Is there anyone out there who still wants iMessage for Android? ;-) All Google keys are stolen by the malware... Apple keys would be stolen too…
Wouldn't that only be a user and device-specific key, which is easily resolved?
How easily? How would Apple know that that Android user's keys are stolen and would revoke them? All that user's encrypted communication would go busted, photos leaked etc... And the blame would be on iMessage after such a leakage...
As previously stated, it's per device, not user. They certainly can't pop that onto another device and if they're already on your current device you have actual account issues to worry about, not just a device key.
If they get to the private key, they can do all nefarious things, on that device or another. I don't understand what you mean. Once you get device A's key, you can impersonate yourself as device A and get to all communication encrypted with that key. In iOS, your device key is secured by your fingerprint, which is in turn secured by the secure enclave within the CPU. Since there is no secure enclave in Android phones, all keys can be stolen.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
What is a typical Android user? Most Android devices sold worldwide are low-end junk phones. Do you think people who buy $50 phones are going to spend money on Apps from Google Play? That is, if their phone even came with Google Play. There's a good chance their phone came with its own App store that was created by the device manufacturer, the carrier or another third party. Don't you ever wonder about those "other" 300 million Android smartphones sold every quarter?
A new strain of Android malware dubbed "Gooligan," thought to be "the largest Google account breach to date," is already in active circulation and three-fourths of the Android installed base is vulnerable. Once infected, devices give hackers access to the users' Gmail, Google Photos, Docs, Drive and other Google services accounts.
Inaccurate. In truth only around 8% of active Android devices are vulnerable. 92% of the older Android 4 and 5 smartphones are shielded from the exploits via Verify Apps which protects those users who intentionally bypass security settings to sideload apps from unofficial 3rd party sites. (This malware isn't in the Play Store) . If you read Checkpoints comments I believe they themselves pointed that out.
EDIT: Yes they did. "Check Point also notes that Google's "Verify Apps" technology has been updated to deal with apps using vulnerabilities like this. That's significant because, while it doesn't help devices that are already compromised, it roadblocks future installations on 92 percent of active Android devices, even without the need for firmware updates."
"So as significant as a million compromised accounts sounds, this is also an example of Google's security strategy for app-based malware working as designed, blocking installations of affected apps across the vast majority of the ecosystem."
Not quite. It says that 92% of devices not already infected are protected, which is different from 92% of devices. If a significant number of devices are already infected then this is a serious problem.
Still, this is a very important piece of information that should have been included in the original story.
Personally, I put folk who use third-party app stores in the same class as I put folk who jailbreak their iPhones: they know the risks; they're on their own.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
A new strain of Android malware dubbed "Gooligan," thought to be "the largest Google account breach to date," is already in active circulation and three-fourths of the Android installed base is vulnerable. Once infected, devices give hackers access to the users' Gmail, Google Photos, Docs, Drive and other Google services accounts.
Inaccurate. In truth only around 8% of active Android devices are vulnerable. 92% of the older Android 4 and 5 smartphones are shielded from the exploits via Verify Apps which protects those users who intentionally bypass security settings to sideload apps from unofficial 3rd party sites. (This malware isn't in the Play Store) . If you read Checkpoints comments I believe they themselves pointed that out.
EDIT: Yes they did. "Check Point also notes that Google's "Verify Apps" technology has been updated to deal with apps using vulnerabilities like this. That's significant because, while it doesn't help devices that are already compromised, it roadblocks future installations on 92 percent of active Android devices, even without the need for firmware updates."
"So as significant as a million compromised accounts sounds, this is also an example of Google's security strategy for app-based malware working as designed, blocking installations of affected apps across the vast majority of the ecosystem."
Not quite. It says that 92% of devices not already infected are protected, which is different from 92% of devices. If a significant number of devices are already infected then this is a serious problem.
Still, this is a very important piece of information that should have been included in the original story.
Personally, I put folk who use third-party app stores in the same class as I put folk who jailbreak their iPhones: they know the risks; they're on their own.
The problem is that can end up there, kind of by accident through phishing and those outside sources can be obfuscated.
Also, supposedly Google is open source, your arguments points to the fact that it is not really (there are many other reasons too)... And that's why the EU is going to rip their shit up.
If all Gooligan wants to do is boost some app ratings and force more ads to appear on your wannabe-iPhone, then I would have to agree: why would Android users even care? Par for the course, where they live.
