Mobile malware exploding, but only for Android

12467

Comments

  • Reply 61 of 136
    auxioauxio Posts: 2,271member

    Quote:

    Originally Posted by os2baba View Post


     


    I have now been using Android for 5 years. And I have no malware on my phone. Yes, I check the permissions before installing, and if I find anything suspicious, I don't install the app. Not really all that difficult.



     


    I would pay money to see you explain this to a room full of people who aren't interested in technology in the slightest (only use their phone to keep in contact with others), don't even want to be at a meeting with an IT person (only doing it because it's required for their job), and will make a joke or snide comment anytime they hear tech terminology they don't understand (either that or just tune out at that point).  Welcome to the rest of the world.

  • Reply 62 of 136
    hill60hill60 Posts: 6,992member

    Quote:

    Originally Posted by os2baba View Post


    blah, blah, blah



     


    Don't care, go spread your message on Android forums where kdarling's "gullible" android users hang out.


     


    My first android phone was an HTC Magic.

  • Reply 63 of 136
    hill60hill60 Posts: 6,992member

    Quote:

    Originally Posted by Gatorguy View Post


    Trojans unique to Chrome? First I'd heard of it. Any example or are you mistaking it for this recent story?


    http://thenextweb.com/insider/2013/03/21/new-os-x-trojan-injects-ads-into-pages-browsed-by-chrome-firefox-and-safari-even-targets-apples-website/


     


    EDIT: Chrome automatically disables 3rd-party extensions, even "silent" ones. Users have to actively choose to individually enable them.



     


    How the f*ck do you confuse trojans infecting Microsoft Windows XP systems using legacy software requiring Microsoft Internet Explorer along with Microsoft ActiveX with that article you linked to?


     


    Mate, maybe it's time to give up, the tenuousness of the far fetched links you use in your constant defence of all things Google has left the bounds of reality. 


     


    How did trojan's get in via Chrome?


     


    Because the idiots in IT trusted the "most secure browser" bullshit spouted by Google acolytes which let Chrome punch a hole through the corporate firewalls most probably by installing Java in the background, when users stupid enough to believe that "private browsing" gave them immunity from going to sites they shouldn't have.

  • Reply 64 of 136
    So a security company that sells Android security apps has produced a report that says Android malware is increasing? It's hardly going to say "Hey folks, there isn't much Android malware, you don't need to buy our apps!" There's a bit of self interest conflict here. I had security software installed on my Android devices, but took it off after 6 months because it never found anything. I'm not saying it doesn't exist, it does, but if you only ever install popular apps from the Play Store you'll never see a virus. A cynical person might wonder whether this F-Secure report is in part a scare story in order to boost its app sales.
  • Reply 65 of 136
    dasanman69dasanman69 Posts: 13,001member
    So a security company that sells Android security apps has produced a report that says Android malware is increasing? It's hardly going to say "Hey folks, there isn't much Android malware, you don't need to buy our apps!" There's a bit of self interest conflict here. I had security software installed on my Android devices, but took it off after 6 months because it never found anything. I'm not saying it doesn't exist, it does, but if you only ever install popular apps from the Play Store you'll never see a virus. A cynical person might wonder whether this F-Secure report is in part a scare story in order to boost its app sales.

    Sex sells but it pales in comparison to scare tactics.
  • Reply 66 of 136
    kdarlingkdarling Posts: 1,640member

    Quote:

    Originally Posted by hill60 View Post


    So why isn't iOS also being targeted?


     


    Is that because "gullible people" as you call them, are only sucked in by Android?



     


    iOS was targeted (legally) for a long time, in order to collect Contacts info to send to spam producers.  Why do you think Apple belatedly added the Contact permission popup?


     


    As for "gullible", you don't need a malware app to get some people to send money in hopes of getting more money.  That's just a classic scam, and it's not something that just happens on Android or in apps.  Such scams happen far, far more often via websites, email, texts.  The report simply ignored the other vectors because it didn't matter to them.


