Mobile malware authors 'almost exclusively' focused on Android in 2013, says Symantec

2456

Comments

  • Reply 21 of 115
    solipsismxsolipsismx Posts: 19,566member
    mistercow wrote: »
    I'm assuming most people identify malware as stealing information through exploiting security flaws.  By your definition, in-app purchases for kids focused apps that don't require password protection for every purpose can be considered malware.  

    edit:
    The scam was through purchasing a product.  It just happened that the product was software.  If I bought software off of ebay and the software failed to activate, does that make ebay malware?

    1) Yes, an in-app purchase that gets a child to pay $99 for a few digital coins in a game is malware. Same goes for cloned games in Play or App Store that steal the original app's code, or try to mirror its look, feel and name as to confuse buyers as malware. Pretty much any unethical tactic that has to trick the user or system is malware.

    2) Why does it have to steal your personal info to fall into that category? What about a trojan that installs on WinPC and then deletes files or just pushes up spam? Would you not call the computer worm Stuxnet that ruing nuclear centrifuges unpleasant SW to the systems that installed it?
     0Likes 0Dislikes 0Informatives
  • Reply 22 of 115
    apple ][apple ][ Posts: 9,233member

    Also, Fandroids deserve to get infected and scammed, as their decision to use a crappy OS was all their own.

     

    Here's to a great 2014 too!<img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />

     0Likes 0Dislikes 0Informatives
  • Reply 23 of 115
    dasanman69dasanman69 Posts: 13,002member
    mistercow wrote: »
    I'm assuming most people identify malware as stealing information through exploiting security flaws.  By your definition, in-app purchases for kids focused apps that don't require password protection for every purpose can be considered malware.  

    edit:
    The scam was through purchasing a product.  It just happened that the product was software.  If I bought software off of ebay and the software failed to activate, does that make ebay malware?

    IAPs have to be declared on the apps main page. If a user doesn’t notice it then it's not the fault of the software, but the ignorance of the user.

    You didn't buy the software from eBay, but from a seller using eBay as the middleman. eBay will get you a refund if you didn't get what you paid for.
     0Likes 0Dislikes 0Informatives
  • Reply 24 of 115
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by SolipsismX View Post





    1) Yes, an in-app purchase that gets a child to pay $99 for a few digital coins in a game is malware.

     

    I disagree.

     

    I'm not a fan of the freemium gaming model, but what you describe there is fairly common in virtually all freemium games.

     

    There are many freemium games where the top in app purchase is $99 for a trunk or bunch of gems or coins in a game. 

     

    These in app purchases require a password, and whoever purchases them is responsible for their own actions. If a kid purchases it, then the parents are responsible.

     0Likes 0Dislikes 0Informatives
  • Reply 25 of 115
    mistercowmistercow Posts: 157member
    Quote:

    Originally Posted by SolipsismX View Post





    1) Yes, an in-app purchase that gets a child to pay $99 for a few digital coins in a game is malware.



    2) Why does it have to steal your personal info to fall into that category? What about a trojan that installs on WinPC and then deletes files or just pushes up spam? Would you not call the computer worm Stuxnet that ruing nuclear centrifuges unpleasant SW to the systems that installed it?

    2) I concede #2.  I didn't state my intention correctly.  I had really meant exploiting security for detrimental effects, not limited to just stealing information.  By this I had meant the app doesn't create a security issue with the phone itself.  It was a scam that caused people to lose money which needs to be addressed by Google - probably in at least implementing a better review process that can at least check to see an app does what it states it does.  

     

    My point was that the article shown is specifically geared to security exploits from software.  The scam app doesn't cause any inherent security issues with Android itself.  It's an issue with the Play Stores review policy.  

     0Likes 0Dislikes 0Informatives
  • Reply 26 of 115
    mistercowmistercow Posts: 157member
    Quote:
    Originally Posted by dasanman69 View Post





    IAPs have to be declared on the apps main page. If a user doesn’t notice it then it's not the fault of the software, but the ignorance of the user.



