Fake Antivirus Scams Spread To Android 236
SharkLaser writes "Fake antivirus scams have plagued Windows and Mac OS X during the last couple of years. Now it seems like such scams have spread to Android. Fake antivirus scams on Android work the same as they do on PC's — a user with an Android phone downloads an application or visits a website that says that the user's device is infected with malware. It will then show a fake scan of the system and return hard-coded 'positives' and gives the option the option to buy antivirus software that will 'remove' the malware on the affected system. Android, which is based on Linux, has been plagued with malware earlier too. According to McAfee, almost all new mobile malware now targets Android. Android app stores, including the official one from Google, has also been hosting hundreds of trojan applications that send premium rate SMSes on behalf of unsuspecting users."
Antivirus as a sign of failure (Score:5, Insightful)
I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows is the day the platform has failed and missed the whole point of mobile operating systems. The point is to get away from the big mess of the desktop--the constant maintenance, driver updates, antivirus updates, defragmenters, and other utilities. Mobile operating systems are an opportunity to use a computer just to get things done, not to maintain the computer. That's what was so refreshing about the experience of the using the iPad and why it was such a surprise success to everyone including me.
Re: (Score:3)
You can give person freedom, and he may kill himself by being stupid.
You can put the person in a straightacket into a padded room and not be as worried.
Or you can find middle ground rather then painting everything black and white.
Re:Antivirus as a sign of failure (Score:5, Insightful)
I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows...
That day occurred when Outlook would run malicious scripts by default found in received email messages, that had access to the entire OS/hard drive, without any needed user intervention.
For Android, I'm not sure that day has arrived yet, the article is derived from the press release of an antivirus company. Of course, it's going to imply that you absolutely need to buy *their* product (instead of using a little bit of street sense).
Now never mind that Google already has the capability of uninstalling malware from Android that was previously downloaded from their Market (or that you can already download a "Kid Mode" launcher to prevent your kids from installing anything, or just press a button to reset your phone to wipe everything and restore it to its factory settings). Does McAfee think it can act much faster than google in identifying and removing malware? Personally, I doubt that. And never mind that an Android user actually has to locate and tick the checkbox for installing apps from unknown sources (which AT&T doesn't let you do anyway), and then has to accept the permissions to install the application in the first place.
It's not like on the iPhone/iPad where you just need to go to a web page with some jpeg image on it and then your iDevice is magically rooted, and then the iPhone user is free to install any type of malware he wants (McAfee or no McAfee). That's one of the reasons that the McAfee anti-virus software on iOS is even more useless on iOS than on Android, since it can't run in the background and it can't even be scheduled to run at different times. On iOS, it couldn't prevent you from going to a malicious site even if it wanted to.
Re: (Score:2)
http://xkcd.com/463/ [xkcd.com]
Re: (Score:2)
The point is to get away from the big mess of the desktop--the constant maintenance, driver updates, antivirus updates, defragmenters, and other utilities.
i don't get it. hardly anyone does any of those things today. there's no maintenance needed unless its a hardware failure. driver updates happen automatically, antivirus updates happen automatically, defragger runs automatically. this is true for both windows and osx. personally, i find that ios dumbs it down too much, restricting the usefulness of my device. for example, you simply can't use the swype keyboard on an iphone.
Re:Antivirus as a sign of failure (Score:5, Insightful)
(Nevermind that objective-C is an obscure language and Apple just could feasibly review every single line of code. It's not logistically possible.)
Android has a pretty sophisticated security model, compared to anything running the desktop space. Actual root never needs to be given up for a huge range of modifications to the system. There's policy based access so users can see and restricted what apps will have access to. Apps also run in their own userid and can be restricted from accessing the users data. Brilliant stuff.
So if the platform has malware on it, and it's the most secure thing out there in the mainstream... then what is wrong?
Due to it's popularity Android is a juicy target for the malware ecosystem, and like natural ecosystems, it'll adapt to any hardened defenses if there's nourishment to be had. Google was silly to not fully anticipate this.
