Mother Of All Android Malware Has Arrived: Roots Phone, Steals Data, Opens Backdoor.

I think that people that take the "Anyone who downloaded that app deserves it", is being a bit arrogant and naive.

The technology is there, and while the apps it has infected so far do seem for the most part to be pretty ghey, the fact is that they could put that code in any number of other apps, that you might in fact download and install.

I not gotten a virus in Windows in decades, but that is because I run a virus scanner and I pay attention to what I install. So despite all the terabytes of music, videos and pr0n over the years, I have not gotten hit.

But on a phone, where you are getting tons of apps from a Market, that is run by Google, there is an assumption of safety there. We know that there isn't really, but Google doesn't really make that widely known to the average user.

If they put up a large disclaimer on the phone that said, "We don't check any of these apps for security. They could be riddled with virii and steal your bank account information. Enjoy"... People would be very cautious about using Android.

We all want the freedom that Android offers and don't want to be locked down in a Nanny-State like the iPhone, but at the same time, does it make sense to go to the extreme that there is no protection or safeguards, other than researching everything and trusting ultimately to blind luck?

No. I think that Google could easily find some middle ground. Don't limit hardware, don't limit apps, but at least scan them with some hefty malware software before they can be published?

That is doable. If my phone can run Lookout and scan my system, Google could set up a few servers running a much more robust scanner that examines all the apps being submitted and updated to their market.

Because right now, it is like going to a Walmart that can sell you anything you want. But none of the products have been inspected for safety, the food is not guaranteed to not be contaminated, and there are no warranties of any kind. But hey, you have lots of choices, right? So it's ok?

Not really.

Google needs to step up and nip this in the bud or Apple is going to have a field day with it. Give it a couple weeks for the commercials to start hitting TV. LOL
 
Mac vs PC commercials all over again :(

Support Our Troops!!
This post was Tapatalk approved.
 
Mac vs PC commercials all over again :(

Support Our Troops!!
This post was Tapatalk approved.

And they will have facts supporting them, and prove quite effective. We can debate the reasons why Android has this issue and the iPhone does not all day long, but to the average user and the market at large, its irrelevant.

Android is nowhere near as secure as Apple. And lots of people that are less techie have probably gotten slammed with virii on their computers and know what a hassle it can be, and the last thing that they will want is to have to deal with that on their phones...

If I was Apple, I would be shooting the commercials and buying air-time as we speak.
 
Watch the publisher. I only download programs from the actual publisher that is known to have created them. I also read reviews, and I won't download an app that is well known yet only has a few reviews.
 
If I was Apple, I would be shooting the commercials and buying air-time as we speak.

I am betting money that is going on right now...
 
If I was Apple, I would be shooting the commercials and buying air-time as we speak.

I am betting money that is going on right now...

And rightfully so.

Google does not have to be as restrictive as Apple. They do not need to weed out features that Apple feels customers should not get, probably because they want to release that feature in their next upgrade, etc... They don't need to charge $600 for an SDK.

They could keep the Market open, but just scan the apps for malware and remove any that have it.

Make malicious code the only filter or screening criteria, and you will have the benefit of an open platform, but the security more like Apple.

Best of both worlds.
 
They don't need to charge $600 for an SDK.

They could keep the Market open, but just scan the apps for malware and remove any that have it.

Devil's advocate here, but what do you think the larger fee pays for? It pays for a support staff to review the code -- and that's what has to happen here -- and approve that it meets standards. A "scan" would only work if you had a signature for the malicious code. It wouldn't catch something new that was added unless it was actually vetted by an individual.

The other thing to consider is that a larger fee by itself is a barrier to entry. That's not entirely a bad thing if you are trying to promote the very best quality products.

I think the ideal scenario would be to have a Market similar to the iPhone and then an ALTERNATE WAY to get apps onto your phone from developers who don't want to use the Market or pay the fees.

Provided that there is ANOTHER WAY to get Apps onto your phone other than the Market, there is no reason for Google not to have really rigorous and high barriers of entry for their Market.

Under that scenario, the Android Market is safe, secure and the Apps you download actually work as advertised because they have been tested. And if you want to get some other App, you have that choice as well -- but buyer beware -- you are buying outside the Market.
 
I like the market the way it is. If it's bad & is reported it gets removed.
 
