Android Trojans and Security Concerns

[qat]

I'm sure everyone is aware of the very real privacy and security concerns associated with downloading and installing new applications that aren't verified, so on and so forth. Has anyone else seen that China is a breeding ground for malware for this platform? It'll be in our backyard before you know it.

I'm interested if you guys have more insight into how this stuff works and how it proliferates the phone!

PC Magazine - Article on 'Most Sophisticated' Android Trojan
CNET - Article on SMS Spamming Malware
Gizmodo - First Droid Trojan Found

Share your insight. If you're a phone oriented technical person, don't dumb it down, please.

 

[UrbanBounca]

I posted it the other day, and everyone blew it off. It will become a serious issue, but people can't see the big picture.

 

[Quicksilver7714]

All I have to say is be careful of what you download. When you start downloading apps from third parties, and third party apps, that's when problems start to occurr at higher rates.

Sent from my Droid using DroidForums App.

1.)http://www.droidforums.net/forum/re...-dummies-guide-android-terminoligy-lingo.html
2.)http://www.droidforums.net/forum/rescue-squad-guides/70875-what-you-need-know-about-rooting.html
3.)http://www.droidforums.net/forum/re...08-multiple-phones-root-them-unroot-them.html

 

[qat]

Well, lets start with some of the information that these people can grab from your phone:

• Phone Number
• E-Mail Address
• Installed Applications
• Ring Tones
• Pictures
• Contact's Phone Numbers
• Web Browser History
• Incriminating Text Messages (blackmail)
• Saved Account Passwords (Twitter, Facebook, GMail, Flickr, Tumblr, and anything that's stored in your phone's web browser)
• GPS Tracking of everywhere your phone goes....

They can then sell all of this information to other people to market other products to you. Those pictures of your girlfriend/wife could end up on one of my websites, or if you bring your phone with you to work, there's an opportunity for network infiltration by using your phone as a tunnel to the network....

Nobody cares? Really?

Sorry, call me paranoid pete, but a mobile device that has been hijacked is a much greater concern than a stationary computer to me.

 

[IanG]

I understand you're more concerned about malware and whatnot on your phone rather than your PC but...

There are THOUSANDS and THOUSANDS of malware/spyware programs for your PC where you have pictures/perform banking transactions/make purchases/search personal information, but you don't freak out.

There is like 2-3 malware/spyware programs for your phone and you're crapping bricks.

Just relax IMO, don't be an idiot and download a wallpaper app that has access to *EVERYTHING* on your phone, and you won't have anything to worry about.

 

[vatothe0]

If only you were told what parts of your phone you're giving an app access to before you install it... oh wait, you do.

Don't be a lazy idiot and you won't get malicious software on your phone.

Sent from my DROIDX using Tapatalk

 

[Martin030908]

As others have stated.... there are thousands of threats for you PC but only a handful for Android (and for now they're geographically centralized).... nothing to panic over.

Pay attention to application permissions upon install and be especially alert when installing 3rd party applications.

 

[qat]

This thread was started initially as an awareness thread, but it seems you guys are far more naive than I anticipated, so I will address your points.

If only you were told what parts of your phone you're giving an app access to before you install it... oh wait, you do.

Don't be a lazy idiot and you won't get malicious software on your phone.

Sent from my DROIDX using Tapatalk

I'm not referring simply to apps that have been installed. This malware can be installed drive-by style when you access certain websites, particularly if you're using an alternate internet browser, alternate applications that query data from a remote web server (nearly every android app on your phone), or if your phone is rooted.

This is not as simple as 'Oh, I just won't install apps from untrusted sources'. That's the most risque method of installation, but not the only.

There are THOUSANDS and THOUSANDS of malware/spyware programs for your PC where you have pictures/perform banking transactions/make purchases/search personal information, but you don't freak out.

I run a Linux based OS where malware in general is much less prevalent and logging of inbound/outbound connections is easier and enabled by default. My home network is secured through a router. I don't do banking from home, and I have a bank that is willing to reimburse me for unauthorized transactions.

None of this is the case with a mobile phone.

 

[Martin030908]

'drive by style' apps?

Nothing gets installed without you 'ok'ing it.

 

[qat]

'drive by style' apps?

Nothing gets installed without you 'ok'ing it.

Not 'drive by style apps', Malware installed 'drive by' style, or 'on the fly'. If there's a flaw, memory leak, or other fault in the software you're using, it can be used as a backdoor access to your phone (definitely if your phone has been rooted. Proof of concept examples are out for factory default settings).

Example: Flash Player's LSO's, more commonly referred to as "flash cookies" are currently being installed on Android based phones that have the Flash player installed. Granted, they can be cleared, but there's a long standing history of them being used maliciously, and the only way to clear them is to go to Adobe's page to clear them (https://settings.adobe.com/flashplayer/mobile/).

