Google's reactive policy over content on the Android Marketplace saw dozens of applications popping up overnight with names close enough to the real thing to reel in a mark or two. The worst offender has to be "Rovio MobiIe", which simply replaced the "L" with a capital "I" to make its products indistinguishable from those …
Set up a typical profile for each category, including what rights such an application might logically require (e.g, a game could very conceivably need accelerometer access, but "run at boot"!?) and require manual review/approval of apps that go beyond the profile for their category.
This gives you the general openness of Google's Marketplace with some of the security review of Apple's.
They pretty much do
They have permissions which could be dangerous that you have to authorise (such as making phone calls or reading contacts) and other permissions that can't cause harm such as access to gyroscope sensors which are only shown if you specifically ask to see them.
It is also the permissions that are open to abuse that stop the auto updates (and the 'update everything' optinon) from working making you authorise every one, individually.
I actually think it is a very good system and never install an app unless I know what the abusable permissions are for or check out the developer first.
It killed symbian free developers
The model you talk about is symbian security model. People ended up disabling signature verification and developers gave up very good ideas since it required thousands of dollars to get those certificates.
Only the large corporations can afford something like that. Also some stuff should never be certified like sms preview get those certificates and do non malicious but really stupid unnecessary thing like sending sms to Finland when installed. I reported it to Nokia and they made it editors pick later :)
This for me is part of a broader problem: Most users are that familiar with technology and effects of a specific permission are generally lost on them.
Apple Store's revision process is a PITA for devs, where you can be refused for strange and wierd reasons, but can catch a lot of the strange stuff.
Google's method of autoscanning for known problems is a great idea, but going further and releasing an app within either a preset of minimum permissions, and having a manual review if specific permissions are needed, for example:
Base: read/write in homedir, internet, accelerometer.
Navigation: Base + compass & gps.
Email : Base + mail access
Social : Base + address book
If for whatever reason the app requestes more privileges than these, it should then be submitted for manual approval, like if an app in the "Social" category wants SMS, mail and location priveleges, then it would have to be reviewed, and if the extra need cannot be explained by technical need, the app would not be validated (like Facebook: Why do you want privileges to read my SMS & Emails?), though this means that the revision process needs changing.
An easier automatic system would be, like on the iPhone, per app privileges. The phone checks the app against a valid category (default: Base) and all other privileges are deactivated. From there, it would be up to the app to request and explain why it needs whatever privileges for your contacts, GPS, SMS, Email, porn collection and unlubricated and unlimited access to your rectum at 3AM every morning. If you don't see why you need it, you don't go and activate it in the phone's "privilege center"... This means updating the OS and defining the base categories though, but at least this would have an effect on slowing down downloads from unknown third party sources sending premium rate SMS messages behind your back...
Finally, an app making outgoing calls or SMS should really generate a OS popup accept/refuse warning with the number called...
Waiting for more spamming and new ID thefts...
"Email : Base + mail access
Social : Base + address book"
I would say that the address book should be in a VAULT. The user conceivably could have a therapist, attorney, parole officer, insurance company, priest, sifu, mother-in-law, you name it, in the contact list. Apps like Kakao and maybe skype and others will tear through the contact list to help you find your buddies, but then you have NO existing way (THANKS, GOOGLE!) to cordon off your contacts to keep THEM from receiving info about or being forever cataloged by some social site you dread to use again.
Again, THANKS A LOT, GOOGLE!
It's the same mentality at Google that is at the front/reception desk where the company and security guard/receptionist will have a list for sign-in/sign-out of visitors. Someone can pretend to be a visitor, walk up with a pen-sized lens, peruse the sign-in sheet, and do it repeatedly enough to find names and companies by which spoofing and unauthorized access can be socially-engineered.
So, with contact lists/address books being easily "rapable", it's a wonder we haven't seen more spamming and id theft.
True for the vault part
Depending on the app, it could be nice for me for it to import my contacts, and I could see some use of apps running through the list. The trouble is that I would like to be asked for permission first rather than it pilfering my data behind my back... Actually this reminds me of Facebook that wanted access to your webmail to tell you who was already on FB. I tried it with a honeypot gmail address. It did cross reference a few addresses of my colleagues in FB who had sent mails to the system, but it also sent invitations to everyone else, and a handful of my other honeypot addresses got invites, which to me was a no-no...
