Google has yanked more than two-dozen mobile apps from its Android Market after security researchers reported they were laced with malicious code that transferred user data to servers controlled by attackers. As many as 120,000 Android users downloaded the trojans before they were detected, according to Tim Wyatt, a researcher …
Thanks for another enjoyable article!
Thank you for a very informative and entertaining article! I am looking forward to reading *many* more like it in the future!
But where's the program list
Great for telling is some of the programs but a comprehensice list would be useful
Just Android Apps??
In the past two months, many of my users are getting these same types of trojans just from clicking on the top responses to Google Searches let alone many of the banner ads right on the top of the Google page!
Granted, I wish my users "supervisors" would actually discipline their employees for recreational web browsing on company computers, but that is another topic that doesn't involve the content that Google is providing to the world!
"Infected programs carried titles such as ... Floating Image Free ..."
Not this one:
Floating Image (free)
I hope not too, as that app's been on my Droid since being recommended by El Reg on 5th April :(
C'mon Google - can't let crap like this cripple Android take up (and it will, if it gets worse). Time to out think and out perform Apple.
Android == Windows
iOS == Mac. If you want it cheaply and more open go for Android, if you want more expensive, closed, more polished and malware free, go for iPhone. Each to his own.
You get the best of both worlds with Windows Phone 7. Each one to his/her own.
How is having no decent communication apps, or a SSH client, the best of both worlds?
I don't spend my day opening e-mailed spreadsheets or on my "social hub" which is just about what WP7 does well at.
Are you actually using a WP7? I am currently using iPhone, Android, and WP7. Out of the three I far prefer the interface and experience of the WP7, the app store and hardware of the iPhone, and just about nothing about the Android experience...yet. I will give the Android a fair shake before writing it off. Perhaps having an App ask me for access to my Contacts sort of soured me early.
As for SSH client? I personally do that where I can hammer a keyboard...and then no client is needed, just the ability to type quickly...which with mini touch keyboards is not it. Are you logging in to see if a process is finished or actually doing terminal work?
A friend of mine blasted away iOS and is running uPhone. Maybe you ought to check it out.
have you used WP7?
Check simpleSSH Lite if you want your ssh client for WP7. Maybe it's not the best yet but works. I am not sure what you mean by decent communication apps, like messenger and the rest? There are a few. Then with mango it goes to a completely different level.
What botnet? We don't have a botnet.
How does IMEI + IMSI + handset details = "botnet"? Bit of a jump there don't you think?
I think that Google could make a contribution here by......
.........refusing or restricting apps (free or paid for) that demand permissions that are totally unnecessary for the function that they allegedly perform. For example, why do so many wallpaper apps or ringtones need/demand permissions that mean they in practice would own your phone's arse? Those types of apps do not need administrator and/or communications permissions. Devs submitting apps that make such demands where there is no obvious functional need for the app to have that degree of system access should, at the very least, be facing some very blunt questions from Mountain View.
...a dice rolling app which needed to be able to make phone calls and send MMS (potentially using premium rate services in both cases).
This one was on HTC's recommended apps list.
Google needs to sort out the permissions
What does an Android developer do if they want their app to behave nicely when a phonecall is received whilst the app is running? Judging by the permissions required by many in the Market I think their only option is to
"READ PHONE STATE AND IDENTITY
Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like."
I have no way of knowing if an app will ever read the serial number or use its permission to determine who I call and who calls me! Wouldn't it have been better to design the OS so that apps could register to be alerted when the phone rings, rather than having to listen for it themselves? That way they would not need to request any unnecessary privileges.
sensible post of the week
You have the best insite here.
Having lots of option for telling the user what "features" are used when there is little knowledge on the end user side of what each option really means. This is a perfect case where less really is more. Google needs to look at what features they "warn" about and limit it to 2-3 options. No more.