For now there is no actual need for anti-virus anti-malware tools on Android for most users. But as always, the problem is a user education problem.
Re:Antivirus as a sign of failure (Score:5, Informative)
Damn, man, if you'd bothered to run Linux/FLOSS all this time, you could have just fscking ignored the whole malware situation entirely.
You mean like Android? No matter what the adoption rate of Linux or even OpenBSD, you're still going to have dumb users. When you need 'sudo' to install a new app. That same command can be used to install anything.
Re:Antivirus as a sign of failure (Score:5, Insightful)
Which is why sudo is being replaced by a policy-based system (some users may have package install rights, network configure rights etc.).
Re:Antivirus as a sign of failure (Score:5, Insightful)
Which does absolutely nothing when computers on average have one user.
Re: (Score:2)
Re:Antivirus as a sign of failure (Score:4, Insightful)
Yes. Why didn't Android devs put full thought into having ACLs and the such? I think something like solaris's pfexec! Perfect. I mean the average android phone has probably what, 100, 1,000, 10,000 concurrent users?
Re: (Score:2)
Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Linux thereby isolates applications from each other and from the system.
Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform, and per-URI permissions for granting ad-hoc access to specific pieces of data. Security Architecture
A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc.
Because Android sandboxes applications from each other, applications must explicitly share resources and data. They do this by declaring the permissions they need for additional capabilities not provided by the basic sandbox. Applications statically declare the permissions they require, and the Android system prompts the user for consent at the time the application is installed. Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.
...
At install time, Android gives each package a distinct Linux user ID. The identity remains constant for the duration of the package's life on that device. On a different device, the same package may have a different UID; what matters is that each package has a distinct UID on a given device.
Re: (Score:2)
You realize that sudo can be set up to give granular permissions to different things, right?
Re: (Score:2, Interesting)
Re: (Score:2)
You misunderstood. When a PolicyKit authorization dialog pops up, you give an application the right to configure the network (but no other root rights). So even if there is a virus embedded, it may not be able to do anything because it is locked in according to what it will need for the expected functionality.
Re: (Score:3)
only TWO choices
Only two huh?
COMPLETE control
Must be complete huh? Partial control isn't possible?
I'm afraid you're is the fallacious argument of "false dilemma"
Sorry but Linux isn't a magical woobie that keeps nasty old viruses away, its an OS just like any other and TFA proves that given enough users it WILL get pwned just like any other OS. We are talking millions of lines of code folks, and guys that make serious bank when they find a flaw in that code, this really shouldn't be surprising to anyone but the same type that thought because Apple "thought different" they were immune to all bugs too. We have a term for that, its called "magical thinking" and while its made several companies rich with sales pitches like "Just use (insert product) and never have to worry about security again!" IRL it simply doesn't work. there is no magical OS, no magical pill, that will make all flaws disappear and give all users degrees in Internet Security.
Strange then that OSX has less viruses after 11 years than Android has after 3. And iOS doesn't have any.
Re:Antivirus as a sign of failure (Score:4, Informative)
When you need 'sudo' to install a new app.
You don't. There have been GUI application installers on Linux for over a decade.
sudo, gksudo, what is difference? (Score:2)
Re: (Score:2)
Re: (Score:2)
Those installers all need root privileges, so sudo is there one way or the other. The thing about android isn't the privileges issue. In order to install something off the web you need to allow it in the settings. No the issue is that people trust android market place. Hell if you can't trust it what is the point of using it. Google needs to do a better job of vetting apps. That coming from me.. a loyal googlite.. all praise be to the mystic goog who knows all and is all...
Re: (Score:2)
As far as I know, the vast majority of these "malware apps" are found on random external sites, most of which are supposedly based in China (or at least targeting Chinese users). Certainly, if McAfee is reporting that they have found tens of thousands of these malware apps, then these aren't apps which were available on the official Android Market. The malware that has been found on the official Android Market is in the scale of tens of apps, not thousands.
Re: (Score:2)
Yes, called, if I remember correctly, "gkSUDO".
