Play Store malware roots phones, installs an app every two minutes Google scans billions of "potentially harmful apps" on the Play store, but a malware app has slipped through, and is automatically rooting phones it infects. The since-scuppered malware masqueraded as a spirit level application dubbed LevelDropper. When installed it would root Android devices and install additional …
Please tell us device, OS and patch level.
Without this info, it's impossible to separate this from the usual raft of Android FUD that security vendors constantly spew.
Never even seen or heard of a single compromised Android device, despite them now being more common than windows PCs... weird that.....
>> Never even seen or heard of a single compromised Android device, despite them now being more common than windows PCs
I have found a few instances of malware / bad applications just on my friends mobiles . This stuff generally hides well, and most users have no idea what might be causing slowness / app installs / pop up adverts / search redirects, etc. etc.
Using Java on Linux has a security model similar to trying hold water in a colander with a sieve... I laugh that you have to install Knox and similar things just to try and add some sort of security to Android. A proper solution would have been intrinsically secure without these bolt-ons. If you care about security, Android isn't for you imo.
"Using Java on Linux has a security model similar to trying hold water in a colander with a sieve... I laugh that you have to install Knox and similar things just to try and add some sort of security to Android. A proper solution would have been intrinsically secure without these bolt-ons. If you care about security, Android isn't for you imo."
First, Android isn't Java, it's a completely independent build (for the most part) using the Java APi specification. See ART (Android Runtime) and Dalvik. It is no more relatable to desktop Java security issues than the .NET common language runtime is.
Secondly, Knox is a physical hardware security layer that is recommended for any real degree of security beyond what software can provide. Apple do the same on iOS devices and it is this hardware layer that gave the FBI so much trouble, not the software.
All software contains bugs and exploits and these hardware layers are another layer of protection from these software exploits.
"First, Android isn't Java, it's a completely independent build (for the most part) using the Java APi specification"
So Java then. Just not Oracle Java.
"It is no more relatable to desktop Java security issues"
Who said anything about the desktop? It's very insecure without needed to be related.
"Secondly, Knox is a physical hardware security layer "
Erm, no. Knox is most definitely software. It might USE features like the TrustZone architecture of ARM, but it's still software.
"Apple do the same on iOS devices and it is this hardware layer "
No, again - IOS security is SOFTWARE based around a secure boot chain. There is no "special" hardware to do this - just a boot ROM / key store that checks for signed code in the boot loader.
"So Java then. Just not Oracle Java."
No, the Java API, the method and class names, the code behind them that makes them work is as I said, completely independent, meaning any security issues and bugs are also completely independent.
"Who said anything about the desktop? It's very insecure without needed to be related."
You, when you said Java, i.e. the Java JVM which runs on desktops. This *is* Oracle Java yes. Not Android via Dalvik or ART.
"Erm, no. Knox is most definitely software. It might USE features like the TrustZone architecture of ARM, but it's still software."
Yes, as I said, it uses the hardware security layer (TrustZone), if you add a hardware layer but don't modify the software, how would you use the hardware layer? That software is called... Knox. Didn't you just make my point?
"No, again - IOS security is SOFTWARE based around a secure boot chain. "
You say "No, again" while again making my point. The Secure Boot Chain and Secure Enclave are hardware layers.
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
"No, the Java API"
So still Java then.
"the code behind them that makes them work is as I said, completely independent, meaning any security issues and bugs are also completely independent."
So a Java version with it's own set of bugs and holes.
"You, when you said Java, i.e. the Java JVM which runs on desktops"
I never said anything about which version of Java, but I was obviously referring to Google (Android) Java.
"Yes, as I said, it uses the hardware security layer"
Nope, you actually said "Knox is a physical hardware security." and that's plainly incorrect by your own admission.
"The Secure Boot Chain and Secure Enclave are hardware layers."
No - the Secure Boot chain is software both as firmware code and as part of the OS. Read the section from your own link entitled "secure boot chain" that makes this clear.
Hardware level protection = for instance processor trust zones, or processor No Execute memory page flags. Software level protection = for instance executing code that checks file signatures. Like Secure Boot....
"So still Java then."
No. Bored now. Go learn the difference between an API and code.
Here's a hint:
API: addTwoNumbers(int a, int b);
Oracle Java's implementation:
addTwoNumbers { return a + b + 1; }
Android's implementation:
addTwoNumbers { return a + b; }
API = the same method name/signature. Implementation = code behind it.Get it?
Didn't bother reading the rest of your post.
Some expert you are, you seem to think Android is Java on Linux. It's not. I wouldn't trust anything you claim to have found...
Android sandboxing is pretty secure, it's of course only 1 of many layers of defense you would need to get past. If your claim is correct, your your mates would have had to have gone very out of thier way to actually get any infection on Android.
https://i.kinja-img.com/gawker-media/image/upload/193dtvab4yyfmjpg.JPG
This is one of the worst and laziest column writers on the Internet. Don't expect too much from Pauli. He's more into trying to come up with 'snappy lines' to display his ignorance in computer security, than in providing actual information. He'd probably do better, if he had a good technical background to know what information he needs to provide, what information is important, and what it all means when put together. Sadly... no dice.
Google scans billions of "potentially harmful apps" -- does it means that there are billions of potentially harmful apps in the Play Store? How many billions? Or are there billions of apps and some of them may be harmful? Or are there some hundreds of thousands of apps and they're scanned regularly, therefore the scan process was executed billions of times?
Please explain your usage of "billions"
-- Carl Sagan
Latest version of Google Play services is definitely malware.
Users are notified of an update, trying to dismiss it brings up a box with dire warnings of much reduced functionality/security risks. Installing the update makes the battery life fall through the floor and you constantly get notifications that it needs updating. Factory reset and reinstall doesn' fix it, the only thing you can do is uninstall it, disable it and turn off notifications.
If you do that the Photos app misbehaves and half the contacts disappear.
This is on android 6.01
My contract is up in a few weeks, I'm going to root it and put something other than android on it (I wonder if windows works)
Bob Rocket
You're almost certainly running some poorly written third-party crudware. You need to examine all you've loaded, find what's running all the time and delete or alter the permissions of that application so that it doesn't automatically put itself in the background at boot.
You could try to load Windoze mobile on to your phone - it's unlikely to work (factory-installed phones don't work properly with Windoze mobile) and the "speed" would be laughable compared to Android.
Some of the alternative Android builds (like Cyanogen, for example) are truly fabulous. They make the phone behave as it should - fast and with great stability - and they make IOS and Windoze look like they're from 1995!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
