Android malware threats could increase by a factor of 60 over the next six months, according to Romanian security pros. The rise, if realised, could see the number of Android mobile malware samples increasing from 200 now to 12,000 by March 2012. Many examples of Android malware involve the insertion of malicious code into …
The problems with permissions.....
The Android permissions architecture is a pretty good idea. The problem is the implementation and presentation is poor.
When you are browsing the Market, you don't get to see the permissions until you are ready to download the app. It would be far better if the permissions were on the main app description page. It would also be a good idea for the Market app to highlight permissions that are a particular risk ("Services that cost you money", for example)
Its all, or nothing. You either agree to all of the permissions, or you don't install. In some cases this is sufficient, why would a fart app need access to my contacts? Other times it isn't. There are plenty of legitimate reasons for an app to require network access, even if it is to serve up ads. There are also plenty of malicious uses for that permission.
What is needed is for the permissions system to be up-ended. Instead of the app saying "I need these permissions", the user should be able to say "I give you these permissions", preferably when the app asks for them. The app asks to access location services, the user replies "No", "This time only" or "Yes Always". The Android API should require that apps should handle being denied a permission gracefully.
The network access permission could be tightened up by making it more specific. Something akin to a firewall, perhaps? Allowing the app to access certain addresses or use certain protocols? Could be too complicated for the average user, however.
There are firewall and permission blocker apps available, those these need root access and apps that have their permissions blocked often force-close or behave badly in other ways.
I agree with that. I was wondering if perhaps there could be some text with a justification of the required permission(s)? The user would then be able to make their own judgement. Although obviously the developer could lie, there would have to be some plausible reason in the first place.
@I'm Brian and So's My Wife
I agree on the permission explanation front. I wrote a few notes on this a couple of weeks back after EA's Tetris FREE asked for phone call permissions. I think Google has a responsibility here to smack their larger publishers around a bit to behave with their permission requests - half the problem with the current system is that users are desensitised to permissions when everyone's requesting so many!
"When you are browsing the Market, you don't get to see the permissions until you are ready to download the app." - if you use the browser you can see all the permissions that the app requires and explanation of each.
This is what I use and it works great.
Why are we so surprised? Seriously. lol
The difference between M$ and Android is that M$ has an excuse due to the fact that it has a mass market monopoly, the other, Android just has piss poor software that's easy to exploit.
Why the dollar sign? Is your 's' key broken?
Oh wait... You're implying that they only want money! What a horrible accusation!
What nerve to assume that a company wants money just because they're not non profit organizations.
In all seriousness, when I see M$ or Windoze, I stop immediately and move on to the next comment. I don't think I'm alone in that, either.
I see you left out Appl€.
From the article, I can't really see anything that might be restricted to Android. Even Facebook apps request permissions, as do Windows apps and Apple apps. This is a security issue for all platforms. Why single out Android?
It is an Android issue
Microsoft and Apple vet the Apps in their respective stores, Google dosn't which is why it's an Android issue.
There has long been a bug report on the Android Issues site regarding this issue.
Permissions should be optional, and should act in a safe manner – if I refuse permission for an app to access my contacts, then rather than being unable to use the app, there should simply be no contacts as far as that app can see. Refuse internet access and the app would always get a 404.
Google have shown as much interest in solving this issue as they have in the vast majority of Android Issues – namely no interest at all beyond the smug “Works as intended”.
You've got to have a bit of both the mandatory and the optional permissions. If the core mechanic of an app is to do with integration with contacts, what's the point of having that as an optional permission? All it would do would be to flood the market with idiots marking it down because it didn't work after they had rejected that permission.
Unfortunately the struggle is then to get devs to restrain themselves from requesting mandatory permissions when they don't need to (which, tbh, is the main problem with the current system). It's sad that there is no point in the Google dev guide on permissions that says "before you ask for access to everything from the LED colour to the wormhole generator in this phone, sit down and have a good long think about what you actually need you lazy lazy bastard".
Hey St. Jobs is that you?????
The code for Android is there for you to take and make it better.
It's your turn to shine, go at it and let us know how did that work out for you.
Ooo and have this done next week cause otherwise, this is gone be crappy OS.
Seriously dude....are you serious? Do you even know what's involve in creating OS and managing it on so many devices?
Have an wonderful Kool-Aid day.
Same Sh** different reasons
Windows wasn't meant to be hooked up to the internet in the first place. Microsoft didn't reckon the WWW would ever happen (or didn't think it could in the first place). This left the machine wide open to malware, which originally spread through floppies.
