than iOS. From a strict security standpoint, they both have issues that need addressing, and each is as secure (insecure?) as the other according to blogs and posts from various security/hacker conferences. Instead it's the difference in the the app markets that opens Android users to more potential harm from malware.
besides the article doesn't seem to mention where the malware is located. given that a majority of android devices allow sideloading I'm sure most of those apps aren't market hosted.
It isn't Androids fault if idiots install apps without either reading the permissions or checking the source.
That is not true. Because Google allows developers to put their apps on the market unvetted, there have been several apps in their marketplace that are malware (and infringe on copywrite/trademarks as well). Just a few months ago, Google had to remote wipe apps from users phones and pull about 500 apps from their store due to malware. A lot of those apps were cracked apps of reputable apps so it's not just a matter of customers downloading sketchy stuff.
A new study has found that iOS remained untouched by malware during the second quarter, while Android faced 76 percent more threats than in the first quarter, making it the most targeted mobile platform. ...
Well, speaking as someone who thinks Android is possibly one of the worst OS's I've ever seen and that Android users are mostly juvenile angry young men with a chip on their shoulder ... I still have to say there are some things wrong with this article.
First, when OS's that no one has ever heard of and with basically zero consumer market penetration appear as sizeable wedges on the graph, that seems to indicate that the absolute numbers we are talking about must be rather low. So while Android may have lots of malware relative to iOS, the absolutely number of problems are going to be rather low also.
Secondly, if "malware" is defined as applications that (ultimately) steal your personal info, there are really lots of apps on iOS that have done this and have been accused of this, regardless of the fact that they don't fall into the definition of malicious malware. People *have* lost personal info to apps on iOS. It's not like it's a situation where iOS is totally safe.
I think it would be more fair to say Android is full of malicious, invisible, malware whereas with iOS you just have to be careful what you click on.
Interesting you say that, because the security available on Google's online accounts system (for accessing GMail, Calendar and Android Market etc) is far, far beyond anything Apple has offered.
I will never switch away from GMail unless an alternative provider offers the same 2 step authentication methods. It's amazing that Apple charges an annual fee for its email service, yet the only protection offered to users is a password. Not secure at all.
Out of curiosity, what is it exactly that makes GMail 'far, far beyond anything Apple has offered' in terms of security? I have GMail myself, and as far as I know, the only thing I can think of that makes GMail trivially more secure than MobileMe, is that you have to answer a 'secret' question if you want to re-set your password. Hardly airtight, as history has prove a million times (secret questions are useless since the answers are usually extremely easy to figure out).
From my point of view MobileMe and GMail are equally secure, both have the same weakest link, which is the password. Get the password, and you're toast. Trying to guess passwords or actually hack into the system are not really worthwhile for anyone anyway, seeing how many people are so easily tricked by some trivial fishing.
Been using Android since around 2007, not one instance of Malware on any of my devices.
With a little bit of intelligence on where you source your apps, the kind of apps you install and checking out app permissions, you can easily avoid any trouble.
Anyway, the study is biased. They should compare Androids with Cydia'd iPhones, which are most of them... and suddenly the picture is different. Or they should compare iPhones with Androids that only run Apps from the official store. Comparing Androids with unofficial stores and iPhones with no Cydia (again... very little subset) is just dishonnest.
On the other hand, I'd rather that people stop Cydia'ing and Android'ing and just buy my apps on AppStore
Well, speaking as someone who thinks Android is possibly one of the worst OS's I've ever seen and that Android users are mostly juvenile angry young men with a chip on their shoulder ... I still have to say there are some things wrong with this article.
First, when OS's that no one has ever heard of and with basically zero consumer market penetration appear as sizeable wedges on the graph, that seems to indicate that the absolute numbers we are talking about must be rather low. So while Android may have lots of malware relative to iOS, the absolutely number of problems are going to be rather low also.
Secondly, if "malware" is defined as applications that (ultimately) steal your personal info, there are really lots of apps on iOS that have done this and have been accused of this, regardless of the fact that they don't fall into the definition of malicious malware. People *have* lost personal info to apps on iOS. It's not like it's a situation where iOS is totally safe.