Re: (Score:2)
Re: (Score:3)
Speaking of classy ... how do you feel about niggers?
I'm sorry, but your version of reality hasn't been supported since about half way through the 19th century. You need to upgrade to civilized-stable to expect continued support.
So, what do you think about goldfish?
Re: (Score:2)
So, what do you think about goldfish?
I think they're smarter than niggers.
Stupid, stupid, stupid, ...
What is your major malfunction? How may we help?
Re:Antivirus as a sign of failure (Score:5, Funny)
"Apple iBaulbes"...check.
"fscking"...check.
"Linux/FLOSS"...check.
"Jeebus"...check.
Ayn Rand quote in sig...check.
Are you some kind of Linux stereotype character actor?
Re: (Score:3)
I'm pretty sure you won't find a lot of Ayn Rand fans among Linux users who have graduated.
Re: (Score:2)
No, a BSc in CS does not count.
Re: (Score:2)
"Apple iBaulbes"...check.
"fscking"...check.
"Linux/FLOSS"...check.
"Jeebus"...check.
Ayn Rand quote in sig...check.
Are you some kind of Linux stereotype character actor?
I wish.
Re:Antivirus as a sign of failure (Score:4, Insightful)
Two decades ago, you had to edit XF86Config just to get your scroll wheel working, and you could fry your monitor if you entered the wrong clock rats. Linux on the desktop has been a disaster up until just a few years ago, and it still has yet to catch up to the big boys. It's a server/embedded OS. There's nothing wrong with that!
Also, /facepalm at the downmods of the OP.
Re: (Score:2)
I try as a rule never to enter clock rats, regardless of whether they are the right ones or the wrong ones..
Re: (Score:2)
Re: (Score:3)
Why does Linux need to "catch up to the big boys"?
I'm surprised to see this point of view infect so many Slashdot users: The only thing that can possibly validate any tool you use is that a large percentage of the world has to use the exact same tool. Gibson and Fender are the two of the largest, best-known guitar manufacturers on the planet. If I have guitar hand-built by the finest luthier in East of the Mississippi, should I feel bad because my guitar wa
Re: (Score:2)
I have guitar hand-built by the finest luthier in East of the Mississippi
But... does that run Linux?
Re: (Score:3)
It's a handheld guitar, it runs Android.
Re: (Score:2)
I'm surprised to see this point of view infect so many Slashdot users: The only thing that can possibly validate any tool you use is that a large percentage of the world has to use the exact same tool. Gibson and Fender are the two of the largest, best-known guitar manufacturers on the planet. If I have guitar hand-built by the finest luthier in East of the Mississippi, should I feel bad because my guitar was not made by one of the "big boys"?
In case you haven't noticed video gamers and PC enthusiasts are some of the biggest brand whores in the world. They're also the most ignorant and see everything in black and white.
Re: (Score:2)
Two decades ago? I vividly remember having to do that as recently as 10 years ago!
Re: (Score:2)
Re: (Score:2)
Damn, man, if you'd bothered to run Linux/FLOSS all this time, you could have just fscking ignored the whole malware situation entirely, as I've been able to FOR THE LAST TWO DECADES!
What operating system do you think Android is running on?
My guess would be Android. If you mean what kernel do you think Android is running on, I would say the Linux kernel.
Walled gardens.. (Score:4, Interesting)
Re:Walled gardens.. (Score:4, Insightful)
I hate a fucking walled garden as much as the next guy, but this type of shit is why users will stay with one. Not that a walled garden can't be hijacked, hacked, or otherwise messed with, but by and large it is a cleaner place to be. It is a win-win, both or users who can't, won't, or are too dumb to be bothered with learning a little software/hardware safety, and with corporations who thrive on control and stifling competition.
You can have a "walled garden" for users (some Android companies have their Appstores), yet still allow people to leave on their own risk. It's not mutually exclusive.
For instance you can install packages from repos in Linux, yet you can also download and install source packages with {./configure&&make&&make install;} if you don't mind the risk of screwing up your system. There is no need to lock out users from their phones.