     


    Now, there are apps that I would classify as real malware, for example, ones that send expensive texts or calls in the background.  But again, they mostly occur in places like China where people are sideloading like crazy on devices without access to the Play Market.


     


    The reality is that most people never see any malware.   You guys acting like it's a huge problem just look silly to all those who use Android daily.

  • Reply 67 of 136
    elmoofoelmoofo Posts: 100member
    See, Android is the superior platform, because it's open! Open for business to scammers! You get what you pay for from a free OS. It'll be okay though. They'll release a software update (you should probably start calling them "Service Packs"). Just sit tight for another year or so.
  • Reply 68 of 136
    gatorguygatorguy Posts: 22,901member

    Quote:

    Originally Posted by hill60 View Post


     


    How the f*ck do you confuse trojans infecting Microsoft Windows XP systems using legacy software requiring Microsoft Internet Explorer along with Microsoft ActiveX with that article you linked to?


     


    Mate, maybe it's time to give up, the tenuousness of the far fetched links you use in your constant defence of all things Google has left the bounds of reality. 


     


    How did trojan's get in via Chrome?


     


    Because the idiots in IT trusted the "most secure browser" bullshit spouted by Google acolytes which let Chrome punch a hole through the corporate firewalls most probably by installing Java in the background, when users stupid enough to believe that "private browsing" gave them immunity from going to sites they shouldn't have.



     So no example then. Sounds almost made up if I didn't know you better.

  • Reply 69 of 136
    os2babaos2baba Posts: 262member
    Quote:
    Originally Posted by pk22901 View Post



    What about this? Is this a side load?



    "As Sean Sullivan, Security Advisor at F-Secure Labs stated in the report, ?I?ll put it this way: Until now, I haven?t worried about my mother with her Android because she?s not into apps. Now I have reason to worry because with cases like Stels, Android malware is also being distributed via spam, and my mother checks her email from her phone.?



    Stels, an Android trojan delivered via fake U.S. Internal Revenue Service-themed emails, uses "an Android crimeware kit to steal sensitive information from the device," and also makes calls to premium numbers. Sullivan said the new threat ?could be a game changer.?"



    Tell me how your grandmother will be smart enough to avoid this stench. And then tell me how much of your brain is dedicated to safe computing.

     

    This is typical scare tactics. If Sean Sullivan's grand mother is not tech savvy, she's not going to be able to install the app since the "Install from unknown sources" is disabled by default. She would have to first dig into the settings go to security (which by itself should be a hint), enable the checkbox. Which displays a warning dialog about the consequences. Ignore the warning. Go back and click on the link again (this is a smart thing Android's done that the install doesn't start immediately), download the apk again. See the permissions that a flash player needs to make phone calls and send SMSes. Ignore that as well and then install the app. And if she's not tech savvy, she's probably unlikely to have much sensitive information on the phone either.
  • Reply 70 of 136
    os2babaos2baba Posts: 262member
    Quote:
    Originally Posted by stniuk View Post


    I think a big part of the problem is that Android users tend to use more pirated apps than others and this is an easy way to infect an android phone.

     

    And if they are using pirated apps, then they deserve it.
  • Reply 71 of 136
    os2babaos2baba Posts: 262member
    Quote:
    Originally Posted by hill60 View Post

     

    So, the Kindle Fire and all those "hub" equipped galaxies, how do their repositories work, given they are not Google Play?

     

    Some of the most popular Android devices rely on breaking their users away from Google Play.

     

    Making them vulnerable.

     

    Maybe someone with a Kindle fire can comment. But I would hope that Amazon has done what Google has done and has the same setting. Except that would work for stores other than the Amazon App Store.
  • Reply 72 of 136
    os2babaos2baba Posts: 262member
    Quote:
    Originally Posted by auxio View Post

     

    I would pay money to see you explain this to a room full of people who aren't interested in technology in the slightest (only use their phone to keep in contact with others), don't even want to be at a meeting with an IT person (only doing it because it's required for their job), and will make a joke or snide comment anytime they hear tech terminology they don't understand (either that or just tune out at that point).  Welcome to the rest of the world.