Soli: I'm skeptical of your Cydia comparison. (a) What tiny percentage of iPhone users have even hacked ("jailbroken") their phone so that it can use Cydia at all, not to mention actually used Cydia, and (b) What Gooligan-like scourge is currently hitting 1M+ Cydia users?
It reminds me of how for many years running, we keep hearing that macOS is just as vulnerable to infection as Windows, but in the real world that somehow never translates to the same malware festival. (Security-through-obscurity used to be the fallback explanation, but when half the laptops on display at Starbucks have an Apple logo on the back of them, you start to wonder if the security experts know half as much as they pretend to.)
One more point: Isn't Android's openness supposed to be a big selling point, making it superior to the "walled garden" of iOS? If stick-to-Google-Play is the answer, then what happened to Android openness?
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected. That's like saying there have only been 13 Note 7 fires.
BTW, did anyone bother to read the blog post by Adrian Ludwig? Here's a quote from him:
"We’ve removed apps associated with the Ghost Push family from Google Play. We also removed apps that benefited from installs delivered by Ghost Push to reduce the incentive for this type of abuse in the future."
So so much for this only affecting third party App stores.
Hahahaha - suck it up, goog! So glad all those paid- and/or hatred jerks convinced so many that Apple was evil/failing/not to be trusted. Goog really is eating its own dog food now. All those people mislead by the stigma promulgated against the walled garden of iOS can more thoroughly experience the benefits of a pseudo-open operating system.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected.
Did you have a source that it's "ridiculous" or just winging it? Honest question as I've not seen stats on how many devices run Google Android compared to some third party build based on open-source Android code. Do you think Google should be responsible for the OS on some forked version of Android in China? TBH it's to Google's credit that unlike some mobile OS providers they do make an attempt, and can do so quickly, to protect even those who don't want to use Google Play and it's vetted apps and intentionally disable/bypass default security and the multiple warnings when doing so just to get the content free instead. That's even if their phone provider fails to offer an OS update or at least a security update, as is too frequently the case.
China of course is a different issue where the government is the primary obstacle and hardly attributable to Google who offers security updates available to even forked versions.
Anyway, bypassing security settings, particularly in the current climate where even official builds from Apple and Google are under increasing attacks, is not all that unlike those jailbreakers who go to Cydia or some other 3rd party iOS-compatible store to get free stuff is it? Should Apple too offer a version of Verify Apps to give them at least some piece of mind to iPhone owners straying outside the garden? If not why not?
As for malware installs from this still going on again I've not seen mention of that anywhere else, but apparently you have? BTW I think you might be misreading the Ludwig quote you posted. It is not saying that Ghost Push was in the Play Store. Google is removing Google Play apps associated with the offending 3rd party apps effortGhost Pust promoted revenue-generating apps in Google Play that the cheats were getting shared revenue from. At least that's how I've seen it explained. The malware itself didn't exist there AFAIK.
A new strain of Android malware dubbed "Gooligan," thought to be "the largest Google account breach to date," is already in active circulation and three-fourths of the Android installed base is vulnerable. Once infected, devices give hackers access to the users' Gmail, Google Photos, Docs, Drive and other Google services accounts.
Inaccurate. In truth only around 8% of active Android devices are vulnerable. 92% of the older Android 4 and 5 smartphones are shielded from the exploits via Verify Apps which protects those users who intentionally bypass security settings to sideload apps from unofficial 3rd party sites. (This malware isn't in the Play Store) . If you read Checkpoints comments I believe they themselves pointed that out.
EDIT: Yes they did. "Check Point also notes that Google's "Verify Apps" technology has been updated to deal with apps using vulnerabilities like this. That's significant because, while it doesn't help devices that are already compromised, it roadblocks future installations on 92 percent of active Android devices, even without the need for firmware updates."
"So as significant as a million compromised accounts sounds, this is also an example of Google's security strategy for app-based malware working as designed, blocking installations of affected apps across the vast majority of the ecosystem."
Anyone staying on Android deserves what they get at this point.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected.