Anyway, that's another story for another day. For now, I really will have to reset up my network and do some wiresharking on my phone. I don't think that I'll be too happy with the results though...
Shame they're not the real cops, eh?
How am I expected to recommend my non-techie friends and family use Android phones while this kind of shit can go down?
I'm all for open rights, but I'm even more for my family's banking details not being stolen. For now I'm only recommending iPhones.
openness has a price and that price is vigilance. It is a pressure and I agree that it doesn't work for people unless they choose to be actively engaged. For those that do not an iPhone is an excellent choice.
However, regardless of device you will be hard pressed to find anyone I know who trusts a mobile platform enough to keep their banking details on it. Lets face it, phones and tablets are the devices that get lost most frequently. A member of my own family lost their phone just last week. Good job all finance details on that device refere to a prepay credit card that never has more than £30 on it.
Of course you have banking details on your mobile devices. Just set a password.
Do any of your non-techie friends or family use a PC?
How on earth do you stop them downloading a program off the web, or installing one from a disc?
How do you make sure they don't go to a dodgy website or fall for a phishing scam from their e-mail account?
They don't even get to see the permissions an application requires on a PC before it installs.
Maybe you tell all your F&F to not use a PC, stick to a TV and real mail - but oh no, there are poker adverts on TV where they can lose their money and plenty of fraud via the mail, including 419ers
Arghhhhh, run for the hills.....
Good luck with that.
As even in the santised and controlled Apple world, Malware still exists. The media are all iPhone owners, so they rebrand it into something that sounds less scary....
So what about that new market Bouncer service Google was waxing lyrical a few days ago?
Seems as effective as a chocolate teapot - or is it still beta?
Its effective - but the OPs reference to whack-a-mole would be right. It's reactive, not proactive. I'd prefer to see these things quashed before they get to the public.
Not at all, Bouncer IS a proactive service:
"The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts.
Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back. "
Seems it's not really working.
Either that, or someone seriously felt that "Rovio Mobile" really would apply for a new developer account with a misspelled name.
Seriously, the real WTF isn't that this malware took 3 hours to be pulled down, but that such an obviously fake developer account was allowed in the first f*cking place!
Having recently set up Ubuntu on a spare box, I noticed that it defaults to using a very clear and readable font. The characters i, l, I, |, !, and 1 (and also 0 and O) are all instantly and unambiguously distinguishable. If Android used a similar font, these impostors would be much easier to notice.
Fix Fonts Everywhere!!!!!!!!!!!!!!!!!!!
By design, "Typeface" or "Fonts" are supposed to be more readable than handwriting. There should be no possible way for an "L" to be mistaken for a "1" or "I". Any font that does not differentiate characters properly should not be allowed. Period. End of Discussion.....
I'd rather have Apple and their better security that this cr@p
You've been downvoted a bit, but lately I'm starting to think along the same lines.
We geeks desire freedom and the ability to customize and tailor and duct-tape our hardware and software. It's part of why we got into computing, engineering, etc, in the first place. However, most people aren't geeks and, for them, Apple's approach would seem to be a better one for the customer. There is something to be said for peer review of software, particularly if that software could get access to financial statements, health records, or GPS positions and times. I know I wouldn't want my psycho ex girlfriend knowing ANY of these things.
Plus, life for most people these days here in Americaland is pretty hectic, particularly if you have kids. I'm willing to pay for others to review software security for me just to get more time for other things.
A simple case of being too open - this is the Android achilies heel.
"There should be no possible way for an "L" to be mistaken for a "1" or "I".
Just not realistic - like '0' and 'O' - what are you going to do about zeros and o's?
Use a font that has a slash through the zero.
@ AC 19:16
"By design, "Typeface" or "Fonts" are supposed to be more readable than handwriting. There should be no possible way for an "L" to be mistaken for a "1" or "I". Any font that does not differentiate characters properly should not be allowed. Period. End of Discussion....."
You have just eliminated every serif font (l and 1" in Times, e. g.), and every SANS-serif font (I and l in Helvetica).
From this day forward, the web shall be presented in NOTHING but Zapf Chancery. Period. End of Discussion.....!
Not so Fast!
End of discussion? No need for the discussion in the first place
I too can clearly see the ones, els, ohs and zeros in the posts that you and others are making.
