Three new malware strains infect 20k apps, impossible to wipe, only affect Android

1234568

Comments

  • Reply 141 of 166
    gwydiongwydion Posts: 1,073member
    Quote:

    Originally Posted by nht View Post

     

     

    I am as big a non-fan of DED as you can find but Play stores are regionalized/localized just like the App Store.  If you go into dev setting you can turn on "Allow mock location".  Then set your location to a different region.  You should see a different set of apps offered.  Or you can just use a VPN.  There are plenty of HowTos on youtube.


     

    What has to do geolocking of the Play Store with DED calling 3rd party stores "localized Google stores"?

     

    Quote:
    Originally Posted by nht View Post

     

     

    Also I have no clue what you and Gator are trying to prove with respect to alternate app stores.  It has been and remains a core feature of Android and there are 50 to 100 million users of alternative app stores outside of China.  Samsung phones come preloaded with the Samsung store (except on Verizon) and they are up to 14M monthly active users.

     

    http://gadgets.ndtv.com/apps/features/fortumos-sanjay-sinha-on-alternate-android-app-stores-and-carrier-billing-626133

     

    http://venturebeat.com/2015/10/30/how-samsung-is-fostering-growth-in-its-galaxy-apps-store/

     

    And of course there is China.  Baidu and Tencent dominate the Chinese markets....Baidu in overall share and Tencent in terms of gaming share.

     


     

    Please, point when I have said anything about 3rd party stores

  • Reply 142 of 166
    gwydiongwydion Posts: 1,073member
    Quote:

    Originally Posted by jfc1138 View Post

     



    I've read at multiple sources that "Android" is so virulent infected devices are infected when bought brand new right out of the box.... terrifying.


     

    I've read at multiple sources that reptilians rule the world

  • Reply 143 of 166
    gwydiongwydion Posts: 1,073member
    Quote:

    Originally Posted by nht View Post

     



    Candy Crush is free to play with in app purchases.  Most games are these days.

     

    A lot of regions use QR codes for app advertising and distribution.  Amazon does this as well:

     

    https://developer.amazon.com/public/community/post/Tx2DXEZFC64BT7Z/Using-QR-Codes-to-link-customers-directly-to-your-apps

     

    Most useful for store apps, museum apps, and such.


    Now tell us what has to do your post with what the OP said

  • Reply 144 of 166
    I find it disingenuous to call Apple out on the walled garden while extolling Android for its "openness" and then saying, well users should have been using Google Play exclusively whenever malware infects the platform.

    While it isn't the fear of malware that keeps me off of Android, I can understand that it's a big issue for many others. If Android weren't a spyware OS and if there were a compelling need to use it, I would breakdown and install an antivirus app to help prevent such infections.

    The very nature of the platform invites the installation of malware. And with Samsung being the best of the Android vendors having its own App Store, how is it that installation from third party stores not turned off by default? My son in law has a Galaxy S6 and downloads primarily from the Samsung store, not Google Play. He has downloaded a number of applications. I was there when he purchased the handset and started downloading from the Samsung store. He never had to uncheck or check any box that prevented him from doing so. He was not "required" to go to Google Play exclusively to download apps.

    I would expect Samsung to vet the apps on its own store for malware, but what about the millions of users in China that do not use Google Play at all?

    I have come to despise Google's business model. I avoid their products completely. Since I carry the primary contract from my cell carrier and am involved in the devices added to the plan, I reset all of them to avoid using Google products at all. I will go so far as to avoid sending anything to a gmail address.

    While others may consider it extreme, I value my privacy where companies like Google are threatened by privacy and therefore promote an "open" model where they are easily able to harvest information.

    The malware issue is not the primary reason to avoid Android. The total disregard of privacy is.
  • Reply 145 of 166
    gwydiongwydion Posts: 1,073member
    Quote:

    Originally Posted by herbivore View Post

    If Android weren't a spyware OS

     



     

    Android an spyware os? Any source to back your claim?

     

    Quote:

    Originally Posted by herbivore View Post

    And with Samsung being the best of the Android vendors having its own App Store, how is it that installation from third party stores not turned off by default? 


     


     


    Installation from Samsung store in a Samsung smartphone is not installing from "unknown sources" and installing from unknown sources is disabled 


     

  • Reply 146 of 166
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by Gatorguy View Post





    I read about a three-headed cat once. I wonder if that was true? I should check later.



    No need to wonder about "Android", they're all quite honest about the infection: stating it right on their websites. For which I do give kudos for transparency. VW would be in far less trouble if they'd been that forthright.