Did you have a source that it's "ridiculous" or just winging it? Honest question as I've not seen stats on how many devices run Google Android compared to some third party build based on open-source Android code. Do you think Google should be responsible for the OS on some forked version of Android in China? TBH it's to Google's credit that unlike some mobile OS providers they do make an attempt, and can do so quickly, to protect even those who don't want to use Google Play and it's vetted apps and intentionally disable/bypass default security and the multiple warnings when doing so just to get the content free instead. That's even if their phone provider fails to offer an OS update or at least a security update, as is too frequently the case.
China of course is a different issue where the government is the primary obstacle and hardly attributable to Google who offers security updates available to even forked versions.
Anyway, bypassing security settings, particularly in the current climate where even official builds from Apple and Google are under increasing attacks, is not all that unlike those jailbreakers who go to Cydia or some other 3rd party iOS-compatible store to get free stuff is it? Should Apple too offer a version of Verify Apps to give them at least some piece of mind to iPhone owners straying outside the garden? If not why not?
As for malware installs from this still going on again I've not seen mention of that anywhere else, but apparently you have? BTW I think you might be misreading the Ludwig quote you posted. It is not saying that Ghost Push was in the Play Store. Google is removing Google Play apps associated with the offending 3rd party apps effortGhost Pust promoted revenue-generating apps in Google Play that the cheats were getting shared revenue from. At least that's how I've seen it explained. The malware itself didn't exist there AFAIK.
Check Point mentioned there were still 13,000 per day.
I have a question for you, a very simple one. Do you think Verify Apps has been installed on 100% of the possibly infected devices? I'm talking about Google Play Services phones, not Android forks or Android phones that ship without GPS.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected.
Did you have a source that it's "ridiculous" or just winging it? Honest question as I've not seen stats on how many devices run Google Android compared to some third party build based on open-source Android code. Do you think Google should be responsible for the OS on some forked version of Android in China? TBH it's to Google's credit that unlike some mobile OS providers they do make an attempt, and can do so quickly, to protect even those who don't want to use Google Play and it's vetted apps and intentionally disable/bypass default security and the multiple warnings when doing so just to get the content free instead. That's even if their phone provider fails to offer an OS update or at least a security update, as is too frequently the case.
China of course is a different issue where the government is the primary obstacle and hardly attributable to Google who offers security updates available to even forked versions.
Anyway, bypassing security settings, particularly in the current climate where even official builds from Apple and Google are under increasing attacks, is not all that unlike those jailbreakers who go to Cydia or some other 3rd party iOS-compatible store to get free stuff is it? Should Apple too offer a version of Verify Apps to give them at least some piece of mind to iPhone owners straying outside the garden? If not why not?
As for malware installs from this still going on again I've not seen mention of that anywhere else, but apparently you have? BTW I think you might be misreading the Ludwig quote you posted. It is not saying that Ghost Push was in the Play Store. Google is removing Google Play apps associated with the offending 3rd party apps effortGhost Pust promoted revenue-generating apps in Google Play that the cheats were getting shared revenue from. At least that's how I've seen it explained. The malware itself didn't exist there AFAIK.
Check Point mentioned there were still 13,000 per day.
I have a question for you, a very simple one. Do you think Verify Apps has been installed on 100% of the possibly infected devices? I'm talking about Google Play Services phones, not Android forks or Android phones that ship without GPS.
Verify Apps is part of Play Services, installed and activated by default on your Google Android Device with Android 4.2 and up. That means 92% (and growing) of currently used Google Android devices had it enabled automatically. Older devices running very old Android versions like Gingerbread can still enable and be protected by it, but it has to be done manually instead of automatically.
So in a nutshell 92% of current devices are not vulnerable to an installation of this malware today with Verify Apps active, and nearly all of the remaining 8% could be if they'd turn Verify Apps on.
Smartphone Security is a big concern in this topic. Google needs to start being equal to all Android Smartphone Providers and if Google doesn't improve the relation between lower-end Android Users and those manufacturers, the Android Platform may be doomed as we speak.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected.
Did you have a source that it's "ridiculous" or just winging it? Honest question as I've not seen stats on how many devices run Google Android compared to some third party build based on open-source Android code. Do you think Google should be responsible for the OS on some forked version of Android in China? TBH it's to Google's credit that unlike some mobile OS providers they do make an attempt, and can do so quickly, to protect even those who don't want to use Google Play and it's vetted apps and intentionally disable/bypass default security and the multiple warnings when doing so just to get the content free instead. That's even if their phone provider fails to offer an OS update or at least a security update, as is too frequently the case.
