New Android "RAT" infects Google Play apps, turning phones into spyware zombies

1246710

Comments

  • Reply 61 of 186
    What should have been done with Microsoft/Windows years ago, and what should be done with Google/Android now, is for a consortium of people and organisations who suffer losses as a result of malware-based crimes, to mount a massive class action against companies that consistently fail to release or update malware-resistant products, or app stores.

    The release of malware-friendly products does enormous damage to an industry that has become a central part of the global economy. This should NOT be tolerated in any shape or form. If that means putting big corporations out of business, and destroying 'shareholder wealth', then so be it. Those businesses will soon be replaced by others who behave in a much more responsible way towards their customers.
  • Reply 62 of 186
    dasanman69dasanman69 Posts: 12,985member
    The release of malware-friendly products does enormous damage to an industry that has become a central part of the global economy. This should NOT be tolerated in any shape or form. If that means putting big corporations out of business, and destroying 'shareholder wealth', then so be it. Those businesses will soon be replaced by others who behave in a much more responsible way towards their customers.

    Why stop there? Go a step further, let's all kill ourselves so we don't get sick and avoid the medical costs.
  • Reply 63 of 186
    droidftwdroidftw Posts: 1,009member
    Quote:
    Originally Posted by FreeRange View Post



    As previously stated, hundreds of millions of phones in Asia do not in fact get updated!

     

    Those that don't have Google Services certainly don't reap the benefits of those updates.  That may also explain why most Android malware targets users in eastern Asian countries like China and Russia as opposed to US Android users.

  • Reply 64 of 186
    gatorguygatorguy Posts: 21,293member
    freerange wrote: »
    Actually FALSE!!!!!

    As previously stated, hundreds of millions of phones in Asia do not in fact get updated!

    So stop spreading this total BS! There is more to the world than the narrow view of the West.

    100's of millions? A citation might be nice.

    Are you referring specifically to China or Asia in general? China is its own problem if they won't permit Play Services, but even there some 30% of devices would still get AppVerify via Google Play if the OP was correct with his claim and figures. Is an Android device that doesn't offer Play Services even a Google Android device? Anyway I'm not aware of a problem using Play Services throughout Asia. Sounds like more drama. Maybe you have more information to offer?
  • Reply 65 of 186
    nagrommenagromme Posts: 2,834member
    Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!
  • Reply 66 of 186
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by Gatorguy View Post

     

    TLDW

    bold italics, ha

  • Reply 67 of 186
    gatorguygatorguy Posts: 21,293member
    nagromme wrote: »
    Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!

    Yes sir it can, VerifyApps scans even applications originating outside the Play Store. That's one of primary reasons for it.
  • Reply 68 of 186
    gatorguygatorguy Posts: 21,293member
    mstone wrote: »
    TLDW
    bold italics, ha

    Whenever I quote long passages from another source I'll usually italicize it for obviousness. As far as being too long the post was for Daniels' benefit. I don't expect others to take the time to read it since most don't care about any inconvenient facts anyway. They already learned all they want to know about it from DED's article. :)
  • Reply 69 of 186
    dasanman69dasanman69 Posts: 12,985member
    nagromme wrote: »
    Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!

    http://gigaom.com/2014/02/27/google-to-expand-androids-verify-apps-security-for-apps-after-installation/

    https://support.google.com/accounts/answer/2812853?hl=en
  • Reply 70 of 186
    gatorguy wrote: »
    Every Google Android device with 4.0 and below (a large chunk of them) have a security hole that will never get fixed by updates to Google Play Services since the flaw is part of the underlying architecture and can't be fixed without re-writing portions of the OS.

    There, fixed another one of your posts.
  • Reply 71 of 186
    gatorguygatorguy Posts: 21,293member
    There, fixed another one of your posts.

    Just never with examples, nor disproving the post. . . Wow, I guess I never realized it was that easy to put words in other people's mouths.
  • Reply 72 of 186
    gatorguy wrote: »
    Just never with examples, nor disproving the post. . . Wow, I guess I never realized it was that easy to put words in other people's mouths.