I think it would be more fair to say Android is full of malicious, invisible, malware whereas with iOS you just have to be careful what you click on.
"There are more than 2.1 billion Java ME enabled mobile phones and PDAs,[2]"
I'm sure nobody's ever heard of Java ME...
Quote:
Originally Posted by lightknight
Anyway, the study is biased. They should compare Androids with Cydia'd iPhones, which are most of them... and suddenly the picture is different. Or they should compare iPhones with Androids that only run Apps from the official store. Comparing Androids with unofficial stores and iPhones with no Cydia (again... very little subset) is just dishonnest.
On the other hand, I'd rather that people stop Cydia'ing and Android'ing and just buy my apps on AppStore
Android does not have to be hacked to get third party apps, iOS does. A comparison should be between how they are unhacked, because whether they can get third part apps is part of the system, and should be included as a factor in the security.
That is not true. Because Google allows developers to put their apps on the market unvetted, there have been several apps in their marketplace that are malware (and infringe on copywrite/trademarks as well). Just a few months ago, Google had to remote wipe apps from users phones and pull about 500 apps from their store due to malware. A lot of those apps were cracked apps of reputable apps so it's not just a matter of customers downloading sketchy stuff.
You do realize it IS possible to sneak a malware onto your Objective-C app, with a piece of code that maks sure it stays inactive for a while? Say for example, until you push a certain picture to Flicker?
Even though once you activate it AND get caught, Apple will pull your app, your license and go after your ass, it's still possible just as it is on Google MarketPlace.
I'll go further: if you find an exploit in iOS, the way Cydia guys do it, and use that into your code, you could easily infect thousands of iPhones with some "free game". Tracing that back to your code would take time, if it even happens, which it won't if you are intelligent.
An example: imagine you want to get some high ranking guy at some well known company, say a big bank like Standard Chartered. Those guys have iPhones. If you do the above, you definitely could check into his email... you'd just have to use your exploit to create a small ssh server, pingback "home" to a server you'd monitor and login to his machine. Or you could send a zip of the emails to a server you control. And since you target one specific guy, Apple would probably never know, nor the guy.
"There are more than 2.1 billion Java ME enabled mobile phones and PDAs,[2]"
I'm sure nobody's ever heard of Java ME...
Android does not have to be hacked to get third party apps, iOS does. A comparison should be between how they are unhacked, because whether they can get third part apps is part of the system, and should be included as a factor in the security.
A few weeks ago, Cydia demonstrated how this was false by using a PDF vulnerability to jailbreak iPhones. If, instead of jailbreaking, the code had had a nefarious payload, hundreds of thousands of iPhones could have fallen prey to it. Maybe they do, actually, who knows. If I owned a network of millions of comprimised iPhones, I would not brag about it, would you?
Your "factor of security" is actually a false sense of security. At least those guys who use Android know they have to be cautious what they click on. Us on iPhone tend to think we are safe. Cydia proved we were wrong.
You do realize it IS possible to sneak a malware onto your Objective-C app, with a piece of code that maks sure it stays inactive for a while? Say for example, until you push a certain picture to Flicker?
Even though once you activate it AND get caught, Apple will pull your app, your license and go after your ass, it's still possible just as it is on Google MarketPlace.
I'll go further: if you find an exploit in iOS, the way Cydia guys do it, and use that into your code, you could easily infect thousands of iPhones with some "free game". Tracing that back to your code would take time, if it even happens, which it won't if you are intelligent.
That's definitely true, but the fact remains that this way of spreading malware is not what cybercriminals are after. It's no use having to open new developer accounts (which cost money) and write new Trojans for your payload (which takes time), just to have an attack vector that will only work until someone finds out and you have to start all over again. Trying to sneak malware into the app store might be an interesting tactic for industrial espionage and such, but the typical CC number fishing, placing calls or sending text messages or large-scale harvesting of private information, it wouldn't work nearly as well on iOS.
Also, the checks Apple performs on iOS applications are supposed to be a little more extensive than just some user testing. An API scan is performed to see what kind of API's are used in the application, and if it turns out your fart app is using the API's to send text messages or place calls, or uses private API's to get outside its sandbox, the review process is supposed to find out and you will have to explain why your application behaves like that. I know mistakes are made in the review process every now and then, but even with those, it's still a lot better than no app reviews at all.
