OK, so the all-or-nothing approach to accuracy is especially convenient when defending a platform's vulnerability - we see it all the time in Apple supporters - so I'll accept that argument at face value. However, it is perhaps too convenient to say, "well since they don't toe the mark on one aspect of their report the whole thing is wrong" - as in throwing the baby out with the bathwater - if you've heard the term before. And irresponsible as a stance from a security prespective - rather better to take the vulnerability at face-value and deal with it as real until proven otherwise than to simply shrug it off - yes?
No, I'm not defending Android vulnerability to spyware, I'm arguing about this specific app and the information that have been reported from the beginning.
If you read the thread, my first post was about the permission that has this application and the impossibility that with it the app collected SMS's, browser history, etc.
The way Android Market works makes it less insecure to spyware but this report, or the way it has been disclosed, make it's very doubtful.
They haven't said who accounted the downloads, Android Market shows downloads in ranges: 0-500, 500-1000, ..., 50.000-250.000 and >250.000
The server in china is the server where wallpapers are located for download, so accessing it is no rogue. They haven't said how send data there.
Wow, Lookout wants to sell software to "protect" us from mobile malware, yet they can't even accurately diagnose a threat before crying wolf.
I'm not sure if they blew it, or if it was misreported. This massive "threat" isn't even mentioned in their blog, so they are clearly in backpedal mode while they try to get their junk in a pile.
That said, every Android app install presents a list of of access permissions and requires explicit user approval before it will install. If you install a wallpaper app and give permission for it to access your phone data, that is your fault for being careless.
Kudos to Apple for trying to create a safe, idiot-proof App world. However, I don't need idiot-proof and would prefer some flexibility. Besides, the recent flashlight-tethering app was approved by Apple and then pulled after all the online buzz about it. So despite Apple's claims, it doesn't appear that they are meticulously examining the code for submitted apps...
SEE!!?? This nails it (thanks shawnb!) The report is in question - don't even know if it is correct at all (credit Gwydion's points there perhaps). This is an expression of PERSONAL PREFERENCE, with teh reasons justifying the choices made. Simple and to the point. None of this, "well, I like bits of this and bits of that, and some other stuff over there are well... aannnd the color's nice too, so I now can justify calling you all to be more reasonable and be like me". *whew*
Now shawnb - one niggling little detail - Apple NEVER claimed to be exhaustively or meticulously examining the code. Point in fact is that Apple is under a lot of pressure by critics to "lighten-up" the review process and allow stuff through more easily. So even though it is reviewed, critics WANT the process to allow challenges like this to happen - in the name of "freedom". But then they are all too willing to attack the process when it does just exactly what they claim they want it to.
IMO this is the one major difference between the application stores. With Apple you are guaranteed that when you install an application it comes from the developer you think it does (because they are all signed).
Perfect, because all programmers are trustworthy and no one uses disposable email addresses. Completely airtight solution!
No, I'm not defending Android vulnerability to spyware, I'm arguing about this specific app and the information that have been reported from the beginning.
If you read the thread, my first post was about the permission that has this application and the impossibility that with it the app collected SMS's, browser history, etc.
The way Android Market works makes it less insecure to spyware but this report, or the way it has been disclosed, make it's very doubtful.
They haven't said who accounted the downloads, Android Market shows downloads in ranges: 0-500, 500-1000, ..., 50.000-250.000 and >250.000
The server in china is the server where wallpapers are located for download, so accessing it is no rogue. They haven't said how send data there.
etc, etc.
That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.
"Android Phone Fans" have received clarification from the company.
"[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device?s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail?s password is also not transmitted unless you included the password in your phone?s voicemail number field.
We?re not yet certain on what the developer?s intentions are for using the pieces of data it does send to China ? so we can?t outright call it malicious ? but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone?s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data."
Damn! Facts aren't nearly as much fun as random kvetching. Killjoy!
Meanwhile, we can all rest assured that even without Apple apps letting us know what security risks each app will entail as Android does, everything in the App Store has undergone enough scrutiny to make it completely secure:
Quote:
In its analysis of free apps on the Android and iPhone marketplaces, Lookout found that fewer Android apps are able to access a person's contact list or retrieve location information compared with iPhone apps, while nearly twice as many iPhone apps can access contact data compared with Android.
Study finds 14% of free iPhone apps can snoop contacts
A survey of 300,000 applications for both the iPhone and Android devices found that 14 percent of free App Store software has the ability to access a user's contacts on their iPhone.
