If it was Apple then people would be saying "how can this be possible", Because it is Android nobody bats an eyelid?
Android dev smacked with £50k fine over premium rate SMS scam
UK regulator PhonepayPlus has fined a Russian firm £50,000 after it was found guilty of peddling a deceptive Android application that signed unwitting victims up to a premium-rate text service. Connect Ltd, trading as SMSBill, reportedly promised access to Android games. After the app was installed, a text message was also …
-
-
-
-
Tuesday 4th September 2012 17:46 GMT Anonymous Coward
Re: @Ralph 5
"Android is designed to allow this very thing to happen. You can't complain about "closed" and how good "open" is and then turn around and and say it has nothing to do with the OS."
Yes, it is designed to allow applications to send SMSs, it's very useful to certain applications. The chumps who installed it clearly got told that this application is asking for permission to "use services that cost you money" and they agreed to it. As Ralph said, this is a user, not an OS issue.
-
Tuesday 4th September 2012 18:00 GMT Dr. Mouse
Re: @Ralph 5
"Android is designed to allow this very thing to happen."
As has been stated, yes it is. But this is not an OS error, but a scam and a user error.
Every time an app is installed, you are told what "permissions" it is requesting. The fact that users don't bother to read these is their problem, not a problem with the OS. It is like someone running Windows blindly clicking yes in answer to a dialogue box asking for Admin rights, similarly in Linux/Unix GUIs.
In a well designed OS, it is the resonibility of the user and the administrator* to make descisions relating to the security of the system. "The price of freedom is eternal vigilance". I'd rather have my freedom than the restrictions of Apple.
*In terms of mobe's, the user and admin are normally one and the same, although most users don't realise. In Apple's case, they have decided users can't be trusted, so they become the administrator.
-
-
-
Tuesday 4th September 2012 16:54 GMT Anonymous Coward
EPIC FAIL - Sophos are clearly idiots....
The idiot in the video on the Sophos website had already unticked the "Unknown sources", and then obviously failed to understand the following warning it presented him.
“Your phone and personal data are more vulnerable to attack by applications from unknown sources. You agree that you are solely responsible for any damage to your phone or loss of data that may result from using these applications.”
What a tool.
-
-
Tuesday 4th September 2012 21:40 GMT Anonymous Coward
Re: HOW MANY OF THESE
Errm you do know this wasn't downloaded from the Google play store right? Did you even look at the video on the Sophos site?
They are downloading random APK files from the internet, which unsurprisingly ISN'T vetted...
If you didn't OK the scary malware warning, then you woudln't be able to do that. The only people really at risk, are those shopping (or pirating) from non-Google sources (including Amazon).
-
Wednesday 5th September 2012 08:22 GMT Psyx
Re: HOW MANY OF THESE
People find out when they get their phone bill... which some people are statistically going to do within a day. PAYG customers will immediately be flagged.
In short: It will be uncovered pretty much straight away.
It's like someone catching a disease which turns them bright blue. Kinda hard not to notice.
-
-
-
-
-
-
Tuesday 4th September 2012 18:32 GMT Alan Dougherty
Re: How to put 'thumbs' icons after message
1) Then you should use noscript.
2) You have to be logged in, to up, or down vote a post. (I'm still assuming that you are talking about the green red vote buttons under a post?)
3) Other than that i have no idea. (i.e. can't be arsed, it's beer o'clock).
-
-
-
-
Tuesday 4th September 2012 18:02 GMT Ilgaz
Too many permissions
Things are really absurd in Android software scene lately. Even a freaking "go theme" requests "full network access" (aka server) without any stated reason (crash reports?) & gets hundreds of thousands users.
I am not saying they do evil things, most theme designers are artists, they can't even code basic. Thing is, something will happen one day and a lot of users (even including me) will learn their lesson in a bitter way.
-
Wednesday 5th September 2012 08:08 GMT TeeCee
Re: Too many permissions
This a guess based on my own findings, but.
Quite a few of the apps I have fire up associated tasks for the Google/Admob advertising and billing crud (which requires net access) when invoked even though they do not display advertising or have any chargeable functions.
I suspect that either there's a standard framework for building Android apps from Google that bundles this shit into the build by default and that many devs just haven't noticed and turned it off, or that there are some usage analytics functions squirrelled away in there that the devs get a kickback for including.