Just note that Android itself isn't inherently more insecure or open to malware than iOS. From a strict security standpoint, they both have issues that need addressing, and each is as secure (insecure?) as the other according to blogs and posts from various security/hacker conferences. Instead it's the difference in the the app markets that opens Android users to more potential harm from malware.
I agree. And I would further note that this came about by a natural evolution based on reality and experience, which has yet to smack Google square in the face.
Apple has reached two conclusions regarding viruses/malware/etc:
(1) you can't plug every potential exploit in a computer operating system, but you should do the best you can to react or even anticipate anyway (everybody gets this, I think) and
(2) the best way to protect a computer operating system from stuff you couldn't anticipate (or fix) is by controlling the input methods (data and apps) rather than giving the user free reign to dump anything they find out there onto their computers
This is a realistic approach. Google is still flirting with the idealistic approach, which is to say that they really don't want to take step (2). But those companies who have long experience with taking a computer operating system mainstream (and by that, I mean approaching a hundred million casual users, as opposed to tech savvy folks) will tell you that eventually you need to at least consider this step. Rumors suggest that Microsoft is leaning towards an "App Store" type solution for future versions of Windows for the same reason. Long overdue, on that front.
The "purists" out there must be cringing at my message here, but take solace: folks who really dislike the walled garden of step (2) you can simply jailbreak your iPhone without any legal consequence other than taking responsibility for the results. It is a simple process that only requires you take an active step that is not unlike the kind of stuff you apparently want to do anyway. By protecting the phone at the factory but not preventing its jailbreak, Apple forces you to take responsibility for when & if the feces hits the air circulation unit. I think it is the correct solution for a mass market device. Everybody can still do what they want, so those folks that hate step (2) can still get an iPhone that doesn't do that. This covers virtually everybody's tastes, as far as I can tell. If you want the garden, just take it. If you don't, then do what you do.
I'm growing weary from hearing stories from family members who cycle from euphoria to anger over their Android-based phones. There's enough shite in the world, and we're knee-deep in abusive ad hominem attacks. To get away from this Android-iOS insanity, spend some time over on Portland's Rants and Raves...
We're also at a breaking point of misinformation. How many people bother trying to sift through the opinion and rating reviews from so-called "consumers"?
Well this isn't really about Apple haters, it's about Android haters. How else would you describe people that do not use Android, yet spend a lot of time trying to convince others how insecure Android is? Do you really believe that anyone on Android fan sites spends time discussing how much iOS sucks? Newsflash: not everyone needs constant reassurance.
iCrap, iSheep, iToy, Crapple, iStupid users, iShit and a dozen other self serving denigrations to users of iOS products are used over and over.
You do realize it IS possible to sneak a malware onto your Objective-C app, with a piece of code that maks sure it stays inactive for a while? Say for example, until you push a certain picture to Flicker?
Even though once you activate it AND get caught, Apple will pull your app, your license and go after your ass, it's still possible just as it is on Google MarketPlace.
I'll go further: if you find an exploit in iOS, the way Cydia guys do it, and use that into your code, you could easily infect thousands of iPhones with some "free game". Tracing that back to your code would take time, if it even happens, which it won't if you are intelligent.
An example: imagine you want to get some high ranking guy at some well known company, say a big bank like Standard Chartered. Those guys have iPhones. If you do the above, you definitely could check into his email... you'd just have to use your exploit to create a small ssh server, pingback "home" to a server you'd monitor and login to his machine. Or you could send a zip of the emails to a server you control. And since you target one specific guy, Apple would probably never know, nor the guy.
Um, yes. In comments for another article on malware here I posted that I don't think iOS is inherently safer and used the flashlight app that had the ability to tether that was pulled from the app store as an example. My comment was in response to someone who said that the malicious apps were probably from sideloading and that malware probably wasn't found in Google's marketplace which is simply not true.
I personally think that it is not only the vetting that Apple does with its apps but also the fact that a developer has to pay $99 and is much more "trackable" if his/her app is found to be malicious.