  • Reply 147 of 166
    gatorguygatorguy Posts: 20,894member
    jfc1138 wrote: »

    No need to wonder about "Android", they're all quite honest about the infection: stating it right on their websites. For which I do give kudos for transparency. VW would be in far less trouble if they'd been that forthright.
    Who are "they". That would be helpful
  • Reply 148 of 166
    jfc1138jfc1138 Posts: 3,090member
    gatorguy wrote: »
    Who are "they". That would be helpful
    Why that's clear from the context: "they" are those phone manufacturers who are transparent enough to forthrightly label their phones as infected with " Android" right on the packaging and in their product descriptions on their webpages. Such efforts at warning consumers is to be applauded, imho.

    Rather straightforward from the post I was responding to regarding "Android" I would have thought. Post #130. Hope that helps.
  • Reply 149 of 166
    marvfoxmarvfox Posts: 2,275member
    Quote:

    Originally Posted by jfc1138 View Post





    Why that's clear from the context: "they" are those phone manufacturers who are transparent enough to forthrightly label their phones as infected with " Android" right on the packaging and in their product descriptions on their webpages. Such efforts at warning consumers is to be applauded, imho.



    Rather straightforward from the post I was responding to regarding "Android" I would have thought. Post #130. Hope that helps.



    I do not believe this crap!

  • Reply 150 of 166
    gatorguygatorguy Posts: 20,894member
    jfc1138 wrote: »
    Why that's clear from the context: "they" are those phone manufacturers who are transparent enough to forthrightly label their phones as infected with " Android" right on the packaging and in their product descriptions on their webpages. Such efforts at warning consumers is to be applauded, imho.

    Rather straightforward from the post I was responding to regarding "Android" I would have thought. Post #130. Hope that helps.
    Ah, that was supposed to be humorous. Ok then.
  • Reply 151 of 166
    nhtnht Posts: 4,494member
    Quote:

    Originally Posted by Gwydion View Post

     

    Now tell us what has to do your post with what the OP said




    Very simple:  Folks use alternative app stores not because they are pirates but because it's convenient.  Also sometimes they get directed there via QR codes in addition to links and other methods rather than the Play Store.

     

    Meaning blaming Android users for using Android the way it's designed to work (aka alternative apps stores, side loading, etc) is wrong.  Attempting to smear them as pirates of apps that are mostly free to begin with is simply stupid.

  • Reply 152 of 166
    nhtnht Posts: 4,494member
    Quote:



    Originally Posted by Gwydion View Post

     

    What has to do geolocking of the Play Store with DED calling 3rd party stores "localized Google stores"?

     

    Please, point when I have said anything about 3rd party stores


     

    1) There are localized Play Stores as they sometimes must operate under different rules/laws and may reside in different data centers. If Google Play re-entered the Chinese market it would likely have to have a data center in the PRC. These stores use different (aka local) payment processors and sometimes payment options due to local conditions.  

     

    2) DED was mistaken in calling 3rd party apps stores localized Google Play stores but rather localized Android stores.  Globally, in terms of total downloads, Baidu is the largest app store in the world.  Google is second largest.  You HAVE to talk about 3rd party stores with respect to Android app stores and the Android ecosystem.  

     

    It's not just China as the SK-T store is the largest app store in South Korea (in 2013 according the Flurry).  The SKT T-Store is an interesting case study outside of China as over 50% of the app store purchases are make with T-Cash.  Despite the name the T Store is open to users on all of the South Korean carriers.  Yandex is attempting to knock Google out of Russia with anti-trust rulings so that's possibly another local market that could be lost to Google.  Docomo, KDDI, et all are fighting Google for dominance in Japan because of the huge amounts the Japanese spend on apps.

     

    tl;dr:  It's relevant because Google Play is currently not the top Global Android App store and there are countries in addition to China where the local telecom and search providers have either already or are seriously attempting to knock Google Play out of their local markets and become the default Android app store for their country.  Even with minority app store share you can't simply blame Android users for picking up trojan apps because in many regions they have significant (aka low double digit) share in their own local market.

     

     

     

    http://techcrunch.com/2015/04/27/android-surpasses-ios-in-revenue-if-chinas-android-app-stores-are-combined/

     

    Its interesting stuff that global android developers keep an eye on.  Even as an enterprise app developer I keep an eye on the news because someday I might have an app I think could make some money and I'm moderately bi-lingual.  For Android developers multiple app store submissions typically generate 200% of the revenue vs just submitting to Google Play.