    You didn't buy the software from eBay, but from a seller using eBay as the middleman. eBay will get you a refund if you didn't get what you paid for.

     

    Purchases from app stores are from a developer (and not Apple/Google) using the app store as the middleman.  I'm guessing Google will refund the people that purchased this app in this case.  How is it any different than the ebay example I gave?

     0Likes 0Dislikes 0Informatives
  • Reply 27 of 115
    solipsismxsolipsismx Posts: 19,566member
    apple ][ wrote: »
    I disagree.

    I'm not a fan of the freemium gaming model, but what you describe there is fairly common in virtually all freemium games.

    There are many freemium games where the top in app purchase is $99 for a trunk or bunch of gems or coins in a game. 

    These in app purchases require a password, and whoever purchases them is responsible for their own actions. If a kid purchases it, then the parents are responsible.

    I see your point but if that code was designed to exploit techtarded or lazy parents then I still consider it malicious software. I'm sure you've heard the expression "There is a sucker born every minute." i don't believe that should put all the responsibly on the "sucker" and giving the unethical people taking advantage of them a free pass. That's not the world I want to live in.
     0Likes 0Dislikes 0Informatives
  • Reply 28 of 115
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by SolipsismX View Post





    I see your point but if that code was designed to exploit techtarded or lazy parents then I still consider it malicious software. I'm sure you've heard the expression "There is a sucker born every minute." i don't believe that should put all the responsibly on the "sucker" and giving the unethical people taking advantage of them a free pass. That's not the world I want to live in.

     

    There are of course many suckers around and gullible people too, but are you trying to say that virtually every freemium game on the app store is malware? Because they all have some hefty in app purchases that can be bought.

     

    Look at the top grossing apps on the iOS app store, they're freemium games.

     

    Clash of Clans makes close to a million dollars a day.

     0Likes 0Dislikes 0Informatives
  • Reply 29 of 115
    evilutionevilution Posts: 1,399member

    It's 1 area where others aren't copying Apple. If the majority are doing it, Apple must be doing it wrong.

    Cue the "Apple is doomed" and a share price drop.

     0Likes 0Dislikes 0Informatives
  • Reply 30 of 115
    solipsismxsolipsismx Posts: 19,566member
    apple ][ wrote: »
    ...but are you trying to say that virtually every freemium game on the app store is malware?

    I have no idea how you jumped to that conclusion. I specifically stated an example where the developer is specifically trying to take advantage of the customer.

    In-app purchases have extensive benefits for users. For instance, since Apple doesn't allow trial versions and having a free app and then a full app looks sloppy some App Store vendors have created their free trial app with an in-app purchase that will unlock all the features of the full app. This is a great solution.
     0Likes 0Dislikes 0Informatives
  • Reply 31 of 115
    mistercowmistercow Posts: 157member
    Quote:
    Originally Posted by Apple ][ View Post

     

     

    There are of course many suckers around and gullible people too, but are you trying to say that virtually every freemium game on the app store is malware? Because they all have some hefty in app purchases that can be bought.

     

    Look at the top grossing apps on the iOS app store, they're freemium games.

     

    Clash of Clans makes close to a million dollars a day.




     


    I wouldn't classify in app purchases as malware unless there is something that subverts password entry requirements for each purchase.  If a password is required for every purchase, then the blame has to fall on the user as they are making a conscious decision every time to make that purchase.  It'd be different if a purchase was made with just single click with no other logic check.
     0Likes 0Dislikes 0Informatives
  • Reply 32 of 115
    gprovidagprovida Posts: 260member
    Number of iOS users 500 Million who are high value targets vs vast number of low value targets, users, says the number of users is a weak decision component to malware developers. It's the enormous security weaknesses in Android and the near total lack of meaningful SW OS updates, in other words, it is easy to do malware on Android.