Maybe you didn't mean "walled gardens" but cared-for repos anyway.
Walls go two ways (Score:2)
You can have a "walled garden" for users (some Android companies have their Appstores), yet still allow people to leave on their own risk.
If anyone can step over it, it's not a wall.
You seem to imply that any Android app store is a walled garden. An App Store is not what makes a wall, the wall is not only what lets applications into a collection of apps but the reach they have beyond once they get in.
Curated collections alone are not enough, you need to also have many layers of system security to bring any
Re: (Score:2)
I hate a ... walled garden as much as the next guy...
I really wish that the "walled garden" metaphor would die.
A walled garden, in the horticultural sense, provides no restriction to the freedoms of those wishing to enjoy it. It merely protects the garden from the elements. Is that really what you had in mind?
I know that the phrase is being widely misused in technology circles, but we can rise above that, can't we?
Re: (Score:2)
The kilo, mega, giga etc terms have been misused for decades by the tech industry to (usually) mean 2^10, 2^20 etc instead of 10^3, 10^6, etc. Marketing only recently started reversing this to "correct" base-10 usage, as a means of delivering less capacity than technical people expect from hard drives and other storage systems.
Good luck getting tech people to use "walled garden" correctly.
Re: (Score:3)
I'm a total noob to android (happily on Republic Wireless for like 8 days now) but even I know that on the market page, the requested permissions will be whacked out (like why would Uno need access to send SMS messages?). The other thing on the market page, unless you're the lucky first user, is you'll have low reviews and comments complaining about how the app is a SMS spam sender etc etc.
Re:Walled gardens.. (Score:5, Informative)
So how does one know? All of this pontificating about dumb or lazy users doesn't really help. How do I distinguish a download of Uno, for example, that has embedded malware from one that doesn't?
One word: permissions. When you install an app on Android, you will be prompted with the permissions the app is requesting, and asked if you want to install it. You, the user, have a very good breakdown of exactly what an app can do before it gets installed. And for sending SMSes, it's extremely clear -- the permission is described first as "Services that cost you money" and will then list that it can send SMS messages. It should be obvious that Uno has no need to be sending SMSes on your behalf.
So anyone who gets burnt by these schemes would have to (a) search for a dodgy "free" version of a popular paid app and (b) install it even when there was a warning that it was going to potentially send costly SMSes. I know there are suckers born every minute, but you'd have to be a really, really cheap and stupid one to get hit by this.
Of course, potentially Google should have predicted this and included an "Allow always/allow once/reject" prompt the first time a third-party app attempts to make a phone call or send an SMS. It's probably not a bad idea ...
Re: (Score:2)
So, you believe it's better to just give your private data away to a company with a walled garden than risking having it stolen due to your own stupidity?
You can be safely enveloped in the hands of a walled garden. Just don't don't insist that the majority of us who want to make our own decisions be forced to do be part of that gated community.
Re:Walled gardens.. (Score:4, Insightful)
You aren't putting your data at risk, unless you are sharing your android phone with some idiot. The user that is smart enough to download from sources he trusts, check the reviews, watch for unnecessary permissions etc... is not at risk from these scams.
So, I can either just click a link on the iOS App Store and KNOW all that stuff has already been done for me, or waste two hours scouring the internet just to figure out whether some stupid egg timer app is going to sell my soul to the Ukraine right?
I don't know about you; but my time is worth a lot more than that.
The curated collection approach is not perfect; but it sure seems to work out quite well in the real world, where the rest of us live...
Which I believe anyone who is not completely delusional would agree has not been the case so much for the Android "Wild West" approach. Note, for example, that Apple has never had to exercise its "Kill Switch" option for an App already in the Wild; whereas Google has had to do so on several occasions.
Re:Walled gardens.. (Score:5, Informative)
the iOS App Store and KNOW all that stuff has already been done for me
Malicious app penetrates iTunes store to test security [bbc.co.uk] Miller's malware was on the Apple app store for over 2 months, so clearly the Apple store is vulnerable to the same sort of shenanigans as the Android market.