Just note that Android itself isn't inherently more insecure or open to malware than iOS. From a strict security standpoint, they both have issues that need addressing, and each is as secure (insecure?) as the other according to blogs and posts from various security/hacker conferences. Instead it's the difference in the the app markets that opens Android users to more potential harm from malware.
While it's true that third party apps and the way the app market runs are the primary problem on Android you are overstating things here when you argue absolutely equivalency. iOS, like OS-X is indeed inherently more secure, and by intentional design, than Android is.
76% versus zero is not something that you can just wave your hand at and say "they are both the same." They really aren't.
For just one example, the decision by Android's designers to let the users manage their own security makes Android less secure by design. That's a bad design choice that has far reaching effects. These effects can't really be countered until that part of the design is changed.
A few weeks ago, Cydia demonstrated how this was false by using a PDF vulnerability to jailbreak iPhones. If, instead of jailbreaking, the code had had a nefarious payload, hundreds of thousands of iPhones could have fallen prey to it. Maybe they do, actually, who knows. If I owned a network of millions of comprimised iPhones, I would not brag about it, would you?
Your "factor of security" is actually a false sense of security. At least those guys who use Android know they have to be cautious what they click on. Us on iPhone tend to think we are safe. Cydia proved we were wrong.
In any security attack, you have to consider how quickly a virus or malware can spread in determining how much of a threat they really are to the platform.
When Word macro viruses first hit the scene, they spread like wildfire because they ran as soon as you opened the infected Word doc. And they infected the main template file for Word, and jumped to every Word document you opened. Businesses passed around millions of Word doc every day, so the threat level was extremely high; the viruses were everywhere in a very short period of time.
Virus and malware authors are like terrorists; they are looking for maximum impact. They don't want to work on a virus just to see it shut down after only a few dozen people get infected, because then they've played their hand and their security hole gets patched.
For an iOS user to be hit by a Cydia-style vulnerability, they would need to go to a particular website to get infected, or have a particular file passed around. Good luck trying to force a million people to engage in the exact same behavior.
Comments
as an owner of every gen of iphone, and an ipad 2 and mac minis and mac books and such, Visa and Amex dont think im an apple hater but it is absolutely a walled garden or gated community if you will...I forget who said this but the best describtion is that the web and internet in general (think wide open) is like a big city, lots of interesting things happening and artsy districts, great indy music scene, night life, farmers markets and such, with downsides like crime. iOS apps are the suburbs, low crime, cookie cutter houses and neighborhood committies that make you explain to your nosey neighbors why you want to paint your house a color other than beige, but its clean predictable and "nice" if you are into that sort of thing..
Perhaps its my libertarian side but Andriod is looking better all the time - I dont like being told that my home screen must be a grid of icons because Steve likes it that way.
good post.
besides the article doesn't seem to mention where the malware is located. given that a majority of android devices allow sideloading I'm sure most of those apps aren't market hosted.
It isn't Androids fault if idiots install apps without either reading the permissions or checking the source.
It isn't Androids fault if idiots install apps without either reading the permissions or checking the source.
Except for the fact that the lion's share of the population fits exactly that description. Android isn't just for geeks anymore. They've crossed over to the land of people that can't (or don't bother) wiping their own bottoms (to use an earlier poster's analogy). So when hoards of people end up walking around with feces in their Android underpants, you will learn the difference between being at fault and being a facilitator through negligence.
Thompson
Or maybe it is Apple has thirty years of experience designing operating systems and is far more familiar with keeping security in mind. Google didn't build Android from the ground up. Security measures are an after thought.
Interesting you say that, because the security available on Google's online accounts system (for accessing GMail, Calendar and Android Market etc) is far, far beyond anything Apple has offered.
I will never switch away from GMail unless an alternative provider offers the same 2 step authentication methods. It's amazing that Apple charges an annual fee for its email service, yet the only protection offered to users is a password. Not secure at all.
For the same reasons some Red Sox fans like to dis the Yankees, and for the same reasons that some Christians like to harp on the evil of other sects of Christians, and some political folks like to demonize people with different leanings.
It's a black/white, hooray for our side, good/evil, "we're better", "I'm a winner" thing for the insecure among us.