Android has no such excuse. The provision of a powerful computing device with always on network capability with options to let the user install anything they like, relying on UAC style nagging? Doomed to fail. As nemo put it, Google are taking the "no problem here, it's the user's fault" approach, which only darkens the reputation of the platform further as the stories of sophisticated malware multiply exponentially.
1. Allow only one app store and nothing else - no installing from apks either
2. Adopt an app approval system and demand source code for all apps, sinking effort and their own money into it
android will die the death of a thousand cuts, namely by
1. Antivirus software getting more and more intrusive and battery-intensive (see windows experience) - user experience declines...
2. General mistrust of the platform (word-of-mouth - "yeah, I ended up with a 300 pound bill with one of those android phones, I'll never have another one")
Suggestions of how to "improve" the permissions user story are like pissing in the wind. If you sell the platform to 500 million people, you've got millions, literally MILLIONS of half-wits who will still do the wrong thing, deliberately, because the app _said_ it was an extension for Angry Birds. Even selective permissions are pointless here, as you have to put the selections somewhere, most likely under "settings", where they're never looked at again, or you have to stick up annoying Java style dialogs regarding internet access.. tedious, resulting in "yes, please just always let it do that, I want to do this shiny thing now" decisions.
Seriously, don't muck about, Google. Grasp the nettle before Android tanks.
Vive la difference
Single app store? No "unknown sources"? App approval system?
You mean like Apple?
Android cannot compete on those terms. One of the major attractions of Android is the freedom to do what you like with your own device. If you tie it down like an iPhone, you might as well buy an iPhone.
You got thumb down for calling me half-wit.
Seriously, I am pretty impressed about these Android permissions. Using iOS, we don't see anything like that and I would love to.
I prefer the Apple curated approach myself, but I respect that Android users have a choice. Even if curated, a permission scheme would be beneficial on iOS. The inclusion of acne-clearing iApps makes one wonder about the curating scheme anyway...
I doubt it will be implemented though - Apple has a, sometimes unfortunate, tendency to simplify for their users.
I agree about mandatory vs. optional permissions as someone else stated. Mandatory == won't download if you don't accept. Optional - you deal with it as you see fit.
p.s. For malware writers who want to "explain" why they _need_ some permissions:
SMS - required to Twitter to your followers
Contacts - so we can integrate your exciting life into Facebook.
Sincere apologies... a bit.
No flame wars SVP - my intention was to illustrate that with the right social engineering you don't need to coerce "normal" people into installing malware.
I should qualify "half-wit" - it was intended as a relative idea, relative to the tech-savvy who inhabit these forums and spend their time keeping system running and safe, mistrusting every possible download which appears either to be too good to be true, or slightly suspect in some way.
If you downloaded something and installed it without having that inbuilt cynicism, you're a member of the general public, and understandably may not realise the ramifications.
But we can't expect everybody who gets a shiny, easy to use handheld computer to suddenly become aware of digital hygiene concepts! That's why google MUST adopt a more pro-active stance on the app store, and demand source code and not allow anything to be listed unless vetted first. Otherwise the platform will die as people lose faith in the android store, and devs move off it to somewhere safer and more profitable (although there's a whole other discussion on app store profits there).
Too many apps, too many permissions
One of the problems with the permissions in Android is that the advertising system that many apps use causes the app to need more permissions than it should.
Consider an ad-supported app: the ad system wants to know your location, so it can serve targeted ads. It wants to be able to launch the browser in case you click on it. It wants to be able to make phone calls in case you click on the number. So now your app needs Network access, Location access, and Phone access.
Consider an app that can make noise (music player, for example): It needs to know the phone state so it can mute if you sleep the phone, it needs to be able to keep the phone from sleeping if you are listening to it, it needs to know if a call comes in so it can shut down.
Some of this could be solved if the permissions for serving ads were moved to a standard ad server component, and a permission "Show ads" were added. Of course, every app developer wants to use his OWN ad network rather than Google's, so that still won't completely solve the issue.
In most of these ad cases there's an element of developer control allowed. With AdWhirl you can choose to not ask for the location permissions if you don't see the value in location targetted ads. That idea of differences between essential and optional permissions is great, but I'd rather see it at the user level as Eponymous Cowherd mentioned. You would still need mandatory permissions though as otherwise no one would release anything ad supported as users would never allow network access!