     

    But I gotta say that looking at Swift if I do my own thing it's likely to learn app development using Swift.

  • Reply 153 of 166
    Quote:

    Originally Posted by EricTheHalfBee View Post

     

     

    Shall we go through these one by one?

     

    Read/delete/create/modify files in the app’s data container: Got it. So it can modify data that ONLY IT has access to. Stays inside the sandbox.


    Actually, app can't even modify files that are located within the original app bundle. It is only files that apps itself created on a device, it can modify.

  • Reply 154 of 166
    raz0rraz0r Posts: 28member
    kpluck wrote: »
    LOL...so this is only a problem if you turn off a major security feature of Android. Yet, all the iOS fan boys will be screaming to anyone that listens..."See, android isn't secure!!"

    Meanwhile, whenever iOS malware pops up from third party sites that you have to jailbreak your phone to get at, they say that isn't an issue because you shouldn't jailbreak because it is a security risk and that isn't how the phone ships.

    Hypocrite, thy name is iOS fan boy.

    -kpluck

    iOS jailbreaking is a process to go through, that hacks away the security put in place so it'll allow for the installation of anything. On Android, you need to flip a switch. Regular users won't jailbreak because most regular users don't even know what that is, let alone see payoff in investing time and effort to find ways to do it and actually do it. But regular users can all, very easily, flip a switch. And they'll do that without batting an eye when a website or anything they like simply says "get our app from here". Because they weren't explained the implications of flipping that switch and it just seems like a thing to do.

    Furthermore, I can't say that I understood what you meant in the second paragraph. As an iOS developer, I myself wasn't aware that malware keeps popping up in iOS? The only reason why xcodeghost made it was because Chinese developers saw fit to download Xcode from non-Apple servers and thought nothing of it when gatekeeper told them "no". Apparently, it's a better idea to disable security features of your Mac, risk infection and defame your name by pushing infected apps to the store, than it is to wait longer for it to download or simply try to find other ways of getting at a valid version of Xcode. I know that this is China, but there are always ways.
  • Reply 155 of 166
    gwydiongwydion Posts: 1,073member
    raz0r wrote: »
    But regular users can all, very easily, flip a switch. And they'll do that without batting an eye when a website or anything they like simply says "get our app from here". Because they weren't explained the implications of flipping that switch and it just seems like a thing to do.

    There's a very big and scary warning popping up when you enable unknown sources asking confirmation and explaining the risks of enabling it
  • Reply 156 of 166
    raz0rraz0r Posts: 28member
    gwydion wrote: »
    There's a very big and scary warning popping up when you enable unknown sources asking confirmation and explaining the risks of enabling it

    I'm aware of the warning. I own an Android device, a Windows Phone and an iPhone. Though I choose to use the iPhone (it does everything I need it to do in ways I need it to do and I generally like the ecosystem that Apple provides...and it's also my job, so), I own the other types of devices because of curiosity and a need to know. I wouldn't feel right calling myself "a mobile software professional" if I only knew about one platform :) I also developed for Android devices as well, up until about a year ago, so, I know. But I also know that people often think that stuff won't happen to them, so big scary warnings can become something to dismiss because you want to obtain something that you want to have :)
  • Reply 157 of 166
    Quote:

    Originally Posted by Gwydion View Post





    There's a very big and scary warning popping up when you enable unknown sources asking confirmation and explaining the risks of enabling it



    According to statistics, that warning is not scary enough....apparently. 

  • Reply 158 of 166
    gatorguygatorguy Posts: 20,894member
    raz0r wrote: »
    I'm aware of the warning. I own an Android device, a Windows Phone and an iPhone. Though I choose to use the iPhone (it does everything I need it to do in ways I need it to do and I generally like the ecosystem that Apple provides...and it's also my job, so), I own the other types of devices because of curiosity and a need to know. I wouldn't feel right calling myself "a mobile software professional" if I only knew about one platform :) I also developed for Android devices as well, up until about a year ago, so, I know. But I also know that people often think that stuff won't happen to them, so big scary warnings can become something to dismiss because you want to obtain something that you want to have :)
    As a user of both iOS and Android you're familiar enough with both to offer a qualified opinion on this question then.