China of course is a different issue where the government is the primary obstacle and hardly attributable to Google who offers security updates available to even forked versions.
Anyway, bypassing security settings, particularly in the current climate where even official builds from Apple and Google are under increasing attacks, is not all that unlike those jailbreakers who go to Cydia or some other 3rd party iOS-compatible store to get free stuff is it? Should Apple too offer a version of Verify Apps to give them at least some piece of mind to iPhone owners straying outside the garden? If not why not?
As for malware installs from this still going on again I've not seen mention of that anywhere else, but apparently you have? BTW I think you might be misreading the Ludwig quote you posted. It is not saying that Ghost Push was in the Play Store. Google is removing Google Play apps associated with the offending 3rd party apps effortGhost Pust promoted revenue-generating apps in Google Play that the cheats were getting shared revenue from. At least that's how I've seen it explained. The malware itself didn't exist there AFAIK.
Why should Apple ever support Jailbreakers?
iOS is not open, Apple has worked since day one to block jailbreaks, the number of jailbreakers is small, and there's no economic benefit at all to the ecosystem. This is a classic strawman argument that you bring up to make it appear that Apple and Google are equivalent. They are not. If anything, Google has made many moves, the Pixel XL being a prime example, to emulate Apple's successful closed system, under the guise of reducing chaos in the Android OS marketplace.
Google, on the other hand, benefits from the nominally "open" Android OS, markets it this way, and even benefits from "forks" in the case of establishing an Android like experience for users who may move up to Android OS products in the future.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected.
Did you have a source that it's "ridiculous" or just winging it? Honest question as I've not seen stats on how many devices run Google Android compared to some third party build based on open-source Android code. Do you think Google should be responsible for the OS on some forked version of Android in China? TBH it's to Google's credit that unlike some mobile OS providers they do make an attempt, and can do so quickly, to protect even those who don't want to use Google Play and it's vetted apps and intentionally disable/bypass default security and the multiple warnings when doing so just to get the content free instead. That's even if their phone provider fails to offer an OS update or at least a security update, as is too frequently the case.
China of course is a different issue where the government is the primary obstacle and hardly attributable to Google who offers security updates available to even forked versions.
Anyway, bypassing security settings, particularly in the current climate where even official builds from Apple and Google are under increasing attacks, is not all that unlike those jailbreakers who go to Cydia or some other 3rd party iOS-compatible store to get free stuff is it? Should Apple too offer a version of Verify Apps to give them at least some piece of mind to iPhone owners straying outside the garden? If not why not?
As for malware installs from this still going on again I've not seen mention of that anywhere else, but apparently you have? BTW I think you might be misreading the Ludwig quote you posted. It is not saying that Ghost Push was in the Play Store. Google is removing Google Play apps associated with the offending 3rd party apps effortGhost Pust promoted revenue-generating apps in Google Play that the cheats were getting shared revenue from. At least that's how I've seen it explained. The malware itself didn't exist there AFAIK.
Why should Apple ever support Jailbreakers?
iOS is not open, Apple has worked since day one to block jailbreaks, the number of jailbreakers is small, and there's no economic benefit at all to the ecosystem. This is a classic strawman argument that you bring up to make it appear that Apple and Google are equivalent. They are not. If anything, Google has made many moves, the Pixel XL being a prime example, to emulate Apple's successful closed system, under the guise of reducing chaos in the Android OS marketplace.
Google, on the other hand, benefits from the nominally "open" Android OS, markets it this way, and even benefits from "forks" in the case of establishing an Android like experience for users who may move up to Android OS products in the future.
You mentioned a good reason for Apple not to assist those who choose not to buy directly from the App Store. By the way it's hardly a strawman when you yourself manage to argue the point.
This is akin to saying that the iPhone is vulnerable to apps with malware if you use Cydia. Typical users aren't likely to go outside Google Play so I don't see this as an issue, not to mention where gatorguy notes that most versions of Android already protect against this very thing. It's really a non story.
The difference is that Apple doesn't condone Cydia, which is tantamount to jail breaking. While Google doesn't vouch for other app stores, they and their fans have claimed for years that Apple's Walled Garden was WRONG, and that Android was superior because it was "more open." And now you want to praise the virtues of Google's Walled Garden. What do I make of that apparent cognitive dissonance? Is this another case of "it's only wrong when Apple does it"?
