Virus writers are paying top dollar for access to "active" Google Play accounts to help them spread mobile malware across the Android ecosystem. Google charges $25 to Android developers who wish to sell their wares through the Google Play marketplace but a denizen of an underground cybercrime forum is offering to purchase these …
Why the reporter omitted the last part from the source?
"Google charges just $25 for Android developers who wish to sell their applications through the Google Play marketplace, but it also requires the accounts to be approved and tied to a specific domain."
I'm not familiar with the approval process within Google and how effective its tying the account with the domain, but I suspect that the buyer will have a hard time to find people to sell their personal information in exchange for $100...and the fraudulent ones? Yeah...
It wasn't omitted, it's right there in the second paragraph.
It was. No mention that Google must approve accounts and the account tied to a domain. which means a process of checking, in theory. Very different from the idea of almost nothing, unlike what was pointed about Apple.
Sorry third paragraph - "The miscreant is offering '$100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server'."
A 'verified' account 'tied to a dedicated server'.
A few problems with all this.
Of the 43,000 bits of software attacking Android, how many of them are in the unregulated Chinese markets, over which Google has no control, and which the majority of non-Chinese users will never go to?
The assertion that iOS is practically invulnerable. Wasn't it last year that an app was approved by Apple and quietly sat slurping user data and sending it back to the developers server, and which was only closed down because the developer in question was a security-related bod, who was proving that iOS can be breached? Can anyone, hands on heart, say that this was truly a one-off and not one of the hundreds of thousands of apps in the AppStore do not do something very similar? Just because you don't have the tools to find a problem, doesn't mean it doesn't exist.
Finally... research by Kaspersky? Hmm, is that the same Kaspersky who charge £8.95 for phone security software and £11.95 for tablet security? Nothing to gain from scare-mongering, then?
Android isn't perfect, no software is, but let's not get carried away with such dodgy "research".
Hey Anonymous Google Shill, a few problems with your post.
You seem to think it's ok for foreigners to get malware. It isn't.
The article doesn't say iOS is practically invulnerable, but if you can't see the difference between buying from iTunes on an iPhone and roaming the internet downloading apks on an android then you're being deliberately obtuse.
Finally, Yes, Kaspersky are using this to get business. However, if the tech is real then it is a real risk. It gets access to your bank account!
And I think you'll find Chrome OS is perfect. I'm sure I read that on another thread just this morning...
It seems we are lucky Linux never really made it to the desktop! Android has had more malware in ~ 2 years than Windows managed in the last 16!
except that with Windows everyone around has it, with Android no one has ever really seen it. So let's wait another 16 years.
It gets access to your bank account!
If you have a habit to install crappy apps (possibly outside of Google's Play) without examining and analyzing their permissions, neither Kaspersky, nor any other Russian dude would be able to help you anyways. Ignorance is a pretty luxurious thing, you know.
Re: without examining and analyzing their permissions
The vast majority of android apps ask for permissions they don't seem to need. I don't install things with dodgy permissions. I have es file explorer and winamp installed and have had the phone for 2 years. I've looked at many other apps, they've all asked for things they shouldn't need.
So if you're a google fan you'd better fucking hope people don't start reading the list of permissions, or the tiny amount of money developers make on Android will dry up completely.
"It seems we are lucky Linux never really made it to the desktop! Android has had more malware in ~ 2 years than Windows managed in the last 16!"
The difference being that Android malware is installed by the users installing dodgy apps from dodgy places whereas Windows malware is installed through vulnerabilities in the OS and browser plugins.
The vast majority of android apps ask for permissions they don't seem to need.
So, it's my point, there is not much difference between a bad intent and a sloppy design. It might well be that that little app of yours is useless after all.
So if you're a google fan you'd better fucking hope people don't start reading the list of permissions...
What do you offer me? To become a Microsoft or Apple fan? I doubt that Google can screw up that bad and the former two would change their ways that much really ;-)
As far as Android is concerned, I like it but will ditch for a first viable GNU/Linux alternative whenever it becomes available...at least make it dual boot
he difference being that Android malware is installed by the users installing dodgy apps from dodgy places whereas Windows malware is installed through vulnerabilities in the OS and browser plugins.
True, yet some/most part of Windows malware come the same way.
In my view, the difference is:
1) the means OS provides to counter those risks (Android mandatory sandboxing + transparent permissions, Windows --????)
2) what matters is not how many different strains of it is out there, but how many people are affected. As I and others have pointed out, for Windows you just need to ask you friends, neighbor etc, for Android you have to trust F-secure, Kaspersky, MacAfee et al.
Looking at the votes in this and other threads it's pretty clear that the majority of Reg readers prefer Android. And hey that's cool. What's amusing is how fanatically these Android owners defend their emotional and financial investment in their choice of mobile OS.
There's simply no chance of an objective discussion where an article mentions any mobile OS. It's a shame.
With 1 in 5 applications in the Google store being Malware plus countless unofficial apps, it implies that many users have Malware. But as you say the worst thing is that they don't know it yet!
Actually most Windows malware these days asks you to install it - claiming to be security scanners, toolbars, etc. And Bit Torrent is full of Malware that asks you to install it.
And anyway Android is based on Linux which has a pretty awful security record - the kernel alone is much worse than any version Windows in terms of number of vulnerabilities. Android has also previously been completed rooted just by visiting a website.
Well Windows Phone has zero known malicious malware, so whatever Microsoft are doing sure seems to work....
Granular controls on the phone...
And a couple of "Ad server" applications so that freeware only needs to slurp an advert from a local service, not have full unfettered access to my network interface, would be a really good start.
But that's too obvious.
Re: Granular controls on the phone...
Have to say I'd like to see the ability to revoke rights per app added to Android, functionality only available to rooted devices at the moment.
Ne'er-do-wells can jolly well take a hike!
On PC's you have to contend with trojans and viruses.
As if that isn't enough, you also have to contend with malware on smartphones...
Hahahaha (that is all).
Popularity = big target. Plus the fact that Google don't seem too bothered about securing their OS doesn't help.
If Microsoft were as security aware as Google are and would have offered an API to sandbox every application+ made the permissions system transparent.. That would be a very different world!
"Plus the fact that Google don't seem too bothered about securing their OS doesn't help."
The only way to secure the OS against users installing dodgy software is to prevent users installing software from dodgy places. i.e. the iOS model.
Since I'm not a pirate or an idiot*, I'd prefer they keep it as it is so I can use it as I please.
* Nearly all of this malware is installed after the user has been warned twice about their free commerical game from dodgyandroidmarket.com wants SMS permissions - they are idiots however you look at it.
Microsoft? on Windows? desktop is a whole different ball game.
Everyone is so defensive about desktop applications and OSes that you simply can't impose modern thinking on established operating systems. No more than you can change a mainframe into a desktop computer.
You've only got to eliminate the filesystem (well, the filesystem explorer) from an OS and everyone goes crazy wanting it back.
Seeing as Windows Mobile has zero malware, how would Microsoft doing anything more make a different world?
"as security aware as Google are" - ah, it's a joke, right?
Kiddies play in the walled garden.
Adults play outside and as such need to be adults and responsible for their safety.
And those old enough to move out but still living with mom and trolling the register from their bedrooms?
Okay, here's a suggestion for you. Next time you leave your house leave all the door and windows open. I'm sure you don't need such protection being an adult.
they just buy the semi defunct app and later malware it!
There are 100's thousands of worthless apps they can buy the rights for, on both IOS and Android.
Which will be is more lucrative is very uncertain but OS/X stuff, by many accounts pays big dividends from very stupid people who think it just works.
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...