    You commented that people want what they want, but imply you consider Android's default setting to deny "unknown sources" to be too easy to change and the warning box not enough of a deterrent. Is that accurate? Do you then think users should not have the option at all no matter, or is iOS a bit too rigid in that regard and would serve iPhone buyers "wants" better if there were some method short of going so far as jailbreaking? I know some folks should probably be protected from themselves at all times, having a history of bad choices. Others like most of the members here seem perfectly capable of understanding risk and reward and balancing the two. Do you think you personally would benefit from having some way to "sideload" some specific function created by a third party on your devices as long as some higher level of protection/warning was in place?

    So I'm wondering if you think some medium between the application rigidity of iOS and the too easy to disable settings on Google Android would be attractive to more experienced users as long as long as there were sufficient limits?
  • Reply 159 of 166
    Quote:



    Originally Posted by Gatorguy View Post





    You commented that people want what they want, but imply you consider Android's default setting to deny "unknown sources" to be too easy to change and the warning box not enough of a deterrent. Is that accurate? 

     

    That would be accurate, yes.

     

    Quote:



    Originally Posted by Gatorguy View Post



    Do you then think users should not have the option at all no matter, or is iOS a bit too rigid in that regard and would serve iPhone buyers "wants" better if there were some method short of going so far as jailbreaking? 


     

    Hm... Personally, I have no need for apps outside of the App Store. And if I did have a need for something like that, there are actual ways of running apps inside "legit" iOS, without jailbreaking. There are ways of signing apps now that you can distribute without actually going to the App Store with them and therefore, not be subjected to or banned in any way by Apple. Apple got some flak when they announced this, but since it still involves some effort on the part of the user and some technical know-how, it didn't become an issue.

    The current state of iOS, as far as this is concerned, is okay in my opinion. When I go to the App Store, I can easily find anything I could need and when I download what I need, I know what to expect. In terms of safety, security, design and UX. I don't see any immediate benefit of iOS following Android in this regard. And I didn't hear of any complaints against iOS in this regard either.

     

    Quote:



    Originally Posted by Gatorguy View Post



    I know some folks should probably be protected from themselves at all times, having a history of bad choices. Others like most of the members here seem perfectly capable of understanding risk and reward and balancing the two. Do you think you personally would benefit from having some way to "sideload" some specific function created by a third party on your devices as long as some higher level of protection/warning was in place?


     

    I liked the way it's handled on the Mac, as an example. People say that Macs don't get viruses and people also say that they don't get viruses because Mac OS isn't popular enough to actually warrant creating viruses for them. Both of these things are wrong. Apple placed multiple layers of protection against malware. And Macs are a viable target, if for no other reason than because they're being used heavily in businesses (at least where I come from). Mac OS will prompt you with warnings about apps that come from an unknown developer. But in some circumstances, it'll also stop you completely and prevent you from running an app if it detects a threat. "I really wanted to run this, so I had to turn off gatekeeper and everything was fine regardless" is something you don't hear often :) I do believe that these layers of protection are the main reason why it's so difficult to infect a Mac. A regular user will hit walls and usually won't go off searching for ways to disable these walls.

    So I guess that if Apple decided to open iOS up to apps in such a way, and if they put in place things like they did on the Mac, I wouldn't object. Though I would lack to see the point of that.

     

    Quote:



    Originally Posted by Gatorguy View Post



    So I'm wondering if you think some medium between the application rigidity of iOS and the too easy to disable settings on Google Android would be attractive to more experienced users as long as long as there were sufficient limits?


     

    The rigidity of iOS is not as rigid as it used to be :) And there are genuine free ways of running whatever you want on your phone. But it's complicated enough so that most regular users won't care for it. Google, in their most recent Android Marshmallow, did something that I think is a step in the right direction. They segmented the permissions into Normal and Dangerous, forcing the apps to ask explicit permission from the user for the Dangerous permissions. These are things like microphone access, camera access, contacts access etc. So in light of that move, I would also like to see that switch removed and some additional steps put in place for "sideloading" apps, along with some additional protection against malware in general and perhaps a way to get more regular updates and for longer periods of time so that security can be improved more easily. I know that's an uphill battle at this point, but it's worth it in the long run. I also applaud the efforts from Google to open a Google Play store in China. If that happens, and Google continues to adapt to different markets like that, the switch will eventually become useless.

     

    I hope that this answers your questions :)

  • Reply 160 of 166
    alfiejralfiejr Posts: 1,524member

    one of the all time flame wars.

     

    anyway, i think that fact that would matter by far the most is how many smartphones - android, apple, whatever - are actually infected with dangerous malware now, and where they are located. possible OS "vulnerability" is not the same, tho that is what this whole argument has been about.

     

    that's the data i need. 

Sign In or Register to comment.