     

    Agreed. I'm a techie. But my wife is not. I'd say she would typify most non technical folks. I occasionally check her phone as well. And she doesn't have any malware on it either. The only time I can remember was a few years back there was a rash of apps that injected ads in the notification shade. Wouldn't exactly call it malware. But annoying. It was a simple matter of running a scan to see which apps pushed ads and deleting them. Thankfully that practice is no longer followed. Obviously the app developers got the message.

    It's very likely that other app stores contain malware and people pirating apps get malware (and serves them right), but for the vast majority of folks using the Google Play Store and following a little bit of common sense, the danger of getting infected I'd think is very low. I don't know if this is actually true, but I think phishing attacks seem to be down as well. Maybe it's better filtering of spam by email providers, or maybe it's that people have smartened up and you have tools now like browsers flagging possible phishing links. If you are susceptible to phishing *and* enable side loading *and* ignore permissions, then you may possibly get malware on your phone. But you are probably getting malware on your PC as well.
  • Reply 73 of 136
    hill60hill60 Posts: 6,992member

    Quote:

    Originally Posted by os2baba View Post


     

    Maybe someone with a Kindle fire can comment. But I would hope that Amazon has done what Google has done and has the same setting. Except that would work for stores other than the Amazon App Store.


     


    ...and Samsung's hub?


     


    Take a look at a Samsung Android phone, there is pretty much two of everything, Google version and Samsung version with Samsung applications asking for update permissions while you are still in the process of setting the phone up.


     


    I've never noticed a list of trusted sources in settings, only allow third parties or not.

  • Reply 74 of 136
    stefstef Posts: 87member
    Remember when computer "XPerts" would recommend Windows for home use? to everyone? And many of the XPerts knew that it was a dangerous decision that cost many thousands, maybe millions, of home users data and drives. Same history rolling out again: Filthy OS and no updating. Just Google's "here, look at it through these pose colored glasses."
  • Reply 75 of 136
    hill60hill60 Posts: 6,992member

    Quote:

    Originally Posted by os2baba View Post


     

    Agreed. I'm a techie. But my wife is not. I'd say she would typify most non technical folks. I occasionally check her phone as well. And she doesn't have any malware on it either. The only time I can remember was a few years back there was a rash of apps that injected ads in the notification shade. Wouldn't exactly call it malware. But annoying. It was a simple matter of running a scan to see which apps pushed ads and deleting them. Thankfully that practice is no longer followed. Obviously the app developers got the message. It's very likely that other app stores contain malware and people pirating apps get malware (and serves them right), but for the vast majority of folks using the Google Play Store and following a little bit of common sense, the danger of getting infected I'd think is very low. I don't know if this is actually true, but I think phishing attacks seem to be down as well. Maybe it's better filtering of spam by email providers, or maybe it's that people have smartened up and you have tools now like browsers flagging possible phishing links. If you are susceptible to phishing *and* enable side loading *and* ignore permissions, then you may possibly get malware on your phone. But you are probably getting malware on your PC as well.


     


    It seems to happen a lot with live wallpaper type applications which can consume a lot of data and often affects people on lower plans who only notice when they run up large bills.

  • Reply 76 of 136
    dasanman69dasanman69 Posts: 13,001member
    os2baba wrote: »
    Maybe someone with a Kindle fire can comment. But I would hope that Amazon has done what Google has done and has the same setting. Except that would work for stores other than the Amazon App Store.

    Amazon has their own app store, no side loading allowed and I'm not sure if apps need their approval but my guess is yes.
  • Reply 77 of 136
    vl-tonevl-tone Posts: 337member

    Quote:

    Originally Posted by Apple v. Samsung View Post


     


    Jailbraking enables those who know about it to do "cool things" that others can't do on their phone. 


