back to article Google pulls all Android apps linked to adware badness THAT MUST NOT BE NAMED

Google has pulled multiple Android apps that relied on a popular mobile app library that posed a severe security risk. The ad library, codenamed “Vulna” (or Ap Vulna") by FireEye, the net society firm that uncovered the threat, aggressively collects sensitive data as well as being able to perform dangerous operations such as …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Pull the kill switch

<schmidt>Android more secure</schmidt>

10
17
Anonymous Coward

Re: Pull the kill switch

<troll>I post smarmy comments to sound pithy, when I really just sound like an asshole</troll>

17
14
Anonymous Coward

Re: Pull the kill switch

Really? Do you even know what smarmy means? AC2 sounds like the troll, Schmidt did just say that Android was more secure. 160 million downloads seems to contradict that pretty emphatically....

7
7
Anonymous Coward

Re: Push the scissor switch

<meta-meta-troll>On the internet, no one can hear you type.</meta-meta-troll>

0
0
Anonymous Coward

Re: Pull the kill switch

Glad I ditched my Ad-droid phone for a Nokia running Windows Phone. It's a miles better end user experience....

2
18

Re: Pull the kill switch

And you won't find that problem on windows mobile since there are no 3rd parry apps ;-) [I'll await the flames - I'm joking...but somebody had to do it]

Childish tech jokes apart, there is an element of truth in it. Fewer apps mean fewer holes. But as the windows app store grows the same issues will haunt it. You've got insagram, whataapp and ...I forget the other one all arriving soon so its gaining some traction from bigger players so expect the holes to start appearing as others jump aboard.

And just in case you didn't pick it up from the articles this is a 3rd party library (not android os) so the same will inevitably happen on windows phone at some point.....

2
0
Anonymous Coward

Re: Pull the kill switch

Security is the Android Achilles Heel.

0
3
Anonymous Coward

Re: Pull the kill switch

Let us know when Apple fix this will ya...

http://venturebeat.com/2012/02/14/iphone-address-book/

0
0
Silver badge

Re: Pull the kill switch

>Security is the Android Achilles Heel.

It didn't have to be but Google rushed the platform to market and some unwise design decisions were made imho.

2
0
Silver badge
Stop

Re: Pull the kill switch

"But as the windows app store grows the same issues will haunt it." - not likely. Like iOS, Windows Phone apps have to go through a registration and clearing process before they go up on the store - the "walled garden" that so many are so quick to decry, but none-the-less does a pretty decent job of protecting the masses.

... as opposed to Android, where (at worst case) all I have to do is convince users to check a checkbox in the settings then download and install an app from my website that could be *anything*. Even when going through an official channel eg: Google Play, all I have to do is upload my app and hit publish.

I'm not saying that the walled garden approach is totally secure - there will always be some loopholes that those with enough time and determination will find a way to exploit. But it is many times more secure against opportist script-kiddies.

The tech-savvy may moan and wail about the "closed" nature of the walled garden until the cows come home - in some cases because they have a genuine need for full openness, others as just a knee-jerk reaction to anything that is closed/Microsoft/Apple/not Linux/[insert preference here]. But your average user - who knows next to nothing about keeping their device secure - is the target audience here, and Google would do well to remember this before they end up with as bad a reputation for phone security as Microsoft have/had on Windows PCs.

1
2
Silver badge

Re: Pull the kill switch

" ... Google would do well to remember this before they end up with as bad a reputation for phone security as Microsoft have/had on Windows PCs."

It didn't exactly stop Windows becoming somewhat successful, though, did it?

(OK, we're not quite comparing like with like - there hasn't been a reasonable option to Windows*, but there are options to using Android.)

*Sorry, FOSS advocates - if they were reasonable options in the minds of purchasers/users, then there would be more being used.

0
0
Anonymous Coward

Can't Google remove the apps from phones

I'm pretty sure Apple would do exactly that, whether the app users wanted it or not (and Amazon certainly isn't shy when it comes to quietly removing contents from Kindles).

5
3
Silver badge

Re: Can't Google remove the apps from phones

Quite - I was under the impression that this was well within Google's means (and seem to remember it being touted as an "advantage" of the Play store).

1
0
Silver badge

Re: Can't Google remove the apps from phones

It probably was until Amazon was stung with the "1984" scandal. Suddenly, people wondered: if the app stores can remove apps from my device, what's to say they could abuse it to, say, remove sideloaded apps?