I hope you realize that observation goes both ways, but considering your posting history, I'm afraid you sincerely believe that iOS fanboys are somehow worse, or that there are many more of them.
I only hate android because the fandroids are obnoxious activists with some serious mommy and daddy issues that will buy anything but apple just because.
^ this
While I don't think the percentage of fandroids is higher among all Android users, relative to iOS fanboys, I can wholeheartedly agree that Android fanboys are a million times more annoying. I'm more or less indifferent to Android as a whole, even though I don't like the philosophy behind it, but I've been around on forums of many, many different kinds of technology (not just electronics by the way) to conclude that fandroids take the cake for being obnoxious. It's actually pretty sad and pitiful, and it taints my opinion about Android as a platform. To me, it seems you have to be a total jackass to really like Android, even though I know that's not true. Fandroids are not helping the platform.
I would compare fandroids to the kind of people you see arguing which one is better: PS3, Xbox 360 or PC. It's about at about the same level of lameness. That said, at least with consoles and PC games, you know most of the extremely rabid fanboys are 12 year olds, so I can forgive them...
Interesting you say that, because the security available on Google's online accounts system (for accessing GMail, Calendar and Android Market etc) is far, far beyond anything Apple has offered.
I will never switch away from GMail unless an alternative provider offers the same 2 step authentication methods. It's amazing that Apple charges an annual fee for its email service, yet the only protection offered to users is a password. Not secure at all.
The previous poster was talking specifically about Android, not Google's online services, and his statement was 100% correct. That is what the entire article and comment thread is about too. This is not a moratorium on Google's corporate practices, or anything. Just an observation that Google has little experience in developing operating systems for personal devices. The G services live on servers that are 100% in their control, so that experience doesn't exactly apply. The mantra "don't be evil" will only get you so far when you give everyone else partial control of your products.
Thompson
The previous poster was talking specifically about Android, not Google's online services, and his statement was 100% correct. That is what the entire article and comment thread is about too. This is not a moratorium on Google's corporate practices, or anything. Just an observation about Android.
Thompson
Just note that Android itself isn't inherently more insecure or open to malware than iOS. From a strict security standpoint, they both have issues that need addressing, and each is as secure (insecure?) as the other according to blogs and posts from various security/hacker conferences. Instead it's the difference in the the app markets that opens Android users to more potential harm from malware.
good post.
besides the article doesn't seem to mention where the malware is located. given that a majority of android devices allow sideloading I'm sure most of those apps aren't market hosted.
It isn't Androids fault if idiots install apps without either reading the permissions or checking the source.
That is not true. Because Google allows developers to put their apps on the market unvetted, there have been several apps in their marketplace that are malware (and infringe on copywrite/trademarks as well). Just a few months ago, Google had to remote wipe apps from users phones and pull about 500 apps from their store due to malware. A lot of those apps were cracked apps of reputable apps so it's not just a matter of customers downloading sketchy stuff.
A new study has found that iOS remained untouched by malware during the second quarter, while Android faced 76 percent more threats than in the first quarter, making it the most targeted mobile platform. ...
Well, speaking as someone who thinks Android is possibly one of the worst OS's I've ever seen and that Android users are mostly juvenile angry young men with a chip on their shoulder ... I still have to say there are some things wrong with this article.
First, when OS's that no one has ever heard of and with basically zero consumer market penetration appear as sizeable wedges on the graph, that seems to indicate that the absolute numbers we are talking about must be rather low. So while Android may have lots of malware relative to iOS, the absolutely number of problems are going to be rather low also.
Secondly, if "malware" is defined as applications that (ultimately) steal your personal info, there are really lots of apps on iOS that have done this and have been accused of this, regardless of the fact that they don't fall into the definition of malicious malware. People *have* lost personal info to apps on iOS. It's not like it's a situation where iOS is totally safe.
I think it would be more fair to say Android is full of malicious, invisible, malware whereas with iOS you just have to be careful what you click on.
Interesting you say that, because the security available on Google's online accounts system (for accessing GMail, Calendar and Android Market etc) is far, far beyond anything Apple has offered.