This week at the Black Hat conference in Las Vegas, Nev., security research firm Lookout revealed that it analyzed more than 300,000 free applications available on both the iPhone App Store and Android Market.
As noted earlier, the mobile security firm revealed a wallpaper application for Google's Android mobile operating system that allegedly captures a handset's SIM card number, subscriber identification and voicemail password, and reportedly sends it to the website www.imnet.us, owned by someone in Shenzhen, China.
In addition, Lookout also discovered that 14 percent of the surveyed free applications available for Apple's iPhone have the capability to access a user's contact data. That's more than on Android, where 8 percent of tested applications could view the contact list.
In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved information?including account numbers, bill payments and security access codes?in a hidden file on users' iPhones. The information may also have been saved to a user's computer if it had been synched with an iPhone.
q. Distribution Medium Security: Apple vets every application that is put on the app store while Google?s Market Place is unrestricted. How does this affect you security wise?
a. Approval Process: The biggest myth is that the vetting process is what will save you from malware on app store. IT WON?T. The Apple app approval process isn?t defined anywhere but in general it just states that it checks for apps to do what they say they will do. But they don?t check the source code of the apps and static analysis of binaries can only take you so far (Heck, they have even been inept at catching a whole lot of apps that were using their disallowed private apis which can be found easily using simple tools) . So, anyone actually wanting to write a malware can do it trivially by making the malicious code to run after the app has been approved. The trigger could be time based or could even be done over the web remotely. The app could even have encrypted payloads or download new pieces of code over the web and run them. So, we can safely say that approval process is something that can?t make things secure for you that way.
It saved banking data IN the bank app itself IN the iPhone. Not sending the data to Some hacker in China. Big difference.
You are 1/3 correct. It saved data but it saved that data outside of the app in an unsecured folder on the iPhone device (basically it was lazy developers). Meaning that app (or any other if they knew about this) could access that unsecured folder and get at your banking data.
Also vilifying Android is kind of dumb considering there has been apps that have passed Apple's strict security and compromised user data in the past. Saying it has never and will never happen again on an iDevice is living inside your own walled garden. Have some sense, people. There are millions of Apple devices being used and to think hackers and criminals won't try different things to compromise that data means you are blind to everything Apple.
EDIT: It is better to be a defensive driver than not to be. Apple is just as susceptible as other mobile devices. You should not think otherwise.
But the Flashlight App did exactly what it was supposed to do, although thru the back door. I already had two great Flashlight Apps but I did need a tethering App to help me consume my 2GB data plan minutes. I normally use 200-350MB /month so the months I would go over the 250MB would greatly exceed the price difference of the 2GB plan. And there are times when I want (Need) to use my laptop in the wild and this little tool in my toolbox will keep me from running to find a free WiFi hotspot
Yes, it did what it was intended to do. I already said that. As did the wallpaper app.
You seemingly missed the point.
Apple forbids tethering apps from the AppStore, but even with its so-called "walled garden", the app got through. Apple only pulled it when they found out from blogs that the tethering functionality was embedded within the Flashlight app.
Depending on what the wallpaper dev's purposes are in collecting your cellphone data, you can argue that his app does exactly what it was supposed to do too. It's not a great comfort to me that both markets deliver apps that have hidden payloads which deliver functions I'm not signing up for.
The walled garden has a few doors in it apparently.
Now shawnb - one niggling little detail - Apple NEVER claimed to be exhaustively or meticulously examining the code.
Agreed, but it is implied that the App store approval process vastly enhances end-user privacy and security. If Apple isn't exhaustively examining code, I would question whether the "strict vetting process" (per the article) really enhances end-user security. Apple could proactively pull any blatantly obvious malware, but any serious malicious effort would be cleverly hidden.
Google also has the "kill switch" ability to remotely pull malicious apps that were installed via the Android Market, so I don't see any iOS advantage there.
In light of this, I would argue that the only real security difference between iOS and Android is that Android has the *ability* to manually install 3rd party software.
BUT... this is rarely done by the "average" user because it literally requires the same level of technical skill and effort as jailbreaking iOS, and is usually unnecessary (since any legitimate app can be placed in the Market).
That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.
You won't read those rant from me, I like like iOS but as you have said, "I am content that my phone works precisely the way I desire it to", perhaps with iOS 4 I will return to iPhone.
