Posted on 07/05/2010 4:02:59 PM PDT by o2bfree
SMobile System's Global Threat Center (http://threatcenter.smobilesystems.com/) has performed an in-depth analysis of over 48,000 applications currently available on the Android market and discovered the following threats:
Dozens of applications have the identical type of access to sensitive information as known spyware
2 percent of market submissions can allow an application to send unknown premium SMS messages without user intervention.
(Excerpt) Read more at prnewswire.com ...
Analysis is a hard word to get past with out thinking who are they and who do they work when they talk about any product.
I’ve installed virus protection. Is that the same?
ping
And their conclusions are so rock-solid and scientific that they release them on PRNewsWire, where ANYONE can release ANYTHING for absolutely FREE?
Color me shocked...;)
Actually all the online stores are a huge target. The more freedom you give developers to put their stuff out there the more chances of getting same black hats to scam.
I kind of like the wide-open market and buyer beware. If everyone knew it was a dangerours place other 3rd parties would come along and vouche for the software (kind of like we have on PCs).
Don’t dumb down the experience and options instead open them up and just warn the heck out of us not to just trust everyone.
Android does not have a problem.
https://supportforums.motorola.com/thread/30432
I am surprised how vocal some individuals are about the topic of security... anyway here’s an interesting link. Norton AV is now available for the Android platform.
I have a Nexus One and, among other reasons, bought it because there is no authority that says what can and can't be installed on my phone. But I know that with that comes increased responsibility on me to pay attention to what the app I'm installing actually does. Its a trade off I myself am comfortable with. Just tonight I declined to install an app because I wasn't comfortable with the level of access it said it needed.
That said, Android may not "have a problem" but there really is nothing to prevent a rogue developer from uploading an app that does significant damage to the user's data.
It is true that you use apps at your own risk, even though they don't put them on the store until screened and checked.
But that is not what happened to Apple. Someone hacked the Itunes account info and directed a whole bunch of app sales to one developer without the Itune owners knowledge.
You give those applications permission to access those things when you install them.
Unfortunately beyond that you don’t always know how the information will be used. Does “access your contact list” mean it will use that to do something you’d like, or does it mean all your friends’ information is getting sold to spammers and ID thieves? You don’t know.
At least with the Apple Store programs have to abide by the privacy policy or they won’t be approved.
Professional thread hijacker on the loose!
This thread was meant to cover Google Android. Care to address the actual subject of the thread:-)
Why not tell us about the rootkit viruses that have been written for Android? I’ve read a few blog entries about this topic... will post a link tomorrow.
Hey, feel free. Because the users of Android can actually write their own security patches as the need arises - much like the Linux community in general. That’s the strength of having an open OS and ecosystem, and not locking everything down.
But I just wanted you to be aware that you can get the same coverage for your iPhone, too...;)
A realtime AV solution would be pretty much impossible on the iPhone without it coming from Apple, with the way the SDK works. Unless it was a jailbreak app.
A rootkit is not a virus. A rootkit is designed to give root access to an undetected user. BUT, there is more to it than just a rootkit. To use it maliciously, one would have to find a way to install it undetected or trick a user into installing it.
AFIAK, Some researchers made what they called a rootkit for Android, just as has been done for iOS. It’s basically a kernel module that gives a root shell to a remote user when installed. What they haven’t done is give a way to install it. That’s not to say that there isn’t one, but nothing is publicly available. Same deal with the iPhone.
To give some idea, do you know how it takes the iPhone Dev guys like 12 hours to get a jailbreak kit out for a new version of iOS? Well, they’re rooting (gaining root access through a vulnerability) the phone when they do that. Making a rootkit would be trivial at that point, but they’re using their access point to give us all jailbreaky goodness instead.
What the paper describes is something any Android app can do. Actually, that's what this article is about. But Android doesn't even have someone doing any vetting of applications in advance, zero chance for something to get caught before millions of people download it.
The Android user base and community understand they are vulnerable, and you use your phone accordingly, with the understanding that bad things can happen.
Apple has so preached their "invulnerable" nature to the world that a good chunk of their user base has become complacent and bought into the entire marketing campaign and refuse to acknowledge it can ever happen. And thus they have a much LOWER personal set of checks to protect themselves.
After all, if it's in the App Store it's AOK, right? Can't do any harm because Apple's already vetted it...
Because here's the reality: malware apps have made it into the App store, only to get yanked subsequently. Meaning users would blindly download those apps, feeling invulnerable, and there goes all their private data (the real value in your phone). How many more spyware/malware apps are in the App Store right now? Sure, the Mac fanatics will claim "it's only happened once!", but if it's happened once, who's to say it has not happened again - that there aren't hundreds of such apps in the App store right now? Can you guarantee it?
That's the big difference. Android and Windows doesn't claim to be invulnerable, doesn't put up that marketing campaign of "impossible to breach"; Apple does. And now when malware makes it into each ecosystem, Apple no longer has that last bit of defense - a suspicious user - to protect them.
BIG difference.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.