New Android malware could produce Chinese botnet, harvest personal data

24

Comments

  • Reply 21 of 69
    Quote:
    Originally Posted by Aeolian View Post


    I've always been stumped as to why the term "walled garden" is bad. Does anyone else here plant food? Without some type of protection the rodents (squirrels and chipmunks along with many others) take everything you've worked for. All of your hard efforts get eaten by something that didn't put in the labor to have it.



    I would love for someone to explain to me how a 'walled garden' is a bad thing... the plants can actually 'fruit' or the flowers will actually blossom?...



    Help me out here please.



    It has it's advantages but imo it's critizised because once you are in there you are the owners b*tch for-e-ver.
  • Reply 22 of 69
    Quote:
    Originally Posted by quinney View Post


    That little green robot will look cute on Easter.







    Quote:
    Originally Posted by Aeolian View Post


    I've always been stumped as to why the term "walled garden" is bad. Does anyone else here plant food? Without some type of protection the rodents (squirrels and chipmunks along with many others) take everything you've worked for. All of your hard efforts get eaten by something that didn't put in the labor to have it.



    I would love for someone to explain to me how a 'walled garden' is a bad thing... the plants can actually 'fruit' or the flowers will actually blossom?...



    Help me out here please.



    "Walled Garden" is a term people like to use to try and convince you that Apple is anti-freedom, evil, controlling and locking you in all for the sake of ever higher prices. It's a scare tactic designed to make you think that if you go Apple there is no turning back or getting out, ever, and you'll become less American and pay higher taxes.



    Quote:
    Originally Posted by EDMStitchy View Post


    Recently at a At&t store looking at phones and briefly looked at the Galaxy Tab, preloaded on the home screen is the AVG application. I thought to myself it's the same shit like Microsoft, will people ever learn?, will people fall in the same trap as the industry did with Microsoft?. Who knows what the future will hold for portable devices.



    2nd best and crappy wins out for the masses because it can be produced in insanely huge quantities and is cheaper. Android looks to follow that path.
  • Reply 23 of 69
    jfanningjfanning Posts: 3,398member
    Quote:
    Originally Posted by nvidia2008 View Post


    Nope, you just download any app and it has access to do pretty much anything it wants to do.



    Are you honestly complaining that an SMS applications can have access to your SMS messages?
  • Reply 24 of 69
    flaneurflaneur Posts: 4,526member
    Quote:
    Originally Posted by nvidia2008 View Post


    "Walled Garden" is a term people like to use to try and convince you that Apple is anti-freedom, evil, controlling and locking you in all for the sake of ever higher prices. It's a scare tactic designed to make you think that if you go Apple there is no turning back or getting out, ever, and you'll become less American and pay higher taxes.



    Hah -- well said.
  • Reply 25 of 69
    wovelwovel Posts: 956member
    Quote:
    Originally Posted by Flaneur View Post


    Hah -- well said.







    Caught the edit. But your point was well taken
  • Reply 26 of 69
    MarvinMarvin Posts: 14,754moderator
    Quote:
    Originally Posted by sciwiz View Post


    So, if I'm understanding this correctly, after I, of my own volition, check the option to download from unknown sources in the settings, I probably shouldn't download apps from a no name Chinese web site. Got it.



    No but it's probably going to affect international users more. They will have cultures that drive them to different store models with different content and they will take some of the popular apps, inject them with trojans and put them on the store. The store itself would be trusted, the app developer would be trusted, it's the process by which the app gets onto the store which isn't.



    Google can require that developers provide hash verifications of their apps and that way it at least limits trojans to bad developers.
  • Reply 27 of 69
    Quote:
    Originally Posted by _kovos_ View Post


    It has it's advantages but imo it's critizised because once you are in there you are the owners b*tch for-e-ver.



    And now, you and your personal data are the chinese hacker's b*tch for-e-ver!
  • Reply 28 of 69
    gwydiongwydion Posts: 1,083member
    Quote:
    Originally Posted by nvidia2008 View Post


    Honestly, just look at those permissions for simple apps... Any rational person would question

    the whole scheme of Android permissions. The dialog box should just read:



    So, is strange than an SMS application has permission to read and send SMS and a GPS Track logger made by Google and that is linked with your Google Account has permission to track your location and connect yo your google account?
  • Reply 29 of 69
    istudistud Posts: 193member
    Quote:
    Originally Posted by Gwydion View Post


    So, is strange than an SMS application has permission to read and send SMS and a GPS Track logger made by Google and that is linked with your Google Account has permission to track your location and connect yo your google account?



    Why would a tracking app need access to more than my location? Why does it need access to my google account! Perhaps, so that it can spam the local shops?
  • Reply 30 of 69
    Quote:
    Originally Posted by nvidia2008 View Post


    "Walled Garden" is a term people like to use to try and convince you that Apple is anti-freedom, evil, controlling and locking you in all for the sake of ever higher prices. It's a scare tactic designed to make you think that if you go Apple there is no turning back or getting out, ever, and you'll become less American and pay higher taxes.



    Yup. It's an evil socialist plot.
  • Reply 31 of 69
    Quote:
    Originally Posted by Gwydion View Post


    So, is strange than an SMS application has permission to read and send SMS and a GPS Track logger made by Google and that is linked with your Google Account has permission to track your location and connect yo your google account?



    Quote:
    Originally Posted by iStud View Post


    Why would a tracking app need access to more than my location? Why does it need access to my google account! Perhaps, so that it can spam the local shops?