But the Flashlight App did exactly what it was supposed to do, although thru the back door. I already had two great Flashlight Apps but I did need a tethering App to help me consume my 2GB data plan minutes. I normally use 200-350MB /month so the months I would go over the 250MB would greatly exceed the price difference of the 2GB plan. And there are times when I want (Need) to use my laptop in the wild and this little tool in my toolbox will keep me from running to find a free WiFi hotspot
Im not denying that it was necessary its simply an example that things slip through apples fingers. The apps usefulness has nothing to do with it
these things are more likely to happen on Android phones due to the fact that ANDROID and the ENTIRE ANDROID ecosystem is insecure.
Actually, if you examine facts, both platforms have exactly the same number of true security threats -- zero. Well, technically one if you count the user behind the keyboard, which is the most insecure link of either platform.
Arguing Android security reminds me a lot of arguing OS X security. Yes, it could happen. But it has not. If it were so easy, it should be a rampant problem already. Until it becomes a real problem it is FUD, speculation, and much ado about nothing.
I am as worried about my Android phone as my Macs. Actually less, because I have far less personal information on the phone.
It?s interesting, for the past decade we?ve been hearing that Macs don?t get viruses because their marketshare is too small to be a concern.
Yet, Macs had viruses well before Mac OS X was introduced, back when they sold a lot less units and had even less marketshare. That doesn?t consider the fact that Mac sales are about double that of the average PC sale which indicates that Mac users may be a better target for thieves due to more disposable income to access.
This completely shatters that pejorative security through obscurity mantra that since Android has less marketshare than iOS devices.
Well, at least Norton has a chance to make some money on smartphones now.
Sure, anything can happen. There are exploits in code and brilliant though unethical coders that find other ingenious ways to circumvent security, but Apple did conceive and implement a foundation that makes this harder.
The objective of a curated platform is place a policy before the very first user gets infected. There will always be a program(s) that will try to circumvent this but putting such a policy will make it bit harder to do.
But, not having a policy and reciting the poem of openness just shows that the company just wants to walk away from investing resources for testing the application & raising flags to the developers. And, the only objective is pull personal data out for it's own profit. The basic question is for any CE company is how much Pro-consumer it is (every single customer matters because it's not an Ad money).
Call us jaded, bitter or just downright unlucky, but we've received more new Citi card digits in the past two years than we know what to do with. Every other month or so, some prankster is breaking into some database and compromising some quantity information over at Citi (or at least that's how it seems), and now the frustrations have spilled over into the mobile realm. Citigroup recently fessed up to a security flaw in its iPhone app, and even Apple has joined in encouraging users to upgrade in order to maintain their dignity, identity and sanity. According to reports, just over 117,000 customers were affected, though "the bank doesn't believe any personal data was exposed by the flaw." Of course, if you'd like that to remain the case, we'd suggest you upgrade right away.
IMO this security flaw is more dangerous to the consumer then the android app since it allows anyone to gain access to your credit card number where as the android app just sent limited and trivial information about your phone to some chinese server.
Futher FUD by appleinsider disproved by engadget:
Quote:
Update: We received a note from Jussi Nieminen, who indicated the data fields being retrieved, as reported by VentureBeat, are incorrect. Texting and browser history are apparently not retrieved, but your phone number, phone ID, and voicemail fields are. And, since it's not unheard of for voicemail entries to include a password when setup on a phone, it's possible they could wind up with that too. Also, the popularity of the app was apparently misstated, with actual downloads somewhere south of 250,000
That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.
Blog entry at lookout showing how and which data is collected and how is send:
Comments
OK, so the all-or-nothing approach to accuracy is especially convenient when defending a platform's vulnerability - we see it all the time in Apple supporters - so I'll accept that argument at face value. However, it is perhaps too convenient to say, "well since they don't toe the mark on one aspect of their report the whole thing is wrong" - as in throwing the baby out with the bathwater - if you've heard the term before. And irresponsible as a stance from a security prespective - rather better to take the vulnerability at face-value and deal with it as real until proven otherwise than to simply shrug it off - yes?
No, I'm not defending Android vulnerability to spyware, I'm arguing about this specific app and the information that have been reported from the beginning.
If you read the thread, my first post was about the permission that has this application and the impossibility that with it the app collected SMS's, browser history, etc.
The way Android Market works makes it less insecure to spyware but this report, or the way it has been disclosed, make it's very doubtful.