Apple has never had to exercise its "Kill Switch" option for an App already in the Wild
From the BBC article: "Apple declined to comment. It also removed the app and barred the developer from its store."
The exception that proves the rule (Score:2)
Are you familiar with that expression?
Re: (Score:2)
No "kill switch". You know, when Amazon decided to remove 1984 from everyone's devices. Or when Google force-uninstalled all those malware apps 2 or 3 times now.
All Apple's done is removed an app from the App Store. If you bought the app, you can still use it and it's probably still in your iTunes library so
Re: (Score:2)
So, I can either just click a link on the iOS App Store and KNOW all that stuff has already been done for me, or waste two hours scouring the internet just to figure out whether some stupid egg timer app is going to sell my soul to the Ukraine right?
No, you spend two seconds looking at the permissions requested by the app you're installing. If you're installing something that sends SMSes to the Ukraine, then you'll be clearly warned about it before you install it. If you are truly unable to assess whether an app is requesting appropriate permissions, then you're probably better off with a curated/walled-garden approach; but most of us are more sensible than this.
Re: (Score:3)
All the developer has to do to get around this is to add "The app is also able to sync with other phones using SMS" to the description. Then the careful user compares the permission list with the description and accepts it.
No, the careful user asks him/herself, "why on earth does an app need SMS capability to sync? I don't want to install software that sends out SMSes!" and doesn't install the app.
The stupid user, OTOH, goes right ahead and installs it. The question is, how much should we be protecting people from themselves?
Re: (Score:2)
If one of the apps decided to copy your contact list and upload it, nobody would be the wiser because there is no way to monitor/protect your device unless you JB it, and with 5.x, JB-ing is a pain in the ass.
The argument is that with curation from Apple, any app that seeks to do this will be found out and not allowed on the App Store. I'd still feel a lot safer if I could see what permissions each app was requesting, though -- there may be things that Apple feels OK with that I don't feel OK with. At least Android will tell you if a device wants to access your contacts.
Re: (Score:2)
I don't.
Oh, so you DO use iOS after all? ;-)
Too open for its own good (Score:2)
The reason iOS devices don't need anti-malware solutions is because all of the programs that run on that platform are from a secure and curated Apple App Store. Google's "anybody can open an app store" policy means Google can't killbit programs it doesn't like, while Apple can killbit anything it wants even after the fact. Bait-and-switch programs only exist on platforms where there's no control in what can be published.
Re: (Score:2, Insightful)
The reason iOS devices don't need anti-malware solutions is because all of the programs that run on that platform are from a secure and curated Apple App Store.
You know, we can make all computer systems secure by forcing people to only get software that has been screened by the government. And we can eliminate all sources of terrorist communication by forcing all telephone calls, email, letters, etc, to go through government "approval" censors. And we can eliminate fraud in the banking system by only allowing transactions that are pre-approved by the government. And we can improve car safety by only allowing people to buy cars supplied by the government.
And I woul
Actually, no. (Score:2)
You know, we can make all computer systems secure by forcing people to only get software that has been screened by the government.
You mean like an App TSA?
Yeah THAT would sure be a great idea.
No, the reason why Apple's security works is not JUST the app screening. It's defense in depth - app screening, sandboxing (prevention of hidden SMS), disallowing externally loaded apps without jailbreaking.
Also the real reason the screening does anything at all is not because Apple is so great at screening for secur
Re: (Score:2)
You could certainly do this with iOS - just have a webpage with the fake scanner and the false positives and then an offer to clean it off - from the web, no app to download! What could be simpler?
Re:Too open for its own good (Score:4, Insightful)
Yeah, but where would the fake webpage buy its traffic from? Apple controls in-app ads, and Google censors its search ads all the time. A fake antivirus website that nobody visits is not a problem at all.
How would that work? (Score:2)
So, wait... If my "scam" website uses referrer headers to target iOS instead of Android browsers, then all of a sudden Android is the secure one right?