I will never switch away from GMail unless an alternative provider offers the same 2 step authentication methods. It's amazing that Apple charges an annual fee for its email service, yet the only protection offered to users is a password. Not secure at all.
Out of curiosity, what is it exactly that makes GMail 'far, far beyond anything Apple has offered' in terms of security? I have GMail myself, and as far as I know, the only thing I can think of that makes GMail trivially more secure than MobileMe, is that you have to answer a 'secret' question if you want to re-set your password. Hardly airtight, as history has prove a million times (secret questions are useless since the answers are usually extremely easy to figure out).
From my point of view MobileMe and GMail are equally secure, both have the same weakest link, which is the password. Get the password, and you're toast. Trying to guess passwords or actually hack into the system are not really worthwhile for anyone anyway, seeing how many people are so easily tricked by some trivial fishing.
Been using Android since around 2007, not one instance of Malware on any of my devices.
With a little bit of intelligence on where you source your apps, the kind of apps you install and checking out app permissions, you can easily avoid any trouble.
Anyway, the study is biased. They should compare Androids with Cydia'd iPhones, which are most of them... and suddenly the picture is different. Or they should compare iPhones with Androids that only run Apps from the official store. Comparing Androids with unofficial stores and iPhones with no Cydia (again... very little subset) is just dishonnest.
On the other hand, I'd rather that people stop Cydia'ing and Android'ing and just buy my apps on AppStore
Well, speaking as someone who thinks Android is possibly one of the worst OS's I've ever seen and that Android users are mostly juvenile angry young men with a chip on their shoulder ... I still have to say there are some things wrong with this article.
First, when OS's that no one has ever heard of and with basically zero consumer market penetration appear as sizeable wedges on the graph, that seems to indicate that the absolute numbers we are talking about must be rather low. So while Android may have lots of malware relative to iOS, the absolutely number of problems are going to be rather low also.
Secondly, if "malware" is defined as applications that (ultimately) steal your personal info, there are really lots of apps on iOS that have done this and have been accused of this, regardless of the fact that they don't fall into the definition of malicious malware. People *have* lost personal info to apps on iOS. It's not like it's a situation where iOS is totally safe.
I think it would be more fair to say Android is full of malicious, invisible, malware whereas with iOS you just have to be careful what you click on.
"There are more than 2.1 billion Java ME enabled mobile phones and PDAs,[2]"
I'm sure nobody's ever heard of Java ME...
Anyway, the study is biased. They should compare Androids with Cydia'd iPhones, which are most of them... and suddenly the picture is different. Or they should compare iPhones with Androids that only run Apps from the official store. Comparing Androids with unofficial stores and iPhones with no Cydia (again... very little subset) is just dishonnest.
On the other hand, I'd rather that people stop Cydia'ing and Android'ing and just buy my apps on AppStore
Android does not have to be hacked to get third party apps, iOS does. A comparison should be between how they are unhacked, because whether they can get third part apps is part of the system, and should be included as a factor in the security.
That is not true. Because Google allows developers to put their apps on the market unvetted, there have been several apps in their marketplace that are malware (and infringe on copywrite/trademarks as well). Just a few months ago, Google had to remote wipe apps from users phones and pull about 500 apps from their store due to malware. A lot of those apps were cracked apps of reputable apps so it's not just a matter of customers downloading sketchy stuff.
You do realize it IS possible to sneak a malware onto your Objective-C app, with a piece of code that maks sure it stays inactive for a while? Say for example, until you push a certain picture to Flicker?
Even though once you activate it AND get caught, Apple will pull your app, your license and go after your ass, it's still possible just as it is on Google MarketPlace.
I'll go further: if you find an exploit in iOS, the way Cydia guys do it, and use that into your code, you could easily infect thousands of iPhones with some "free game". Tracing that back to your code would take time, if it even happens, which it won't if you are intelligent.
An example: imagine you want to get some high ranking guy at some well known company, say a big bank like Standard Chartered. Those guys have iPhones. If you do the above, you definitely could check into his email... you'd just have to use your exploit to create a small ssh server, pingback "home" to a server you'd monitor and login to his machine. Or you could send a zip of the emails to a server you control. And since you target one specific guy, Apple would probably never know, nor the guy.