They haven't said who accounted the downloads, Android Market shows downloads in ranges: 0-500, 500-1000, ..., 50.000-250.000 and >250.000
The server in china is the server where wallpapers are located for download, so accessing it is no rogue. They haven't said how send data there.
etc, etc.
Wow, Lookout wants to sell software to "protect" us from mobile malware, yet they can't even accurately diagnose a threat before crying wolf.
I'm not sure if they blew it, or if it was misreported. This massive "threat" isn't even mentioned in their blog, so they are clearly in backpedal mode while they try to get their junk in a pile.
That said, every Android app install presents a list of of access permissions and requires explicit user approval before it will install. If you install a wallpaper app and give permission for it to access your phone data, that is your fault for being careless.
Kudos to Apple for trying to create a safe, idiot-proof App world. However, I don't need idiot-proof and would prefer some flexibility. Besides, the recent flashlight-tethering app was approved by Apple and then pulled after all the online buzz about it. So despite Apple's claims, it doesn't appear that they are meticulously examining the code for submitted apps...
SEE!!?? This nails it (thanks shawnb!) The report is in question - don't even know if it is correct at all (credit Gwydion's points there perhaps). This is an expression of PERSONAL PREFERENCE, with teh reasons justifying the choices made. Simple and to the point. None of this, "well, I like bits of this and bits of that, and some other stuff over there are well... aannnd the color's nice too, so I now can justify calling you all to be more reasonable and be like me". *whew*
Now shawnb - one niggling little detail - Apple NEVER claimed to be exhaustively or meticulously examining the code. Point in fact is that Apple is under a lot of pressure by critics to "lighten-up" the review process and allow stuff through more easily. So even though it is reviewed, critics WANT the process to allow challenges like this to happen - in the name of "freedom". But then they are all too willing to attack the process when it does just exactly what they claim they want it to.
Android is open? to data thieves.
rofl OWNED
IMO this is the one major difference between the application stores. With Apple you are guaranteed that when you install an application it comes from the developer you think it does (because they are all signed).
Perfect, because all programmers are trustworthy and no one uses disposable email addresses. Completely airtight solution!
No, I'm not defending Android vulnerability to spyware, I'm arguing about this specific app and the information that have been reported from the beginning.
If you read the thread, my first post was about the permission that has this application and the impossibility that with it the app collected SMS's, browser history, etc.
The way Android Market works makes it less insecure to spyware but this report, or the way it has been disclosed, make it's very doubtful.
They haven't said who accounted the downloads, Android Market shows downloads in ranges: 0-500, 500-1000, ..., 50.000-250.000 and >250.000
The server in china is the server where wallpapers are located for download, so accessing it is no rogue. They haven't said how send data there.
etc, etc.
That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.
"Android Phone Fans" have received clarification from the company.
"[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device?s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail?s password is also not transmitted unless you included the password in your phone?s voicemail number field.
We?re not yet certain on what the developer?s intentions are for using the pieces of data it does send to China ? so we can?t outright call it malicious ? but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone?s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data."
Damn! Facts aren't nearly as much fun as random kvetching. Killjoy!
Meanwhile, we can all rest assured that even without Apple apps letting us know what security risks each app will entail as Android does, everything in the App Store has undergone enough scrutiny to make it completely secure:
In its analysis of free apps on the Android and iPhone marketplaces, Lookout found that fewer Android apps are able to access a person's contact list or retrieve location information compared with iPhone apps, while nearly twice as many iPhone apps can access contact data compared with Android.
http://news.cnet.com/8301-27080_3-20...?tag=mncol;txt
Study finds 14% of free iPhone apps can snoop contacts
A survey of 300,000 applications for both the iPhone and Android devices found that 14 percent of free App Store software has the ability to access a user's contacts on their iPhone.
This week at the Black Hat conference in Las Vegas, Nev., security research firm Lookout revealed that it analyzed more than 300,000 free applications available on both the iPhone App Store and Android Market.
As noted earlier, the mobile security firm revealed a wallpaper application for Google's Android mobile operating system that allegedly captures a handset's SIM card number, subscriber identification and voicemail password, and reportedly sends it to the website www.imnet.us, owned by someone in Shenzhen, China.