    Quote:
    Originally Posted by jfanning View Post


    Are you honestly complaining that an SMS applications can have access to your SMS messages?



    There are two issues right now I see with Android permissions.



    The first is apps that request permissions for things that you do not want it to access, for example a tracking app linking up with your entire Google Account, or a Wallpaper app that wants access to "Phone Calls", as shown in the screenshot.



    Secondly, more pertinently, is that the issue is not that "An SMS app needs access to SMS". The point is that once you have granted permission that app can then send SMS's behind your back without you knowing. Apple's iOS and App Store has various layers that prevent this sort of thing. From private API use, to some level of human-checking of apps and a reasonably robust review and rating system.
  • Reply 32 of 69
    gwydiongwydion Posts: 1,083member
    Quote:
    Originally Posted by nvidia2008 View Post


    There are two issues right now I see with Android permissions.



    The first is apps that request permissions for things that you do not want it to access, for example a tracking app linking up with your entire Google Account, or a Wallpaper app that wants access to "Phone Calls", as shown in the screenshot.



    The example is an app from Google linked to Google Maps, so it needs access to your Google Account.



    The second (the wallpaper) show one problem with Android permissions, granularity or, perhaps, better grouping. READ_PHONE_STATE permission has to be allowed to read de phone UUID. Maybe it has to be splited to only access this info.



    Quote:
    Originally Posted by nvidia2008 View Post


    Secondly, more pertinently, is that the issue is not that "An SMS app needs access to SMS". The point is that once you have granted permission that app can then send SMS's behind your back without you knowing. Apple's iOS and App Store has various layers that prevent this sort of thing. From private API use, to some level of human-checking of apps and a reasonably robust review and rating system.





    Well, there is a compromise
  • Reply 33 of 69
    The World should have gone against China ages ago, not against some invisible, nonexistent enemy or countries that has nothing to do with this nonexistent enemy.
  • Reply 34 of 69
    Quote:
    Originally Posted by nvidia2008 View Post


    Secondly, more pertinently, is that the issue is not that "An SMS app needs access to SMS". The point is that once you have granted permission that app can then send SMS's behind your back without you knowing. Apple's iOS and App Store has various layers that prevent this sort of thing. From private API use, to some level of human-checking of apps and a reasonably robust review and rating system.



    Maybe I'm missing it, but what is stopping an SMS app from doing the same thing on an iPhone? Human checking of apps? That's not exactly an infallible process, like the camera app that just got yanked because it changed the volume button's function and was prominently listing that as a feature of the program.
  • Reply 35 of 69
    Quote:
    Originally Posted by jfanning View Post


    Are you honestly complaining that an SMS applications can have access to your SMS messages?



    No, we're pointing out that there's no security when that SMS application, which may in fact have a legitimate need to access your SMSes, can also read them all, archive them, mine them for information like your friends' contact details, and sell those details or use them for spamming purposes.



    They can search your SMSes for other details like credit card numbers and passwords, if you're stupid enough to send those things over SMS communications.



    With no screening process, how on Earth can you be sure these things aren't happening right now?
  • Reply 36 of 69
    Maybe we should check the code the Chinese are loading into all those Lenovo laptops.
  • Reply 37 of 69
    Quote:
    Originally Posted by Marvin View Post


    No but it's probably going to affect international users more. They will have cultures that drive them to different store models with different content and they will take some of the popular apps, inject them with trojans and put them on the store. The store itself would be trusted, the app developer would be trusted, it's the process by which the app gets onto the store which isn't.



    Google can require that developers provide hash verifications of their apps and that way it at least limits trojans to bad developers.



    So most AMERICAN Android users have little to worry about?



    What utter BS.



    I want to know the apps I download have been through Apple's rigorous clearing process. Nerds who've bought Google's PR garbage may call that a walled garden. I call it safe computing.
  • Reply 38 of 69
    istudistud Posts: 193member
    Quote:
    Originally Posted by Gwydion View Post


    The example is an app from Google linked to Google Maps, so it needs access to your Google Account.




    I can use google maps without having to login to any google account. It is not a prerequisite on a computer, why do they make it needed in an Android device? Your point doesn't make sense to me, sorry.
  • Reply 39 of 69
    gwydiongwydion Posts: 1,083member
    Quote:
    Originally Posted by iStud View Post


    I can use google maps without having to login to any google account. It is not a prerequisite on a computer, why do they make it needed in an Android device? Your point doesn't make sense to me, sorry.



    And you can use Mytracks without linking it with an account but it can upload the tracks to Google Maps or as an spreadsheet to Google docs and then it must be linked to an account.



    Is not a requeisite to link an account but if you want to link it it has to be allowed though permissions
  • Reply 40 of 69
    MarvinMarvin Posts: 14,754moderator
    Quote:
    Originally Posted by JakeBarnes View Post


    So most AMERICAN Android users have little to worry about?



    What utter BS.



    People who use the popular, supported, centralised Marketplaces would have less to worry about trojans being injected onto popular apps. Those Marketplaces are not available everywhere and the app distribution method is more prone to corruption. The trojan in question arose in China and I see it being more problematic in countries where the app store is not so readily available.



    Quote:
    Originally Posted by JakeBarnes View Post


    I want to know the apps I download have been through Apple's rigorous clearing process. Nerds who've bought Google's PR garbage may call that a walled garden. I call it safe computing.



    Of course Apple's method is safer for the end user but Google are right too that it is restrictive. I like the security that Apple's method allows. I don't like having to jailbreak it to run an emulator or customise it.
Sign In or Register to comment.