"There are more than 2.1 billion Java ME enabled mobile phones and PDAs,[2]"
I'm sure nobody's ever heard of Java ME...
Android does not have to be hacked to get third party apps, iOS does. A comparison should be between how they are unhacked, because whether they can get third part apps is part of the system, and should be included as a factor in the security.
A few weeks ago, Cydia demonstrated how this was false by using a PDF vulnerability to jailbreak iPhones. If, instead of jailbreaking, the code had had a nefarious payload, hundreds of thousands of iPhones could have fallen prey to it. Maybe they do, actually, who knows. If I owned a network of millions of comprimised iPhones, I would not brag about it, would you?
Your "factor of security" is actually a false sense of security. At least those guys who use Android know they have to be cautious what they click on. Us on iPhone tend to think we are safe. Cydia proved we were wrong.
You do realize it IS possible to sneak a malware onto your Objective-C app, with a piece of code that maks sure it stays inactive for a while? Say for example, until you push a certain picture to Flicker?
Even though once you activate it AND get caught, Apple will pull your app, your license and go after your ass, it's still possible just as it is on Google MarketPlace.
I'll go further: if you find an exploit in iOS, the way Cydia guys do it, and use that into your code, you could easily infect thousands of iPhones with some "free game". Tracing that back to your code would take time, if it even happens, which it won't if you are intelligent.
That's definitely true, but the fact remains that this way of spreading malware is not what cybercriminals are after. It's no use having to open new developer accounts (which cost money) and write new Trojans for your payload (which takes time), just to have an attack vector that will only work until someone finds out and you have to start all over again. Trying to sneak malware into the app store might be an interesting tactic for industrial espionage and such, but the typical CC number fishing, placing calls or sending text messages or large-scale harvesting of private information, it wouldn't work nearly as well on iOS.
Also, the checks Apple performs on iOS applications are supposed to be a little more extensive than just some user testing. An API scan is performed to see what kind of API's are used in the application, and if it turns out your fart app is using the API's to send text messages or place calls, or uses private API's to get outside its sandbox, the review process is supposed to find out and you will have to explain why your application behaves like that. I know mistakes are made in the review process every now and then, but even with those, it's still a lot better than no app reviews at all.
Just note that Android itself isn't inherently more insecure or open to malware than iOS. From a strict security standpoint, they both have issues that need addressing, and each is as secure (insecure?) as the other according to blogs and posts from various security/hacker conferences. Instead it's the difference in the the app markets that opens Android users to more potential harm from malware.
I agree. And I would further note that this came about by a natural evolution based on reality and experience, which has yet to smack Google square in the face.
Apple has reached two conclusions regarding viruses/malware/etc:
(1) you can't plug every potential exploit in a computer operating system, but you should do the best you can to react or even anticipate anyway (everybody gets this, I think) and
(2) the best way to protect a computer operating system from stuff you couldn't anticipate (or fix) is by controlling the input methods (data and apps) rather than giving the user free reign to dump anything they find out there onto their computers
This is a realistic approach. Google is still flirting with the idealistic approach, which is to say that they really don't want to take step (2). But those companies who have long experience with taking a computer operating system mainstream (and by that, I mean approaching a hundred million casual users, as opposed to tech savvy folks) will tell you that eventually you need to at least consider this step. Rumors suggest that Microsoft is leaning towards an "App Store" type solution for future versions of Windows for the same reason. Long overdue, on that front.
The "purists" out there must be cringing at my message here, but take solace: folks who really dislike the walled garden of step (2) you can simply jailbreak your iPhone without any legal consequence other than taking responsibility for the results. It is a simple process that only requires you take an active step that is not unlike the kind of stuff you apparently want to do anyway. By protecting the phone at the factory but not preventing its jailbreak, Apple forces you to take responsibility for when & if the feces hits the air circulation unit. I think it is the correct solution for a mass market device. Everybody can still do what they want, so those folks that hate step (2) can still get an iPhone that doesn't do that. This covers virtually everybody's tastes, as far as I can tell. If you want the garden, just take it. If you don't, then do what you do.