I like the market the way it is. If it's bad & is reported it gets removed.
Removed after 50,000 to 200,000 people have downloaded infected software. But hey, it was just "Brittany Spears Moans" so they deserved it.
 
They don't need to charge $600 for an SDK.

They could keep the Market open, but just scan the apps for malware and remove any that have it.

Devil's advocate here, but what do you think the larger fee pays for? It pays for a support staff to review the code -- and that's what has to happen here -- and approve that it meets standards. A "scan" would only work if you had a signature for the malicious code. It wouldn't catch something new that was added unless it was actually vetted by an individual.

The other thing to consider is that a larger fee by itself is a barrier to entry. That's not entirely a bad thing if you are trying to promote the very best quality products.

I think the ideal scenario would be to have a Market similar to the iPhone and then an ALTERNATE WAY to get apps onto your phone from developers who don't want to use the Market or pay the fees.

Provided that there is ANOTHER WAY to get Apps onto your phone other than the Market, there is no reason for Google not to have really rigorous and high barriers of entry for their Market.

Under that scenario, the Android Market is safe, secure and the Apps you download actually work as advertised because they have been tested. And if you want to get some other App, you have that choice as well -- but buyer beware -- you are buying outside the Market.

Apple doesn't look at the source code. They just make sure the app appears to meet all of their TOS requirements after installing it and ones that violate the TOS have still made it into the App Store. If the app had a timed payload Apple wouldn't have a clue.
 
Apple doesn't look at the source code. They just make sure the app appears to meet all of their TOS requirements after installing it and ones that violate the TOS have still made it into the App Store. If the app had a timed payload Apple wouldn't have a clue.
Apple may not, but other certification programs for other platforms do have code review as part of the certification process.

The main point I'm making is that rigorous certification requirements and expensive fees is not an entirely BAD thing for the "official" Marketplace.

To be honest, you could actually do this within the existing Marketplace by simply adding a "Google Certified" layer. That way, users could just check for the certification if they wanted to be assured it was a verified product.

Until something along these lines is added to the Marketplace, you are always going to have people running to the Apple platform and claiming the reason is "quality and security".
 
Apple doesn't look at the source code. They just make sure the app appears to meet all of their TOS requirements after installing it and ones that violate the TOS have still made it into the App Store. If the app had a timed payload Apple wouldn't have a clue.

I attempted to get into a conversation about that with a phanboy. Oh the LOL's that followed. Nonetheless no system is perfect. In my own industry with various languages that I love there is a sizable population that believes that the code is so secure that nothing could happen...funny how a little while later they come back crying how it was hacked.

Personally I realize anything outside the market is fair game but I would like to have every submitted app scanned weekly on the market and prior to going up, not for content just from knowledge that we learned the week prior with malicious embedded code. Of course this wouldnt stop updates per say but it would be a step in the right direction without infringing on the developers.

Just did lookout and nothing...after a 1 1/3 years of having the droid and multiple apps installed and un installed over that same period not one warning.

Really though this could have happened to the app store and may have without apple mentioning anything about security breach during one of their many purges...if it hasnt then Im pretty sure apple in the background is looking at their side to make sure its not repeated as the two languages are more alike than lets say windows is to linux.
 
Apple doesn't look at the source code. They just make sure the app appears to meet all of their TOS requirements after installing it and ones that violate the TOS have still made it into the App Store. If the app had a timed payload Apple wouldn't have a clue.
Apple may not, but other certification programs for other platforms do have code review as part of the certification process.

The main point I'm making is that rigorous certification requirements and expensive fees is not an entirely BAD thing for the "official" Marketplace.

To be honest, you could actually do this within the existing Marketplace by simply adding a "Google Certified" layer. That way, users could just check for the certification if they wanted to be assured it was a verified product.

Until something along these lines is added to the Marketplace, you are always going to have people running to the Apple platform and claiming the reason is "quality and security".

Apps have made into the app store that turned out to not be what they appeared to be. No system is perfect and it really is a war between those that want to exploit and those who try to protect. At some point someone or some group will find a way and then we learn and build upon that.
 
To be honest, you could actually do this within the existing Marketplace by simply adding a "Google Certified" layer. That way, users could just check for the certification if they wanted to be assured it was a verified product.

But that would add an extra layer of cost! Don't know about you, but I want my money for nothing and my apps for free! :r_c:
 
Back
Top