0
0
Alert

Re: Can't Google remove the apps from phones

Quite. Back in 2010 IIRC (and as this link points out) : http://readwrite.com/2010/06/25/google_activates_android_kill_switch_zaps_useless_apps

I'd have thought they could remove the app from the phone, unless there are paid for app issues - but if you don't "return/uninstall" an app after 15 mins nowadays, you're money is gone anyway.

1
0
Bronze badge
Mushroom

Re: Can't Google remove the apps from phones

So that's why every time I access Goggle Play store from my Android my Bing desktop shortcut is removed. Another time Google set the app to Hidden.

1
2
Silver badge

Re: Can't Google remove the apps from phones

They can still add/remove stuff - system stuff too,

A few months ago, gmail was removed from my /system partition - I had to install the latest version as an app.

I thought I was going mad, but they helpfully left behind a little log file showing the activity.

0
0

Re: Can't Google remove the apps from phones

"It probably was until Amazon was stung with the "1984" scandal. Suddenly, people wondered: if the app stores can remove apps from my device, what's to say they could abuse it to, say, remove sideloaded apps?"

Like an image scraper that publishes my selfies from my photo albums to their portal?

0
0

ouch

"vulnaggressive" ????

I'm feeling vulnaggrieved....

5
0
FAIL

Was this written by a 14 year old?

Did anyone bother to proof-read this in between copying and pasting from the press release?

A few pointers:

- Sentences shouldn't start with 'But'

- You don't need a comma between the final element of a list and the 'and'

- 'It can also performs dangerous operations' makes no sense

- 'a skilled hackers' makes no sense

- I'm not sure what 'unsecured HTTP' means. I know what unencrypted HTTP is, though...

- There are various clunky and awkward phrases dotted around the place

I don't claim to be anywhere near perfect, but I can at least make myself understood. Can we have this article sorted, please?

16
11

Re: Was this written by a 14 year old?

In all fairness, you can start a sentence however you like, whether you like the style is up to you, but it's not unusual in less formal writing to start with "But", "However" or the like.

I'm quite partial to the Oxford comma too, it's certainly an established and accepted bit of punctuation.

My post probably fails to live up to so many of the rules we were taught as children too, but I rebut those rules thus: sod it.

26
2
Anonymous Coward

Re: Was this written by a 14 year old?

I have to disagree with your statement in general, although there are exceptions.

But, is a word that generally is used to cite an exception to the previous statement and as such should really only follow a comma.

2
4

Re: Was this written by a 14 year old?

I admit I may have been a little harsh, but the overall article was quite difficult to get through. I'm not asking for perfect formal English, but a level of readability consistent with the rest of this fine site would be appreciated.

3
1
Anonymous Coward

Re: Was this written by a 14 year old?

So's "however" and "on the other hand," yet these are considered improper to follow a comma. You need at least a semicolon for these if not a full period. I recall these aren't well-suited to precede an adverb (think "But lately..."). Also, one needs to consider the degree of connection between the previous and current statement, as a comma-conjunction or a semicolon imply a strong connection which you may not want if the connection is looser, but you still need to indicate that the following statement somewhat contradicts the former. What could you use besides "but" or "yet"?

0
0
Silver badge

Re: Was this written by a 14 year old?

Next you will us that one has to put the period in front of terminating parenthesis?

But no (or yes?)

0
0
Silver badge

Re: Was this written by a 14 year old?

But what about sentences like this?

4
1

Re: Was this written by a 14 year old?

" 'It can also performs dangerous operations' makes no sense"

From the Borat School of Jornalism. Obviolsy.

1
0
Bronze badge
Stop

Re: Was this written by a 14 year old?

@not_equal_to_null

"- You don't need a comma between the final element of a list and the 'and'"

Such a comma is permitted if your style manual allows for it. It's optional, in other words.

When introducing a list with a colon, it's usual to separate items in that list with line-final semi-colons (ignoring the line-initial character, or any capitalisation on the items, for the moment). Furthermore, the semi-colon after the penultimate item in the list is usually followed by " and"—and, of course, the list is terminated with punctuation of some kind, usually a full stop.

1
1
Thumb Up

Re: Was this written by a 14 year old?

If you re-read my post, you'll notice that I wasn't actually trolling (though I did leave myself well open to the light roasting).

It's just that I've seen more and more articles like this recently - I'm sure I'm not the first to pick El Reg up when they slip from their usually high quality, and I certainly won't be the last. The pedantry endemic to the commentarati is what makes this place, after all.