Rather annoyingly, in most cases the memory and processor footprint of the GooCrap (tm) (beta) is rather larger than that of the app itself.....
-
-
-
Tuesday 4th September 2012 20:07 GMT Alan Dougherty
Re: If this is a Ltd company
Limited companies can stop trading, and managers and owners will not be personally responsible for debt incurred by the company.. however..
The directors may be declared bankrupt, and unable to hold a directorship in the UK for 12 months..
Also, most banks and big creditors, will insist that any capital given is secured personally by the directors, regardless of a limited status of the company.. starting your own business and getting limited status, does not mean you are absolved of loan debt, that the lenders require personal guarantee on..
I'm not 100% on all the details, but being a self trader, and looking into going limited, my accountant advised it would be pointless for the size of my company, as any loans etc, would still need personal guarantees..
-
-
Wednesday 5th September 2012 00:33 GMT Alan Dougherty
Re: If this is a Ltd company
You may have a point there, as my business needs enough capital to buy physical machines and vehicles.. so I'll always have that as an overhead.. but, then I'll always have physical items as capital as well.. not much value for the average bank (these days, despite paying those fuckers over the odds, for the equipment in the first place), for a small business, but, at least I can sell the lot as a going concern..
If anybody is thinking of starting a business.. one word of advice.. talk to the co-op first before you set up a business account...
And no, I don't have a co-op account yet (I'm not a shill).. I'm still trying to clear up the clusterfuck of the ulsterbank first.. it's not really fair to turn up on a new banks doorstep with a statement that makes most people go WTF?
-
-
-
Wednesday 5th September 2012 08:29 GMT Psyx
Re: If this is a Ltd company
"Then surely they can cease trading, and start another company up afresh?"
They'd have to get their Aunt or someone to register the company as they would not allowed to be for a period of time. I don't *think* that being a limited company of this scale protects the owners from fines levied by the courts due to deliberate criminal activity.
ie: I create a company that specialises in mugging. The premises are raided and closed. I am told my company has to pay a fine and pay damages of some kind. I can't legally say "none of my business" and start a new company doing the same thing: I am still responsible for those Torts and must still pay damages.
-
-
-
Wednesday 5th September 2012 01:01 GMT Mephistro
(@ Stuart)
"Not a problem restricted to Android but crappy consumer protection in general."
The telcos take a good slice of the money, too. That's the reason they aren't monitoring these 'premium services' more closely.
If there were some true consumer protection, most of these services would vanish, and the surviving ones would need a written contract before being able to charge anyone a premium rate.
And the 'written contract' should be an standardised contract with fixed clauses explaining how much the customer will be charged for exactly which services. And a copy of this contract form should be given to the telco every time the premium service provider changes a single coma in their standard contract, so the telco can't claim ignorance on the scammers ripping off the public.
Now, I reckon I won't see that level of consumer protection in my lifetime. If anything, we are going in the opposite direction. Sigh...
-
-
-
Wednesday 5th September 2012 12:09 GMT Alan Brown
Re: PhonePayPlus
Nope.
Ofcom is the regulator.
PhonePayPlus (Once known as ICSTIS) is a voluntary trade association of premium rate providers which has been delegated very limited powers by Ofcom and has zero enforcement powers.
They're not, nor have they ever been a "regulator", despite claims to the contrary (and if you push 'em, they'll say as much in writing. I have a letter from ICSTIS days saying exactly that.)
Connect could ignore them, not pay the fine and carry on (if their premium SMS provider don't disconnect them upon PPP request, which is about the only point of "power" PPP have) . At that point the only recourse would be to kick it up the food chain to Ofcom and OFT.
-
-
Wednesday 5th September 2012 10:41 GMT Jim Coleman
Ltd Companies
Actually, although a limited company is itself liable for its debts and the directors are not, as this was a breach of the law, the directors are liable personally for the fine, IIRC.
Fines, imprisonment and other remedies always apply to the directors, as long as they are personally held accountable. Only if the directors were shown to be ignorant of the crime their company committed would they get away with it, but even then I suspect some other employee would be held to account.
Basically a limited company is only a protective shield against legal debt - criminal punishments are always meted out to individuals. Regulatory fines are another issue as they are not dished out by the criminal courts - they would normally become corporate debt so could theoretically be dodged by dissolving the company.
So the question here then becomes whether this fine is criminal or regulatory. Sorry for rambling.