Those that argue both sides are hypocrites, and those pro-Android/anti-Apple people really don't come onto this forum anymore using that argument. But even if they did, the fact still remains that typical Android users aren't going outside of Google Play, hence it's not an issue for the typical Android user.
Right... Not outside Google Play, you realize these phishing hacks directs them outside Google play hmmmm? Seems that kinda slipped your mind. That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Have you met a typical Android user? They'd be better off with an iPhone but they have this anti-Apple/control notion in their head, but they aren't technologically savvy. They won't be able to use 3rd-party app stores. The takes a concerted effort. Maybe you'll get some ignorant kid with aptitude doing it, but not likely, which is why this breach is only at 1M and not 1.4B. That's 0.07%. Why try to make this out to be a bigger issue than it is simply because you have an irrational hate for Android. Apple has had much worse issue that affected multiple OSes this past Summer that didn't involve the user installing any app, but I don't recall you acting that concerned over it.
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected.
Did you have a source that it's "ridiculous" or just winging it? Honest question as I've not seen stats on how many devices run Google Android compared to some third party build based on open-source Android code. Do you think Google should be responsible for the OS on some forked version of Android in China? TBH it's to Google's credit that unlike some mobile OS providers they do make an attempt, and can do so quickly, to protect even those who don't want to use Google Play and it's vetted apps and intentionally disable/bypass default security and the multiple warnings when doing so just to get the content free instead. That's even if their phone provider fails to offer an OS update or at least a security update, as is too frequently the case.
China of course is a different issue where the government is the primary obstacle and hardly attributable to Google who offers security updates available to even forked versions.
Anyway, bypassing security settings, particularly in the current climate where even official builds from Apple and Google are under increasing attacks, is not all that unlike those jailbreakers who go to Cydia or some other 3rd party iOS-compatible store to get free stuff is it? Should Apple too offer a version of Verify Apps to give them at least some piece of mind to iPhone owners straying outside the garden? If not why not?
As for malware installs from this still going on again I've not seen mention of that anywhere else, but apparently you have? BTW I think you might be misreading the Ludwig quote you posted. It is not saying that Ghost Push was in the Play Store. Google is removing Google Play apps associated with the offending 3rd party apps effortGhost Pust promoted revenue-generating apps in Google Play that the cheats were getting shared revenue from. At least that's how I've seen it explained. The malware itself didn't exist there AFAIK.
Why should Apple ever support Jailbreakers?
iOS is not open, Apple has worked since day one to block jailbreaks, the number of jailbreakers is small, and there's no economic benefit at all to the ecosystem. This is a classic strawman argument that you bring up to make it appear that Apple and Google are equivalent. They are not. If anything, Google has made many moves, the Pixel XL being a prime example, to emulate Apple's successful closed system, under the guise of reducing chaos in the Android OS marketplace.
Google, on the other hand, benefits from the nominally "open" Android OS, markets it this way, and even benefits from "forks" in the case of establishing an Android like experience for users who may move up to Android OS products in the future.
You mentioned a good reason for Apple not to assist those who choose not to buy directly from the App Store. By the way it's hardly a strawman when you yourself manage to argue the point.
I argued the point that Apple has never supported third party stores, and Android OS has; hence your strawman.
Android OS third party app stores, albeit this is an old list;
"For users who download apps from alternative app stores, there’s the added task of having to enable downloads from these new sites in order to be able to get the apps on your Android device.
In order to do that, a user will need to go into their Settings menu, click on “Security” and then again on “Unknown Sources.” Users should also be aware that malware can sometimes be a problem but, if they download an Android security app first and exercise prudent judgment with the content they procure, malware and related security risks can be greatly mitigated."
Comments
What is a typical Android user? Most Android devices sold worldwide are low-end junk phones. Do you think people who buy $50 phones are going to spend money on Apps from Google Play? That is, if their phone even came with Google Play. There's a good chance their phone came with its own App store that was created by the device manufacturer, the carrier or another third party. Don't you ever wonder about those "other" 300 million Android smartphones sold every quarter?
Still, this is a very important piece of information that should have been included in the original story.
Personally, I put folk who use third-party app stores in the same class as I put folk who jailbreak their iPhones: they know the risks; they're on their own.
YOU CAN!?!
Crap!
That people then will click through prompts like there is no tomorrow, even warning prompts; yup, they sure do.