3
1
Silver badge

@All of you. Re: Was this written by a 14 year old?

I'm wondering about the viability (and advisability) of outsourcing the proofreading and correction of El Reg articles to the commentardiat. There would need to be some parameter tweaking by the official Reg staff and some heavy initial scoring, along with an algorithm for determining which commentards were given the tasks, etc. You know what would be needed ......

Grammatically correct responses would be appreciated.

0
0
Anonymous Coward

Re: @All of you. Was this written by a 14 year old?

For reasons I cannot identify, I was lead to read this post with an 'internal voice' of someone quite drunk. (I'm pretty much teetotal.) No offense to the author, of course, but ... interesting.

0
0
Anonymous Coward

Re: Was this written by a 14 year old?

Well said. I could care less that some don't like such sentences, so I'll be using them irregardless.

0
0
Silver badge
Headmaster

Re: Was this written by a 14 year old?

COULDN'T!

0
0
Bronze badge

...But, then again...

0
0
Silver badge

What software is it

I wonder why nobody says what it is.

1.8% is a lot of apps so I assume it's one of the more popular replacements for admob. But given the horrific set of permissions most adware libs demand, I'm surprised many app authors would ever use them. The potential for abuse (and the damage to the app's reputation) must be pretty high.

2
0
Bronze badge

Re: What software is it

Yeah, it's nice that they've contained any future damage, but could we please have a list of the affected apps! Just because updates have been made available, doesn't mean they've been installed and I, for one, don't like allowing auto-update. I'll update (or remove) the affected apps if I know what they are and if I have them.

1
0

Re: What software is it

We should be told to ensure we are not on the list of compromised people. I would prefer to change my passwords everywhere now if I knew I had been snooped than wait till they start using what they slurped.

Maybe someone should start cataloguing the Google App Store so we can see what has vanished.

0
0
Silver badge
Happy

Quick googletards!

Hijack this thread to bitch about punctuation before anyone notices how badly Google have fucked up!!!

11
8
Silver badge
Big Brother

Hmmm

I think that the developers of Vulna missed an opportunity.

They should have sold it to the NSA, it's just what that organisation is looking for.

Or wait, perhaps they did after Edward Snowden legged it.

1
1
Silver badge

Re: Hmmm

Maybe that's why FireEye are not naming the library or the developer, it is the NSA.

2
0
Silver badge

Re: Hmmm

NO SUCH APP!

0
0
Anonymous Coward

Surprise!

Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

People need to give themselves a shake and stop using MS products!

Sorry I'm late!

3
0
Silver badge
Paris Hilton

Re: Surprise!

Late? Try plain wrong...

Trouble is that everyone is bitching about Microsoft's lack of security in the past and just not realising that exactly the same thing is happening all over again with Google and Android.

Stop living in the past and focus on what has the potential to become a Windows-sized security problem on mobile!

0
3
Anonymous Coward

Re: Surprise!

> Stop living in the past and focus on what has the potential to become a Windows-sized

> security problem on mobile!

Potential? I think we're pretty much there - not least because Google have limited appetite not to let it happen. Given Google's business model with Android, so long as droids continue to be activated and linked to Google accounts, why *should* they care?

0
1
Bronze badge
Big Brother

Re: Surprise!

No surprise if the black-hatted ones move as double-plus-quickly as possible to ensure that each and every planted bad-thing stays where put for as long as possible. (Time is money, after all.) There being so many new, neat, and nifty things you can do with the data to be found on mobile, the problem is likely to end up being much, much bigger than security on Windows was.

1
1
Silver badge
Holmes

Re: Surprise!

Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

People need to give themselves a shake and stop using MS products!

I'm pretty sure I have seen this posting a few times in the past in Apple or Android or Linux threads.

An evil bizarro leprechaun version of Eadon?

3
0
Anonymous Coward

Re: 3 upvotes!

See! I said it would get funny if I did it enough!!!!

Running gag FTW!

0
1
Headmaster

Why am I not surprised ...

... that a library named "wound" does harm?

I can't help feeling that if I were distributing a library that contained malware I'd name it for something warm and comforting , rather than "wound". We can hardly claim not to have been warned!

[Latin: vulnerare: to wound or pierce with a weapon.]

0
1
Silver badge

Re: Why am I not surprised ...

I thought that's the keyword for the unnamed library.

1
0

I've only just realised that it is being referred to as "Vulna" yet I've been reading it as "Vulva" over the last couple of weeks.

0
0

Page:

This topic is closed for new posts.

Forums