Lookout Mobile Security has taken steps towards classifying privacy-eroding phone apps as malign and ripe for removal from devices by its antivirus software. Many free mobile applications generate revenue by using advertising networks and exchanges to show in-app ads, and in most cases everything is ethical and above board. …
"We suspect that the mobile adware warning functionality - as and when it appears - will be sold as a premium service"
That doesn't sound very different to what the free Ad Network Detector from Lookout does now, apart from maybe putting a label next to the apps it finds that says 'these ones are bad'
Cheers for the app mention. Just ran on my phone and was even more disgusted than expected. App gives a link to opt out for some networks and well worth installing. Culling the worst offending apps now, Rovio apps are first to go!
And it'll end up failing just as current AV generally does: you'll see developers sneaking in multiple variations of the same software, just modified enough to get past the detection code.
It is, in part, due to Android's horribly broken permissions system
First up - YOU should be able to tell an app what you are willing to let it do; not the other way around. I have refused to upgrade some of my bundled Orange apps because it wants to "Modify battery statistics". WTF? The latest version builds on this. It is an app to report your contract time/data remaining and modify some options. So why does it want to read SMS? Start at boot? Read contact data? Directly call phone numbers? FOAD! [innocuous app "Orange et moi" by Orange France, with scary permission requests]
Secondly, some of the permissions are lumped together into an awkward mess that brings two barely-related concepts together to represent a huge potential flaw. I present "Read phone state and identity". It is acceptable to read the phone state - you don't want music or video to keep on going when there's a phone call in progress. But why is the UID of the phone lumped into this? Likewise "Full internet access", is there no levels of restriction available?
Maybe where we need to concentrate our shouting is at Google and the Android devs to try to get the permission system evolved into something that the user is in control, not the app author.
Re: It is, in part, due to Android's horribly broken permissions system
Not much use for non root users but as a Reg reader I would assume you are. Check out LBE Privacy Guard, its a free app that does exactly this. It prompts for granular permissions when installing new apps. For existing apps it will prompt as they request permissions.
5 per cent? I have to admit that I was relieved when I read that.
Had I been asked to guess I would have thought it was rather more. However, their sample size (some 300 k or so) is reassuringly trustworthy as far as statistical confidence is concerned so I am inclined to take it on face value.
Their hand in your pocket.
I guess what makes mobile malware so sinister is that it could so easily be used to run up costs on your phone account. This is a different order of threat than annoyances on your PC.
Re: Their hand in your pocket.
It's a bit like the premium-rate porn diallers that were a problem when most of us still used dialup modems.
I just don't download those apps that require permissions they don't need or I don't approve of. I don't care what they are, or who they're made by. If only we could get rid of the apps that come preinstalled; the ones that have all those permissions, like Facebook. Buy any smartphone today, and there are at least 10 apps preinstalled that have way too many permissions for my taste. The only way to get rid of them is to root your phone, and lose your warranty. Carriers are exacerbating the situation with this behavior.
Re: If only...
Rooting your phone is NOT the only way to get rid of carrier crud-ware. You can just install the base, un-carriered, version of the software for your phone. Other than getting rid of the carrier junk and branding, you also don't have to suffer with waiting for the carrier to bother to release an updated version of the software for your phone - just use the manufacturers version. You do, however, have to put up with whatever the phone manufacturer puts into the base version, but currently this usually there isn't too much at this level on most devices.
Re: If only...
Or just use Cyanogen, a base install comes with absolutely nothing (the Google apps are installed separately if you want) and it'll probably get better battery life out of your phone.
I'm not particularly knowledgable about Smartphones, but have the skills to understand what I find out. Finding out what the permissions that Blackberry Apps are asking for actually do is next to impossible. But I'm damn sure some of them are just to let the machine send the app makers lots of good information.
The Gen Public user will have no chance of knowing when to grant an app any requested permissons and when not to. Some may be intrinsic and need to be there for any app of that kind to function.
Some are clearly not required for the app to work, and refusing them won't stop the app from working.
Then there are the permissions that aren't needed, but if you don't grant them the the app refuses to run.
And that's 100% RIM's fault.
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low