     


    Which leads to bragging and explaining to friends how to do it, who then show it to other friends etc.


     


    At the end of the day, a lot of iOS users end up side loading apps because someone told them to. And a lot of them don't have the knowledge to be able to discern what is a so-called "trusted source".



     


    Too bad Jailbreaking and Sideloading are different things, and this makes your "replace Android by Apple in that phrase" switcheroo pretty meaningless in the context of the discussion.


     


    The barrier to entry for jailbreaking is much higher than for sideloading. You have to physically connect the iPhone to a computer, and it is disabled with every iOS update. It's not something that you switch on your friend's phone while waiting for the bus.


     


    Also, by default you can't install random apps directly from the Web like you can on Android with sideloading, you have to go through the Cydia store which is curated and malware-free. Only if you really wanted you could hack your jailbroken iOS device the enable installing arbitrary apps from the Web, and there's no enticing reason to do so for less knowledgeable users as you can find pretty much everything on Cydia.



    If you're trying to argue that Jailbreaking an iPhone is as easy as Sideloading on Android, then you're also saying that the whole point about "Android is better because you can sideload apps" is moot.

  • Reply 78 of 136


    "security firms", snake oil security firms, typical scare tactics - WOW, really... then I suggest you remove any and all programs that "protect" you from any threat, virus, spam, trojan, spyware, adware, etc etc... Tell Malwarebytes, McAfee, Symantec, and the many others that they are fools, sham artist, etc. Cause they are in the same business as F-Secure. 


     


    All spam filters are not 100%, and you have many users that just click without thinking and infect their PC, or mobile device with something.  Sometimes things load WITHOUT the users knowledge, and start installing all kinds of things.  


     


    YES, majority of this type of stuff is non-USA based, hence reason you don't hear US based corps going on about this.  F-Secure is not US based and deals more with international stuff.  So you will hear more from them.  And they have a blog you can read for free, and not pay a dime to them.  So, let's warn people, and have them take steps they need to, period.  They don't go on about you must buy our stuff.  They give you information, if you act on it fine, if you don't fine.  


     


    You will always have "threats" to any device, MAC, PC, Mobile... you will always have silly users who click and don't pay attention, you will always have those making millions off those silly users.  And they will then make more stuff to get more money from more people... simple.

  • Reply 79 of 136
    dasanman69dasanman69 Posts: 13,001member
    stef wrote: »
    Remember when computer "XPerts" would recommend Windows for home use? to everyone? And many of the XPerts knew that it was a dangerous decision that cost many thousands, maybe millions, of home users data and drives. Same history rolling out again: Filthy OS and no updating. Just Google's "here, look at it through these pose colored glasses."

    Get a Nexus and you'll get all the updates. Google doesn't control the other manufacturers.
  • Reply 80 of 136
    dasanman69dasanman69 Posts: 13,001member
    vl-tone wrote: »
    Too bad Jailbreaking and Sideloading are different things, and this makes your "replace Android by Apple in that phrase" switcheroo pretty meaningless in the context of the discussion.

    The barrier to entry for jailbreaking is much higher than for sideloading. You have to physically connect the iPhone to a computer, and it is disabled with every iOS update. It's not something that you switch on your friend's phone while waiting for the bus.

    Also, by default you can't install random apps directly from the Web like you can on Android with sideloading, you have to go through the Cydia store which is curated and malware-free. Only if you really wanted you could hack your jailbroken iOS device the enable installing arbitrary apps from the Web, and there's no enticing reason to do so for less knowledgeable users as you can find pretty much everything on Cydia.


    If you're trying to argue that Jailbreaking an iPhone is as easy as Sideloading on Android, then you're also saying that the whole point about "Android is better because you can sideload apps" is moot.

    What about enterprise iPhones? Weren't there fake enterprise accounts being open in China and pirated apps being installed on iPhones?
Sign In or Register to comment.