No, because even if you target iOS what will happen? Exactly nothing, because your virus-laden app is not in the app store.
Android has a lot more avenues of attack, including real applications - and many users who have purposefully allowed external downloads (even the Amazon market tells you to disable that block).
Re:Too open for its own good (Score:5, Insightful)
Walled Gardens are the TSA Security Theater of the mobile space (coming soon to a PC near you!)
Not hardly.
When you talk about the TSA, there are literally hundreds of examples of the TSA not catching "banned items". WIth the iOS App Store, there have been what, one or two completely benign "breaches" in three years?
Hardly a fair comparison.
And, when compared with the track record of Android, even in the supposed "official" Android App Store, you would be bat-shit crazy to seriously suggest that Apple's curating of the App Store is "theater".
Oh great (Score:2)
I am currently helping a family friend who's windows 7 laptop is loaded with cruft. He used my wifi a few months ago and I noticed it was exchanging UDP packets with various ADSL lines around the world. I advised him to reinstall it then but he pointed to all the shields on IE and insisted that they meant it was secure. So now his web browsers refuse to work at all. He doesn't have his installation disk here. It has to be sent from Malaysia. I hope his family are sending him the actual disk which came with
Wrong, not with "phones and tablets" (Score:2)
The implication of this article is that the same mess is going to start happening with phones and tablets,
No.
The implication is this IS happening on Android phones and tablets. not just any "phones and tablets". WP7 and IOS both have enough controls in place that average users will not be affected much at all by viruses, for all sorts of reasons.
Android has made it too easy for average non-technical users to download apps from anywhere, for those apps to fundamentally change the system in ways the user ma
Key is "not derivative" (Score:3)
Wait, so are you saying that a Windows derivative is more secure then a Linux derivative?
No. The key is that WP7 is a green-field effort (or near to it). That's why it's actually pretty secure and well designed unlike so many other Microsoft products...
Linux is inherently pretty secure. The underlying system in Android is pretty secure, but then they built layers of services atop that that are too easily accessed by other applications (like SMS).
You can build an insecure system on top of anything... th
McAfee (Score:3)
Re: (Score:3)
The only reference to McAfee in TFS is this: "According to McAfee, almost all new mobile malware now targets Android." It also contains the only link o a FA that mentions McAfee.
Thus I deduce that in you opinion, the fact that McAfee made such an assertion is a classless act. That means that you think that McAfee is either lying or bending the truth to suit them best. Or, in other words, you have data than contradicts the last graph of TFA [techcrunch.com] (i.e., the bar plot showing the distribution of malware among mobile [wordpress.com]
According to McAfee.... (Score:2)
Wonder what next week's spin... (Score:2)
Still going on (Score:5, Insightful)
Android = Linux = Malware
Users are stupid whatever OS/Hardware they use, they will click on shit like this just because it pops up and they've never bothered to educate themselves about what it really means.
Its called marketing (Score:2)
And is quite effective.
Re:Still going on (Score:4, Insightful)
And that's why "walled gardens" are safer for the vast majority of users.
Re: (Score:2)
Re: (Score:2)
And where would they get the free software? I know... how about a central repository that contains a large searchable selection of software?
Any application platform where the users are expected to audit the software has failed on a fundamental level. It's like a car company that expects their customers to mill their own replacement parts. Yes, technically possible and some people have the skills, but it has missed the point so completely that it's not even wrong.
Re: (Score:2)
Wrong, these sites aren't "walled" in any way. Get an account, upload software. No validation of the account owner or the software.
Re:Still going on (Score:5, Insightful)
... they will click on shit like this just because it pops up and they've never bothered to educate themselves...
We have decades of observed behavior showing that users will not "educate themselves". As such, any consumer-facing system that requires users to "educate themselves" is de facto broken and, frankly, poorly designed.