    You know exactly how to do that since it's you're trademark. Don't get offended when someone returns the favor.

    You shouldn't talk about security when you know nothing about how OS's are designed. For starters read this:

    http://en.wikipedia.org/wiki/Address_space_layout_randomization

    Only Android JB has fully implemented this feature.
  • Reply 74 of 186
    nagromme wrote: »
    Updates through Play services can't fix stuff OUTSIDE of Play services. The handset vendor is still needed then--but instead, they abandon their devices and push the next one!

    DING DING DING

    We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.
  • Reply 75 of 186
    gatorguygatorguy Posts: 21,293member
    You know exactly how to do that since it's you're trademark. Don't get offended when someone returns the favor.

    You shouldn't talk about security when you know nothing about how OS's are designed. For starters read this:

    http://en.wikipedia.org/wiki/Address_space_layout_randomization

    Only Android JB has fully implemented this feature.

    So 80% of current Android devices aren't affected then. How many of the remaining 20% that still have the "security flaw" have resulted in harm to the user because of it? Anything you can point to or is it one of those theoretical attacks the security companies like to pump with little to no real world harm?
  • Reply 76 of 186
    dasanman69dasanman69 Posts: 12,985member
    DING DING DING

    We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.

    That's not what he said though.
  • Reply 77 of 186
    gatorguygatorguy Posts: 21,293member
    DING DING DING

    We have a winner. Funny to see the uninformed responses claiming you're wrong. Google Play Servics IS NOT the Android kernel, and it can't make changes to the kernel to correct security flaws.

    But it sure can help prevent any user harm that might have come from apps taking advantage of them. If the malware can't do the damage it intended then you're back to talking about what might have happened. Malware designed to take advantage of a security hole but prevented from hitting the target because of improved security features. Sounds like a stalemate for the most part.
  • Reply 78 of 186
    Android%u2026our garden walls are wide open. Come on in!
  • Reply 79 of 186
    gatorguy wrote: »
    So 80% of current Android devices aren't affected then. How many of the remaining 20% that still have the "security flaw" have resulted in harm to the user because of it? Anything you can point to or is it one of those theoretical attacks the security companies like to pump with little to no real world harm?
    80%? Where did you get that figure from. According to Google, it's 64%. And as I'm sure you remember, Google changed the way they calculate the percentage of users on each version. They used to count ALL devices. Now they only count devices that SPECIFICALLY visited Google Play within the previous 7 days (in other words, the user visited the Store). Of course, when Google made this accounting change we suddenly had an increase in reported users on newer versions and a decrease on older versions.

    So that 64% is also suspect since it doesn't count ALL devices in actual use, like it used to.

    Why do I have to provide proof of harm? I don't get malware on my PC, but I'd have to be an idiot to ask someone for "proof" that people with PC's are getting infected.
  • Reply 80 of 186
    gatorguygatorguy Posts: 21,293member
    80%? Where did you get that figure from. According to Google, it's 64%. .

    According to the link you pointed me to the ASLR flaw was fixed with 4.0, then further improved with 4.1 Quote: "Android 4.0 Ice Cream Sandwich provides address space layout randomization (ASLR) to help protect system and third party applications from exploits due to memory-management issues." Maybe you didn't use a very good link. If accurate tho add in that 15+% and you get to 80%.
    Google changed the way they calculate the percentage of users on each version. They used to count ALL devices. Now they only count devices that SPECIFICALLY visited Google Play within the previous 7 days (in other words, the user visited the Store)..

    Google talks about that. According to the Google Dashboard disclaimer "Because this data is gathered from the new Google Play Store app, which supports Android 2.2 and above, devices running older versions are not included. However, in August, 2013, versions older than Android 2.2 accounted for about 1% of devices that checked in to Google servers (not those that actually visited Google Play Store).
    Why do I have to provide proof of harm?
    No harm no foul. Theoretical security issues are far removed from real world maliciousness. You know that.
Sign In or Register to comment.