In the case of Apple, you cannot, even accidentally, go outside the App store to load something.
Also, supposedly Google is open source, your arguments points to the fact that it is not really (there are many other reasons too)...
And that's why the EU is going to rip their shit up.
Soli: I'm skeptical of your Cydia comparison. (a) What tiny percentage of iPhone users have even hacked ("jailbroken") their phone so that it can use Cydia at all, not to mention actually used Cydia, and (b) What Gooligan-like scourge is currently hitting 1M+ Cydia users?
It reminds me of how for many years running, we keep hearing that macOS is just as vulnerable to infection as Windows, but in the real world that somehow never translates to the same malware festival. (Security-through-obscurity used to be the fallback explanation, but when half the laptops on display at Starbucks have an Apple logo on the back of them, you start to wonder if the security experts know half as much as they pretend to.)
One more point: Isn't Android's openness supposed to be a big selling point, making it superior to the "walled garden" of iOS? If stick-to-Google-Play is the answer, then what happened to Android openness?
To claim it's only at 1 million is ridiculous since a) half the Android devices out there don't have Google Play and b) devices are still being infected. That's like saying there have only been 13 Note 7 fires.
BTW, did anyone bother to read the blog post by Adrian Ludwig? Here's a quote from him:
"We’ve removed apps associated with the Ghost Push family from Google Play. We also removed apps that benefited from installs delivered by Ghost Push to reduce the incentive for this type of abuse in the future."
So so much for this only affecting third party App stores.
So glad all those paid- and/or hatred jerks convinced so many that Apple was evil/failing/not to be trusted. Goog really is eating its own dog food now. All those people mislead by the stigma promulgated against the walled garden of iOS can more thoroughly experience the benefits of a pseudo-open operating system.
And good luck to em!
China of course is a different issue where the government is the primary obstacle and hardly attributable to Google who offers security updates available to even forked versions.
Anyway, bypassing security settings, particularly in the current climate where even official builds from Apple and Google are under increasing attacks, is not all that unlike those jailbreakers who go to Cydia or some other 3rd party iOS-compatible store to get free stuff is it? Should Apple too offer a version of Verify Apps to give them at least some piece of mind to iPhone owners straying outside the garden? If not why not?
As for malware installs from this still going on again I've not seen mention of that anywhere else, but apparently you have? BTW I think you might be misreading the Ludwig quote you posted. It is not saying that Ghost Push was in the Play Store. Google is removing Google Play apps associated with the offending 3rd party apps effortGhost Pust promoted revenue-generating apps in Google Play that the cheats were getting shared revenue from. At least that's how I've seen it explained. The malware itself didn't exist there AFAIK.
Check Point mentioned there were still 13,000 per day.
I have a question for you, a very simple one. Do you think Verify Apps has been installed on 100% of the possibly infected devices? I'm talking about Google Play Services phones, not Android forks or Android phones that ship without GPS.
So in a nutshell 92% of current devices are not vulnerable to an installation of this malware today with Verify Apps active, and nearly all of the remaining 8% could be if they'd turn Verify Apps on.
If you'd like to know more about Verify Apps Android Central has published a number of articles over the past couple of years. Here's one that explains it a bit:
http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits
iOS is not open, Apple has worked since day one to block jailbreaks, the number of jailbreakers is small, and there's no economic benefit at all to the ecosystem. This is a classic strawman argument that you bring up to make it appear that Apple and Google are equivalent. They are not. If anything, Google has made many moves, the Pixel XL being a prime example, to emulate Apple's successful closed system, under the guise of reducing chaos in the Android OS marketplace.
Google, on the other hand, benefits from the nominally "open" Android OS, markets it this way, and even benefits from "forks" in the case of establishing an Android like experience for users who may move up to Android OS products in the future.
Android OS third party app stores, albeit this is an old list;
http://www.airpush.com/understanding-3rd-party-android-app-stores/
"For users who download apps from alternative app stores, there’s the added task of having to enable downloads from these new sites in order to be able to get the apps on your Android device.
In order to do that, a user will need to go into their Settings menu, click on “Security” and then again on “Unknown Sources.” Users should also be aware that malware can sometimes be a problem but, if they download an Android security app first and exercise prudent judgment with the content they procure, malware and related security risks can be greatly mitigated."
This task would require a Jailbreak with iOS.