Android Trojan writers are trying more tricks to fool the unwary into downloading rogue applications with a new set of rogue applications. The rogue apps – available via third-party app stores in China – pose as a "love test" application, an ebook reader, and a location tracker. Clued-up users should notice that the dodgy apps …
It's not rocket science, it's simple...
If a wallpaper application wants your location and permission to send text messages why install?!!!
Yeah, but its not a wallpaper app
It would be trivial for for someone to modify this program that says that it will show you single women close to you.
Or what if someone were to create a travel application that would automatically post Facebook, twitter, etc. Then giving it permission to access your location and messaging, email, contacts, etc would be perfectly reasonable.
Malware will always exist and there is nothing that can prevent all of it, not even your precious google.
It is rocket science to Joe Public.
it is rocket science. Android phones are being sold in so many shapes and forms to the general public who have no flippin idea about permissions and I doubt they are given any training by the stores who sell them it are they?
I can just imagine my parents going for their next handset upgrade and being give a droid phone, they certainly aren't stupid but when it comes to tech I can easily see them quite happily clicking away accepting everything foolishly assuming that they are safe buying things from the store when thats quite clearly very far from the truth.
Same applies to kids, Droid phones are so cheap do you really expect a kid to care when an app says it wants permission to location or whatever? Or indeed that their parents will be savvy enough to stop them? Err.. no. Neither do I.
IT pros who seem to think they entire world thinks the same way they do are way of the mark.
RE: Gadget Rage is BAD
It's not rocket science, the permissions screen is clearly noticeable to anyone with eyes.
The only way around this is forcing someone to stay on that page for 10 seconds before the install button lights up.
At the end of the day if the permissions for an application could give you a 100,000 volt shock and kill you then a lot of thick people would still not read the permissions, accept them, and then try and sue if they survived.
Yes, I expect them to care
It's basic reading comprehension.
You buy a device and don't want to bother observing basic security considerations, then it's pretty much your fault when you get a $600 phone bill next month. I hope you have a hell of a time getting the cell company to refund it.
No different than the people that ignore the oil light, then are totally surprised when the engine turns to a useless lump.
@Gene Cash (oil light)
Yes, it's just like an oil light. Except there are like 14 different oil lights. And if you want to actually use the car, some of the lights have to be on sometimes. Like if you want to go to the store, #5 needs to be on, and if you want to go to work, #9 and #12 need to be on.
But watch out! If you are going to your auntie's house AND #7 is on, then you will get carjacked on the way there.
Unfortunately the permission 'requires internet access' covers every advert supported app.
What'd I'd like is something more fine-grained - 'requires internet access to domain mysite.com' and Android wouldn't allow the app access to anywhere else.
Alternatively, every app could have an Android provided permissions page where you can turn off the permissions it says it requires. Yes, the app might break (or the ads won't appear), but at least I'd have some control rather than all or nothing.
requires internet access is just that to access the internet, its the permission requiring sending text msg, phone book access and permission make phone calls is the issue (think there is 2 others)
Clued up users
Clued-up users should notice that one should not have to be concerned about permissions when running apps on their phones.
malware turns up at non-Android non-marketplace in China
"The rogue apps – available via third-party app stores in China .. The malware – detected by Trend Micro .. The incident provides yet more evidence that Android mobile malware developers are following much the same path, and using much the same lures, as their Windows PC predecessors"
Except all Windows users have to do is click on a link or open an email attachment or query a compromised DNS server ..
it's like the Sharp Zaurus
Sharp issues the Zaurus PDA. it's got a good screen, built in keyboard, strong processor and color graphics. It also runs a small Linux distro which made the device customizable beyond all reason, tons of free games and applications available, and the means for FOSS guys to make their own.
Then they market it to the same pointy haired boss types who were barely able to handle the Palm V's awesome greyscale power.
It needed setup and customization for use, which was "too hard". and worse, it allowed a PHB to get onto the internet, download install packages from people's personal sites, and install stuff that could work well, or cause slowdowns, or brick the device altogether-which of course, was the "fault of the device".
So I got a barely used Zaurus from the office Disposal department for pennies on the dollar. Ran it for years untroubled by hardware problems, tho I did get a few dodgy apps that meant reflashing the OS. Custom OS's from different sources made things fun.
Android gives the user the power to make the device their own-but like firearms, people screw up with them and rather than own to their own failure, start blaming the device. It's easier on the psyche I suppose. And like a government that bans firearms because of the ineptness of the "enlightened" leadership types, Apple rides in with a walled garden.
Hearing of Android exploits is a good thing. It means the system is still controllable by the user. The day we no longer hear of Android trojans is the day the mobile OS freedom became an illiusion
Freedom to do whatever you want includes the freedom to muck it up too, no problem there.
But more information about the permissions an app requires would help everyone. Either every permission has to have an explanation as to why it is there (some devs do try to do this), or devs have to be told - "I didn't install this because of so-and-so required permission". Or maybe the first time an app is run, it has to request each permission it wants. Bit annoying to use though.
Of course desktop software has been installed for years with no such guarantee about what it might do. Of course that has made it easier for malware to take hold.
You don't have to know how to build a car to be able to drive one
You do, however, have to know where the brake pedal is.
There is a middle ground here I feel
Yes, most apps will ask to use the internet for ads etc, can't help there. But, for making calls or sending texts or other potentially high cost actions I think the warnings, whilst already there, could be more pronounced.
A popup for example
"This application wants to be able to send SMS messages. The explanation from the developer is below. Only accept if you accept the consequences and potential costs" Then a text box the dev can fill in saying "I need to do this because I want to send MMS of cats to your family" or whatever.