    This harkens back to Windows in the 90s and early new millennium. The utter apathy and indifference by Google, HW OEMs, and ISPs is embarrassing. But the silence of the tech media to raise the issues is equally embarrassing.

    When the press make this a real concern, then the industry will respond, unfortunately, this won't get addressed until something(s) awful happens.
     0Likes 0Dislikes 0Informatives
  • Reply 33 of 115
    evilutionevilution Posts: 1,399member

     

    Had to laugh at the reviews. If you are stupid enough to buy an Android phone, you are stupid enough to fall for a placebo app.

     0Likes 0Dislikes 0Informatives
  • Reply 34 of 115
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by SolipsismX View Post





    I have no idea how you jumped to that conclusion. I specifically stated an example where the developer is specifically trying to take advantage of the customer.

     

    Ok, i guess that I just misread or misunderstood what you were trying to say.

     0Likes 0Dislikes 0Informatives
  • Reply 35 of 115
    mistercowmistercow Posts: 157member
    Quote:

    Originally Posted by Evilution View Post

     

     

    Had to laugh at the reviews. If you are stupid enough to buy an Android phone, you are stupid enough to fall for a placebo app.


     

    You mean like with the iOS 5.0 update where it changed the 3G icon to a 4G and a bunch of iPhone users swore how much faster the connection was when the only thing that changed was the icon?

     0Likes 0Dislikes 0Informatives
  • Reply 36 of 115
    jupiteronejupiterone Posts: 1,564member
    mistercow wrote: »
    2)The scam app doesn't cause any inherent security issues with Android itself.

    That's a bit of a stretch. I would consider software knowingly giving its users a false sense of security, a security issue.
     0Likes 0Dislikes 0Informatives
  • Reply 37 of 115
    snovasnova Posts: 1,281member
    Quote:

    Originally Posted by nagromme View Post



    What amazes me is that I always assumed the official Google Play Store itself was free of malware (or very nearly, comparable to Apple). So you're safe if you avoid third-party sources.



    But apparently that was never true!



    Follow the money: malware writers are doing this because it works.



    Search for "android botnet" for a fun time.

    hit rate for use of third party app stores would not make it worth their time to write malware.

     0Likes 0Dislikes 0Informatives
  • Reply 38 of 115
    mistercowmistercow Posts: 157member
    Quote:

    Originally Posted by JupiterOne View Post





    That's a bit of a stretch. I would consider software knowingly giving its users a false sense of security, a security issue.

     

    Having a false sense of security doesn't reduce the actual security of the system.  For example, a house with a security alarm that puts a sign up that says "This house is secured by XX" is no more secure than a house that has the same alarm system but doesn't put up that sign.

     0Likes 0Dislikes 0Informatives
  • Reply 39 of 115
    gatorguygatorguy Posts: 24,769member
    nagromme wrote: »
    What amazes me is that I always assumed the official Google Play Store itself was free of malware (or very nearly, comparable to Apple). So you're safe if you avoid third-party sources.

    But apparently that was never true!

    Follow the money: malware writers are doing this because it works.

    Search for "android botnet" for a fun time.
    snova wrote: »
    hit rate for use of third party app stores would not make it worth their time to write malware.

    According to the most recent real data the rate of actual malware infection from Google Play apps is only .001% which is probably not far off from Apple's App Store.
    http://www.phonearena.com/news/Google-says-less-than-.001-of-Android-malware-evades-Google-Play-security-to-cause-harm_id47960
     0Likes 0Dislikes 0Informatives
  • Reply 40 of 115
    jupiteronejupiterone Posts: 1,564member
    mistercow wrote: »
    Having a false sense of security doesn't reduce the actual security of the system.  For example, a house with a security alarm that puts a sign up that says "This house is secured by XX" is no more secure than a house that has the same alarm system but doesn't put up that sign.

    But a house with a real security system installed is more secure than a house where the installer did nothing but hang a fake cardboard alarm panel.
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.