Again, the point of this thread is to bring awareness to stuff, so that stuff like this doesn't happen:

http://www.net-security.org/secworld.php?id=10160
http://www.infosecurity-magazine.co...lishes-proofofconcept-google-android-malware/ <--Worth reading
http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=225300284 and this one is particular to those of you installing ROMs willy nilly, just because they brag about cool features. I'm sure those of you who are doing this won't be reading this thread, though.

 

[Martin030908]

'drive by style' apps?

Nothing gets installed without you 'ok'ing it.

Not 'drive by style apps', Malware installed 'drive by' style, or 'on the fly'. If there's a flaw, memory leak, or other fault in the software you're using, it can be used as a backdoor access to your phone (definitely if your phone has been rooted. Proof of concept examples are out for factory default settings).

Example: Flash Player's LSO's, more commonly referred to as "flash cookies" are currently being installed on Android based phones that have the Flash player installed. Granted, they can be cleared, but there's a long standing history of them being used maliciously, and the only way to clear them is to go to Adobe's page to clear them (https://settings.adobe.com/flashplayer/mobile/).

Again, the point of this thread is to bring awareness to stuff, so that stuff like this doesn't happen:

Proof-of-concept Android app reveals platform's security bug
Infosecurity (UK) - Security researcher publishes proof-of-concept Google Android malware <--Worth reading

These are issues any machine connected to the internet faces... it's nothing to panic over.

Kaspersky and many other anti-virus providers are aware of the Android market and working hard at creating concern and cause for anti-virus apps. There will always be risks and those who exploit them.

I appreciate the concise explanation from you btw!

 

[qat]

With regards to the Kaspersky comment, I agree, and i've seen quite a few 'security' related applications popping up. I'm glad they're aware, but it's not just them who needs to see this stuff for what it is.

Also, with corporate espionage on the rise (and Government/State level espionage for that matter), a mobile device could be a walking microphone.

I'll leave it there until someone else wants to chime in. I'm not as concerned about the more acquainted user of the Android phone, but the person who thinks they know more about what they're doing than they really do!

I appreciate the concise explanation from you btw!

Sarcasm or legitimate response? If it was legitimate, you're welcome.

 

[Abby Normal]

I appreciate the concise explanation from you btw!

+1..

Thanks....

 

[Martin030908]

With regards to the Kaspersky comment, I agree, and i've seen quite a few 'security' related applications popping up. I'm glad they're aware, but it's not just them who needs to see this stuff for what it is.

Also, with corporate espionage on the rise (and Government/State level espionage for that matter), a mobile device could be a walking microphone.

I'll leave it there until someone else wants to chime in. I'm not as concerned about the more acquainted user of the Android phone, but the person who thinks they know more about what they're doing than they really do!

I appreciate the concise explanation from you btw!

Sarcasm or legitimate response? If it was legitimate, you're welcome.

No sarcasm, was serious. Was clearly written and in a civil manner. People don't have to agree to have a polite conversation

I do agree that now-a-days are cell phones are a connected to every part of our lives... and are basically big microphones/gps trackers.... but that leads into the whole 'big brother' topic and that's another mess in itself :icon_eek:

Also I agree that sometimes we users more familiar with Android forget that their are those new to the platform and should consider the security risks.

 

[czerdrill]

As mentioned, everything from an ipod to a phone to a mainframe server is susceptible to trojans, malware if connected to the internet. Since you run a Linux OS, OP, you should know why we're pretty safe from this stuff. No one should ever claim that Android/Linux is bulletproof because it's not. Nothing is. However, Linux does not work like Windows does. Windows allows third parties to execute software on your computer without your permission. Sounds like a ridiculous security flaw and it is.

Linux doesn't work like that. files from your email or browser can't execute themselves without your permission. unlike windows where you can change the extension of a file to make people think it's not executable, you can't do that in linux either, because linux doesn't depend on file extensions to operate. That's why in linux you can open an empty file in gedit, call it 'bob' with no extension and still view it as text later. in other words, you can't accidentally open malware in linux because you thought it was a picture...

yes, for rooted users the risk is greater, but i would hope that rooted users are a little smarter than to run 3rd party apps without viewing permissions or knowing what the risks are. like i always say, to get a virus, malware on android/linux you pretty much have to want to do it to yourself.

for the non-rooted user, the odds of malware/viruses are virtually nil. permissions are universal in linux (read, write, execute). on top of that, there are three levels of permission (as people who use root explorer know): root, current user and the world. software that can execute and affect across the whole filesystem almost always requires root privileges. so non-rooted users with antivirus apps are pretty much installing an utterly useless piece of software on their phones.

hope this clears some stuff up...