Thompson
http://www.psychologyhelp.com/thnk86.htm
I'm growing weary from hearing stories from family members who cycle from euphoria to anger over their Android-based phones. There's enough shite in the world, and we're knee-deep in abusive ad hominem attacks. To get away from this Android-iOS insanity, spend some time over on Portland's Rants and Raves...
We're also at a breaking point of misinformation. How many people bother trying to sift through the opinion and rating reviews from so-called "consumers"?
Less is more. Is it sunny out? Get out there!
Well this isn't really about Apple haters, it's about Android haters. How else would you describe people that do not use Android, yet spend a lot of time trying to convince others how insecure Android is? Do you really believe that anyone on Android fan sites spends time discussing how much iOS sucks? Newsflash: not everyone needs constant reassurance.
iCrap, iSheep, iToy, Crapple, iStupid users, iShit and a dozen other self serving denigrations to users of iOS products are used over and over.
You do realize it IS possible to sneak a malware onto your Objective-C app, with a piece of code that maks sure it stays inactive for a while? Say for example, until you push a certain picture to Flicker?
Even though once you activate it AND get caught, Apple will pull your app, your license and go after your ass, it's still possible just as it is on Google MarketPlace.
I'll go further: if you find an exploit in iOS, the way Cydia guys do it, and use that into your code, you could easily infect thousands of iPhones with some "free game". Tracing that back to your code would take time, if it even happens, which it won't if you are intelligent.
An example: imagine you want to get some high ranking guy at some well known company, say a big bank like Standard Chartered. Those guys have iPhones. If you do the above, you definitely could check into his email... you'd just have to use your exploit to create a small ssh server, pingback "home" to a server you'd monitor and login to his machine. Or you could send a zip of the emails to a server you control. And since you target one specific guy, Apple would probably never know, nor the guy.
Um, yes. In comments for another article on malware here I posted that I don't think iOS is inherently safer and used the flashlight app that had the ability to tether that was pulled from the app store as an example. My comment was in response to someone who said that the malicious apps were probably from sideloading and that malware probably wasn't found in Google's marketplace which is simply not true.
I personally think that it is not only the vetting that Apple does with its apps but also the fact that a developer has to pay $99 and is much more "trackable" if his/her app is found to be malicious.
Just note that Android itself isn't inherently more insecure or open to malware than iOS. From a strict security standpoint, they both have issues that need addressing, and each is as secure (insecure?) as the other according to blogs and posts from various security/hacker conferences. Instead it's the difference in the the app markets that opens Android users to more potential harm from malware.
While it's true that third party apps and the way the app market runs are the primary problem on Android you are overstating things here when you argue absolutely equivalency. iOS, like OS-X is indeed inherently more secure, and by intentional design, than Android is.
76% versus zero is not something that you can just wave your hand at and say "they are both the same." They really aren't.
For just one example, the decision by Android's designers to let the users manage their own security makes Android less secure by design. That's a bad design choice that has far reaching effects. These effects can't really be countered until that part of the design is changed.
A few weeks ago, Cydia demonstrated how this was false by using a PDF vulnerability to jailbreak iPhones. If, instead of jailbreaking, the code had had a nefarious payload, hundreds of thousands of iPhones could have fallen prey to it. Maybe they do, actually, who knows. If I owned a network of millions of comprimised iPhones, I would not brag about it, would you?
Your "factor of security" is actually a false sense of security. At least those guys who use Android know they have to be cautious what they click on. Us on iPhone tend to think we are safe. Cydia proved we were wrong.
In any security attack, you have to consider how quickly a virus or malware can spread in determining how much of a threat they really are to the platform.
When Word macro viruses first hit the scene, they spread like wildfire because they ran as soon as you opened the infected Word doc. And they infected the main template file for Word, and jumped to every Word document you opened. Businesses passed around millions of Word doc every day, so the threat level was extremely high; the viruses were everywhere in a very short period of time.
Virus and malware authors are like terrorists; they are looking for maximum impact. They don't want to work on a virus just to see it shut down after only a few dozen people get infected, because then they've played their hand and their security hole gets patched.
For an iOS user to be hit by a Cydia-style vulnerability, they would need to go to a particular website to get infected, or have a particular file passed around. Good luck trying to force a million people to engage in the exact same behavior.