Also, if the app is asking to make phone calls in order to offer you a number to dial then it's pretty shoddy. Should be using ACTION_DIAL rather than ACTION_CALL.
Just one more reason...
...I'm staying with my "stupid-phone" for the forseeable future.
@cowherd - yup
"Android cannot compete on those terms. One of the major attractions of Android is the freedom to do what you like with your own device. If you tie it down like an iPhone, you might as well buy an iPhone."
Of course I mean exactly like apple - and it really doesn't mean anything that YOU like the idea of an open platform you can do anything with - if all the uneducated unwashed masses still get presented with an open platform full of malware they'll go off it, just like I said: better that Google closes down the liberty - still allowing the enlightened like you and me to Cyanogen our devices to the hilt should we desire, maybe there's a new angle there - you can apply to UNLOCK your device for rooting, no questions asked, no issue, then it's caveat emptor - you look after your security.
See, that's the hurdle that needs to be put in place: don't give non-tech spods the freedom to crap on themselves, and the platform will gain admiration from the spods. Give the techs the freedom they want, IF THEY WANT IT, no questions asked. Some non-techs will "have a go" and get into trouble, but a tiny minority - most will blissfully enjoy an excellent android experience within a closed and safe platform they can't shaft themselves up the arse with.
And yuo can't say "if you want an iPhone, go buy an iPhone" - that's my point, eventually people WILL - and android will be left flopping on the beach of obsolescence.
(JOKE) You're not a real techie, are you? Real techies assume that the "uneducated unwashed masses" needs are exactly the same as theirs.
"Here be malware"
I believe the main question is: "How easy is to compromise an Android mobile without user interference?".
I mean, if a user installs a malware-laced program, then it is not an Android fault. If an user is just browsing, and the mobile is compromised... THEN it is an Android fault.
There is no way to secure a computer (smartphones ARE computers) against its own user. Even iPhones got "rooted" - just like droids. Remember Symbian? It had a clever system, using signed apps - and you could choose to allow the system to install a non signed one.
The "E" series came with this option active - but the "N" series didn´t. Why? Because the users would want to install an unsigned app, and couldn´t understand why it didn´t get installed. So, it was disabled to the "N" series - the "Novelty" series. Did someone complain about "flood of malware on Symbian"? Yet there where various malwares written for it. They where, of course, unsigned.
Sorry, but it _is_ android's fault...
"I mean, if a user installs a malware-laced program, then it is not an Android fault."
Yes, it is. You cannot assume people will magically realise that installing unsigned APKs direct from a website, or allowing permissions to do anything, is a "dangerous act". People are not that bright.
You're effectively saying that the antivirus companies are right. Fair enough, let's all watch the Android battery life circling the drain as McAfee live-scans every bloody file you ever touch when you're browsing.
Pro-active is the way to go here, google have to secure the platform and the store.
Today I´m feeling lazy! No title for you!
But I never said that the user should realize it! Only that it is not Android´s fault.
Yes, the store should check the apps. Yes, they should be signed, and the mobile should install (by default) only signed apps.
1) If a signed app is malware laced, it isn´t Android´s fault: it´s the Market Store fault!
2) If an user disables the verification of signature, and installs malware, it is the user´s fault!
3) If an unsigned app is installed, even with the "install only signed apps" checked... THEN it is Android´s fault.
4) If Android installs something malicious WITHOUT prompting/warning the user, then it is Android´s fault.
But You can´t complain about an OS that installed what the user asked...
This is what you need to do
First, root your device. (Google z4) I don't like being forced by any carrier (Verizon in my case) to keep stupid crapware installed on my device that uses MY bandwidth. Lawsuit anyone?
Second, after you root it, immediately download and install LBE. This thing will light up like a Christmas Tree when you start downloading and installing other apps. I mean really, some of these things that want to read your IMEI or access SMS like the article suggests is asinine.
Furthermore, how many of these app vendors are SELLING your IMEI/Phone # info for spammers!? I've never given out my mobile # and get more and more calls now, even though I use Google Voice only for dial in/out. Hmm.
So in short
two companies who rely on people being scared about malware, release reporting about scaremongering reporting about Android malware.
Surely a sign of success is when every lame man and his dog are trying to get a bit of your action.
EPIC FAIL, as I don't know any Android malware that can spread if you havn't gota rooted phone and don't allow the permissions.
Why do I get the feeling...
...this sounds very much like there is a rapidly growing market with no "brand xyz virus scanner" penetration, and they're just busting to get into the game?