In addition, Lookout also discovered that 14 percent of the surveyed free applications available for Apple's iPhone have the capability to access a user's contact data. That's more than on Android, where 8 percent of tested applications could view the contact list.
http://www.appleinsider.com/articles..._contacts.html
Citi Discloses Security Flaw in Its iPhone App
In an incident that highlights the growing security challenges around wireless apps, Citi said its iPhone app accidentally saved information?including account numbers, bill payments and security access codes?in a hidden file on users' iPhones. The information may also have been saved to a user's computer if it had been synched with an iPhone.
http://online.wsj.com/article/SB1000...536355324.html
A useful comparison of security models:
q. Distribution Medium Security: Apple vets every application that is put on the app store while Google?s Market Place is unrestricted. How does this affect you security wise?
a. Approval Process: The biggest myth is that the vetting process is what will save you from malware on app store. IT WON?T. The Apple app approval process isn?t defined anywhere but in general it just states that it checks for apps to do what they say they will do. But they don?t check the source code of the apps and static analysis of binaries can only take you so far (Heck, they have even been inept at catching a whole lot of apps that were using their disallowed private apis which can be found easily using simple tools) . So, anyone actually wanting to write a malware can do it trivially by making the malicious code to run after the app has been approved. The trigger could be time based or could even be done over the web remotely. The app could even have encrypted payloads or download new pieces of code over the web and run them. So, we can safely say that approval process is something that can?t make things secure for you that way.
http://tech.shantanugoel.com/2010/06...ty-models.html
It saved banking data IN the bank app itself IN the iPhone. Not sending the data to Some hacker in China. Big difference.
You are 1/3 correct. It saved data but it saved that data outside of the app in an unsecured folder on the iPhone device (basically it was lazy developers). Meaning that app (or any other if they knew about this) could access that unsecured folder and get at your banking data.
Also vilifying Android is kind of dumb considering there has been apps that have passed Apple's strict security and compromised user data in the past. Saying it has never and will never happen again on an iDevice is living inside your own walled garden. Have some sense, people. There are millions of Apple devices being used and to think hackers and criminals won't try different things to compromise that data means you are blind to everything Apple.
EDIT: It is better to be a defensive driver than not to be. Apple is just as susceptible as other mobile devices. You should not think otherwise.
But the Flashlight App did exactly what it was supposed to do, although thru the back door. I already had two great Flashlight Apps but I did need a tethering App to help me consume my 2GB data plan minutes. I normally use 200-350MB /month so the months I would go over the 250MB would greatly exceed the price difference of the 2GB plan. And there are times when I want (Need) to use my laptop in the wild and this little tool in my toolbox will keep me from running to find a free WiFi hotspot
Yes, it did what it was intended to do. I already said that. As did the wallpaper app.
You seemingly missed the point.
Apple forbids tethering apps from the AppStore, but even with its so-called "walled garden", the app got through. Apple only pulled it when they found out from blogs that the tethering functionality was embedded within the Flashlight app.
Depending on what the wallpaper dev's purposes are in collecting your cellphone data, you can argue that his app does exactly what it was supposed to do too. It's not a great comfort to me that both markets deliver apps that have hidden payloads which deliver functions I'm not signing up for.
The walled garden has a few doors in it apparently.
The walled garden has a few doors in it apparently.
WAYYYYYYYYYYYYY FEWER than Android's.
Now shawnb - one niggling little detail - Apple NEVER claimed to be exhaustively or meticulously examining the code.
Agreed, but it is implied that the App store approval process vastly enhances end-user privacy and security. If Apple isn't exhaustively examining code, I would question whether the "strict vetting process" (per the article) really enhances end-user security. Apple could proactively pull any blatantly obvious malware, but any serious malicious effort would be cleverly hidden.
Google also has the "kill switch" ability to remotely pull malicious apps that were installed via the Android Market, so I don't see any iOS advantage there.
In light of this, I would argue that the only real security difference between iOS and Android is that Android has the *ability* to manually install 3rd party software.
BUT... this is rarely done by the "average" user because it literally requires the same level of technical skill and effort as jailbreaking iOS, and is usually unnecessary (since any legitimate app can be placed in the Market).
these things are more likely to happen on Android phones due to the fact that ANDROID and the ENTIRE ANDROID ecosystem is insecure.
Repeating it a milion times won't make it more true
That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.
You won't read those rant from me, I like like iOS but as you have said, "I am content that my phone works precisely the way I desire it to", perhaps with iOS 4 I will return to iPhone.