Bad Statistics (Score:3)
"Number of new fake malware" is not that same as "number of malware infections". With the right tool you can generate an infinite number of malware variants. The statistic from McAfee includes every single individual file that contains some malware - this is like saying that, for an old school virus that infects .exe files on Windows, that every single infection counts as a different "unique malware instance". And if one of these is uploaded to an app store - even an app store that nobody uses, even for a "unique malware instance" that nobody ever installs - then it gets counted by McAfee. The equivalent in the iPhone world would be counting all malware in every random Cydia repository on the web. Obviously there is a big difference between a random repository on the web, and something being distributed by the official repository.
What would actually be useful is to know the number of malware instances that have made it on to app stores that people actually use (eg the official one), how many people installed them, and how long it was before the app was removed. But obviously this number would be much lower, and so generate far fewer page hits.
Re: (Score:2)
What would actually be useful is to know the number of malware instances that have made it on to app stores that people actually use (eg the official one), how many people installed them, and how long it was before the app was removed. But obviously this number would be much lower, and so generate far fewer page hits.
So, wait... the supposed major benefit of Android over iOS, that you can go outside the main app store, is something that no one actually uses?
Or is this just true when its negative features are brought into the spotlight?
Re: (Score:2)
Re: (Score:2)
What if I don't want to pay for shit?
There are Android phones on all the carriers here too, along with iPhones - the ones that are as good as iPhones (and don;t get me wrong, there are some excellent Android handsets) cost about the same, but if you want to tout the really horrible Android handsets that cost a lot less because they're just shoddy and awful (and I've seen a fair few of them - my housemate owns one and curses it daily), then go right ahead. I personally think those really shitty Android hands
Re: (Score:2)
the supposed major benefit of Android over iOS, that you can go outside the main app store, is something that no one actually uses?
Power users (read "geeks") use it. Most of them will be using internal corporate repository, development repo, or some other trusted source like the Amazon app store. As far as I can see, the majority of "normal" users have no desire for any of those things, they mostly just want to run Facebook, Ebay, and Angry Birds, so all they need is the official app store. There may be some significant exceptions though: apps which aren't allowed on the official app store (like N64 emulators), and pirated apps; both o
Re: (Score:2)
The negative feature of being free to choose to install whatever software I choose on a device that I own? Yes, with freedom comes risk, but I would rather be free to make a mistake than not.
Og absolutely - I have no issue with that position, my point was that this freedom is touted as a major benefit of Android (it is), but then as soon as any negative aspect of it is brought up - like this malware situation - suddenly the argument is "oh, well no one uses the non-official marketplace stores" - you can't have your cake and eat it, either people use them to great effect, or they're hardly a major benefit of the platform. If it's only a niche benefit in use by a tiny minority of users, then why
Re: (Score:2)
The installed point is a good one.
All Android phones I've heard of has the "Unknown Sources" option disabled by default which will block people from using their non-official app store or simply installing the apk. There are good reasons to uncheck this option, but I'm willing to bet that most commonly the people who do uncheck these are also the kind of power users who don't fall for malware which relies on the stupidity of users.
I don't see this malware spreading too quickly unless it finds its way into an
"A sign that Android has arrived?" (Score:3)
Nah, not really... but I couldn't think of a better title.
Put something nice in the hands of the ignorant, and they will muck them up. It's what they always do. What's more, you let the greedy carriers and manufacturers decide when and how you can get updates and fixes, you'll find they won't be coming to your rescue.
I hate to say it since I'm an Android user myself, but these things have the advantages of a PC in that you can get any software you want onto these things. But they have an incredible weakness in that users can't casually "reload" the machine to clean them up.
I think it's time Android makers came up with a way for users to wipe and reload their devices as an alternative to processor and battery sucking anti-malware. We know they won't though... that'd open the doors to an even more fiendish group of people -- the firmware hackers!! If they leave things unlocked too much, they will lose a few bucks from people removing the bloatware from their phones and enabling features the carriers were careful to disable.
Re: (Score:2)
Re: (Score:2)
Malware authors are going after the low hanging fruit. The big money has been iPhone users for several years, but no bona fide malware has managed to monetize them successfully so far.