It's that Ubuntu font, I suppose. Or fonts: even in Terminal, these distinctions are clear.
Google should provide an application security check
Why doesn't Google offer an application security check as an optional thing for application developers to put their apps through. Clearing the check could give applications a "Google Approved" badge which gives strong reassurance to users that the application is safe. Being optional means that developers don't need to put their applications through that but without having the badge would mean that users would possibly receive a warning that it is an unapproved application (similar to Microsoft signed drivers). Integrating an application filter whether the user wants to see only approved applications or all applications could also be added. This scheme would give the best of both worlds (Apple's application security checking and Android's openness).
They claim they to do most of that already - see my post on the Google Bouncer above - and it's not even optional, but it seems to be ineffective.
Android users suffer from fanboi envy
Just looked over the downvote statistics. You Google sectarian fans need to work a little harder to get to the pure devotional obsession and flagellate status of the iOS jailbreak apostates. While an odd sub-sect, jailbreakers at once are convinced of the infallibility of their Mother God's approval system, and also reject it to allow more pure consumption and "enhanced control." They find that the only pure love and secure-oneness-in-being possible is to remove all restraints from their devices to allow unification with and unlimited corruption of their Messiah Phone.
Their white sheet wearing self-abuse makes your voluntary risky ecosystem look like mere drug addled, alcohol soaked, seatbelt-less, joy riding in a convertible car driven by the devil. They live to hurt and seek it, and downvote any that might cast doubt as to the love which makes you look merely pathetic really. Take some chances. Hell, it's only your phone...that stores one or two useful contacts, profiles, passwords and other tripe that could never be used maliciously. Heaven forbid. Not to mention that the little accident with a developer sneaking Wi-Fi StreetView sniffing code was cleared up so well...right? End user privacy agreements after judicial wrist smacks just turned the entire Global army of phones into exactly what they said was not going on...since it was already.
I'll get my coat...it's the non-denominational one with three phones in the pockets, with location services turned off for the damn Google phone. And to think I saved the IPO pdf and used to use a Google mousepad in the year 2000. I feel raped.
Maybe the Google could use a search engine?
You'd think this should be a kind of simple thing to address. You scan each new app for its search keywords and see how closely it matches the existing apps, and then quarantine it when it comes too close. The idea someone posted about permissions-based quarantines is also excellent. You don't even have to worry about the categories of the apps, but just assume that any app that wants permissions to do something dangerous should be looked at before it is published to the world. There is no legitimate developer who is going to die from a short delay in releasing his great app to the world.
However, I think that if the Google hadn't gone evil, then they would have already acted.
I mean the Android Bouncer article (which was not only very relevant but interesting too) didn't even get a mention here, yet got widespread coverage everywhere else.
Yet something like this comes up, and you are all over it like a bad rash....
Hmmmm, ok then.....
Polymorpic Malware now available for download!
Likewise to earlier poster - stop reactively downvoting people who don't want to wade through application permissions and express a preference for the Apple solution. You're talking 99% of the android owning community out there (as the article helpfuly points out, most people just want shiny thing, and will click on whatever it takes to run shiny thing).
Google still have no clear definitive proactive stance on malware. Making excuses about this being "just like PCs" is not enough. Apps must be vetted for security before they go on the marketplace, and presenting users with java-style lists of permissions has got to go as well. You might as well ask non-tech people if they know anything about rocket science...
Apple's model may be draconian, but at least you can have more confidence that the software on there is safer to use, from at least the SMS-sending trojan point of view!
No amount of geek frothing at the mouth about "openness" and suggestions of complicated solutions is going to help here - although the "google approved" sticker is at least on the way to a solution. It's time to kick caveat emptor to touch on app security - it's not just about the user losing faith in a platform once their phone eats their credit because they don't understand app permissions (see what I mean?), it's about Google themselves eventually being tarred with the "they don't care" brush - like Microsoft were regarding windows security!
- Breaking news: Google exec veep in terrifying SKY PLUNGE DRAMA
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Analysis Happy 2nd birthday, Windows 8 and Surface: Anatomy of a disaster
- Google CEO Larry Page gives Sundar Pichai keys to the kingdom
- Something for the Weekend, Sir? SKYPE has the HOTS for my NAKED WIFE