But the Flashlight App did exactly what it was supposed to do, although thru the back door. I already had two great Flashlight Apps but I did need a tethering App to help me consume my 2GB data plan minutes. I normally use 200-350MB /month so the months I would go over the 250MB would greatly exceed the price difference of the 2GB plan. And there are times when I want (Need) to use my laptop in the wild and this little tool in my toolbox will keep me from running to find a free WiFi hotspot
Im not denying that it was necessary its simply an example that things slip through apples fingers. The apps usefulness has nothing to do with it
these things are more likely to happen on Android phones due to the fact that ANDROID and the ENTIRE ANDROID ecosystem is insecure.
Actually, if you examine facts, both platforms have exactly the same number of true security threats -- zero. Well, technically one if you count the user behind the keyboard, which is the most insecure link of either platform.
Arguing Android security reminds me a lot of arguing OS X security. Yes, it could happen. But it has not. If it were so easy, it should be a rampant problem already. Until it becomes a real problem it is FUD, speculation, and much ado about nothing.
I am as worried about my Android phone as my Macs. Actually less, because I have far less personal information on the phone.
It?s interesting, for the past decade we?ve been hearing that Macs don?t get viruses because their marketshare is too small to be a concern.
Yet, Macs had viruses well before Mac OS X was introduced, back when they sold a lot less units and had even less marketshare. That doesn?t consider the fact that Mac sales are about double that of the average PC sale which indicates that Mac users may be a better target for thieves due to more disposable income to access.
This completely shatters that pejorative security through obscurity mantra that since Android has less marketshare than iOS devices.
Well, at least Norton has a chance to make some money on smartphones now.
Sure, anything can happen. There are exploits in code and brilliant though unethical coders that find other ingenious ways to circumvent security, but Apple did conceive and implement a foundation that makes this harder.
The objective of a curated platform is place a policy before the very first user gets infected. There will always be a program(s) that will try to circumvent this but putting such a policy will make it bit harder to do.
But, not having a policy and reciting the poem of openness just shows that the company just wants to walk away from investing resources for testing the application & raising flags to the developers. And, the only objective is pull personal data out for it's own profit. The basic question is for any CE company is how much Pro-consumer it is (every single customer matters because it's not an Ad money).
How do you say that is Mandarin?
Here?s an argument that backs up his point.
Andriods Trip of Death to China
http://mobile.engadget.com/2010/07/2...bably-sending/
Call us jaded, bitter or just downright unlucky, but we've received more new Citi card digits in the past two years than we know what to do with. Every other month or so, some prankster is breaking into some database and compromising some quantity information over at Citi (or at least that's how it seems), and now the frustrations have spilled over into the mobile realm. Citigroup recently fessed up to a security flaw in its iPhone app, and even Apple has joined in encouraging users to upgrade in order to maintain their dignity, identity and sanity. According to reports, just over 117,000 customers were affected, though "the bank doesn't believe any personal data was exposed by the flaw." Of course, if you'd like that to remain the case, we'd suggest you upgrade right away.
IMO this security flaw is more dangerous to the consumer then the android app since it allows anyone to gain access to your credit card number where as the android app just sent limited and trivial information about your phone to some chinese server.
Futher FUD by appleinsider disproved by engadget:
Update: We received a note from Jussi Nieminen, who indicated the data fields being retrieved, as reported by VentureBeat, are incorrect. Texting and browser history are apparently not retrieved, but your phone number, phone ID, and voicemail fields are. And, since it's not unheard of for voicemail entries to include a password when setup on a phone, it's possible they could wind up with that too. Also, the popularity of the app was apparently misstated, with actual downloads somewhere south of 250,000
Now stop blowing this out of proportion kthx
That security companies are perennially crying wolf at whatever market segment they thing will attract them the most attention - so yeah - you and I are in agreement about being generally (and in your case specifically) skeptical about the report. I confess I get a little tired of the Android defensiveness - I have many friends who go to great pains to try and show me that their Android is "as good" or "better than" the iPhone I use. I am happy they are happy with their phones - I want them to be, but I never do that to them, I am content that my phone works precisely the way I desire it to. But for some it is not enough to merely enjoy their device - they have to make others UNhappy about theirs as well (in both camps frankly). Just like Androidies coming into the fora here and ranting endlessly about how Android is going to "kill" the Apple iPhone, how Apple App Store suxxors to teh maxx, and so on. It's the frothy gibbering and raging that clouds and obscures the rational and lively conversation that could occur, and gives rise to the desire to challenge the sillier statements and the occasional troll.
Blog entry at lookout showing how and which data is collected and how is send:
http://blog.mylookout.com/2010/07/mo...hat/#more-1380