Re: (Score:2)
You know you can factory reset android from right in the system settings, which will leave your data on the internal sdcard, but wipe all apps and settings? Then you just re-add your google account, which pulls back in contacts, calendar and email, then reinstall your wanted apps via the market.
There are backup apps to shorten this process if you're in the habit of flashing new custom roms, but it's still pretty quick even without them.
If they leave things unlocked too much, they will lose a few bucks from
How to Spot the Malware (Score:2)
lucky for me three of my android devices use wifi and 3g indirectly, but it seems the premium sms trojans are wrappers for popular paid applications.
So by applying a bit of common sense they are easy to avoid. For example Angrybirds is made and sold by Rovio so anyone selling Angrybirds who isn't Rovio is almost certainly untrustworthy and probably a good reason to flag the seller to Google.
cut the rope is by ZeptoLab and not by Lagostrod or Miriada so it's obvious the later two stink.
you can never be 100%
the weekly A/V scam (Score:5, Interesting)
Get a real anti-virus app (Score:2)
Get a real anti-virus app for Android like Lookout, and it won't ever happen to you.
Re: (Score:2)
Fortunately we aren't to that point yet. With Android you can still be ok if you're a little careful.
Lookout is malware (Score:2)
It doesn't actually do anything that reading permissions when you install apps won't do better. Except drain your battery.
Re:Couple of years? (Score:5, Informative)
McAfee should know, it's one of them too.
Their free trial virus scanner does the same thing, it's just slightly more subtle about it. I appreciate the fact that it helps clean up cookies, and I hate ad-network cookies as much as the next guy, but labeling each ad-network cookie as a separate infection is only designed to oversell what it does, and alarm non-technical users into ponying up more money for their over-priced software.
And eventually, their software behaves just like most malware anyway. It nags you every year for you to pay to resubscribe. It continually runs in the background slowing down your computer in everything it tries to do. And it ends up stealing a good portion of screen real estate away from a non-sophisticated user, who usually doesn't know how to remove it from his/her internet browser.
Not to mention that on a mobile device, it will also suck the battery dry.
Re: (Score:3)
I appreciate the fact that it helps clean up cookies, and I hate ad-network cookies as much as the next guy
That's a job better performed by tools like Adblock Plus, a comprehensive /etc/hosts (or equiv.) file, various cookie management add-ons (or your browser's blocklist), session cookies only, and other measures that target the actual issue. That is much more effective and makes a great deal more sense than using a virus scanner for something that is not a virus.
Re: (Score:2)
I browse the web a lot with it. But I feel eventually there will be buffer overflow, flash, various vector attacks, that will compromise my phone.
It seems Andriod's java api is very very limited to internals which is bad as you can't make a shield like you can in Windows. Anyone have a suggestion?
Buy an iPhone.
There. I said it. But I doubt you'll listen...
Re: (Score:2)
Obvious troll, but for anyone else: yes it will work just fine on tmobile g3, as mine was for the first year before switching to at&t.
PS if you are not willing to pay for a phone, you won't be able to get an android for $0 or less either.
The Real Bitch (Score:2)
Are you gonna buy it for me, bitch?
With contract the iPhone costs no more than an Android phone.
How much is he going to spend on AntiVirus...
Apple Haters complaining about Apple prices are 20 2008.
Re: (Score:2)
Are you sure you want anti-virus when the issue is about trojans? Maybe just be smart about what apps you download by making sure the place you get them from checks them first to be sure they are not Malware?
Virus [wikipedia.org] != Malware [wikipedia.org] (bearing Trojans [wikipedia.org])
Re: (Score:2)
my main computer is running Leopard (4GB with SSD, XP is there just for old games). *never* used any kind of antimalware on either iOS, 9.x or OS X.
That you know of.
I run an educational network where people are allowed to bring their own laptops, and there is free wireless available to all participants. I have the occasional Windows user come in and complain about the latest Antivirus 20xx slamming his or her screen with popups, but just as frequently I see notifications of some Mac user who has a botted laptop. They're usually not aware, and aside from a slight slowness there is no perceptible effect to the user.
Re: (Score:2)