back to article Maybe don't install that groovy pirated Android keyboard

A mobile software developer has turned an popular third party Android mobile keyboard called SwiftKey into a counterfeit package loaded with a trojan as a warning about the perils of using pirated or cracked apps from back-street app stores. Georgie Casey, who runs a popular Android app-development blog in Ireland, created a …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    So don't use third party Android stores!

    You are a mug if you do.

    1. LarsG
      Meh

      Android Heaven

      Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play," writes Rik Ferguson, director of security research and communications at Trend Micro.

      So there are many Android users living in blissful ignorance with a phone stuffed full of malware.

      Unless Google Play address the problem it will get progressively worse.

      It make Apples problems really insignificant in comparison.

      1. Anonymous Coward
        Anonymous Coward

        Re: Android Heaven

        Exactly right. It sure makes iOS and WP8 seem more trustworthy.

        You can see why installing a firewall and virus checker on Android seems to be necessary.

        1. Anonymous Coward
          Anonymous Coward

          Re: Android Heaven

          WP8 has zero security holes so far, and WP7 only a minor cert related one. IOS has had over 400 vulnerabilities now - not really on the same level...Windows Phone is highly secure.

          1. Crisp

            Re: WP8 has zero security holes so far

            To be fair, neither Apple nor Google have had a great deal of experience in having to keep their operating systems secure.

            I'm sure they'll get it right eventually though.

          2. Anonymous Coward
            Anonymous Coward

            Re: Android Heaven

            "WP8 has zero security holes so far, and WP7 only a minor cert related one. IOS has had over 400 vulnerabilities now - not really on the same level...Windows Phone is highly secure."

            You are an idiot. You use the term "so far" and then state "Windows Phone is highly secure" in the next sentence.

            Can't you see how stupid that is?

            1. Anonymous Coward
              Anonymous Coward

              Re: Android Heaven

              Considering 'so far' is over 2 years, it's not stupid at all.

              Market share also has nothing to do with it. For instance, Linux has a much lower market share than Windows but has far more vulnerabilities.

          3. Anonymous Coward
            Anonymous Coward

            Re: Android Heaven

            WP8 has zero security holes so far, and WP7 only a minor cert related one.

            And in comparison to its market share?

          4. Anonymous Coward
            FAIL

            Re: Android Heaven

            WP8 is secure for only two reasons.

            1/ Nobody uses it.

            2/ There are no apps for it.

            1. Anonymous Coward
              Anonymous Coward

              Re: Android Heaven

              "WP8 is secure for only two reasons.

              1/ Nobody uses it.

              2/ There are no apps for it."

              Kind of why Linux and Macs are secure. This time its the Windows machine that is safe.

              1. Pookietoo

                Re: Kind of why Linux and Macs are secure

                It's a good job that all those Linux servers and embedded devices, without which the interwebs wouldn't run, don't exist otherwise according to you they'd surely be incredibly vulnerable.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Kind of why Linux and Macs are secure

                  They ARE incredibly vulnerable: http://www.zone-h.org/news/id/4737

            2. Anonymous Coward
              Anonymous Coward

              Re: Android Heaven

              Windows Phone has about 160K apps now - faster than either Android or IOS got to that many...

          5. Anonymous Coward
            Anonymous Coward

            Re: Android Heaven

            Re-do that as a percentage. 0 out of 0 is not all that impressive?

          6. Avatar of They
            FAIL

            Re: Android Heaven

            Or more likely there is so few users out there in the wild.

            A No one has bothered trying to find the holes.

            B No one has used the few apps out there to see if there is any holes.

            Not sure which is applicable. Zero security flaws.... That is a FAIL waiting to happen.

        2. Anonymous Coward
          Anonymous Coward

          Re: Android Heaven

          Hey as long as that firewall and virus checker are not also trojans!

      2. DrXym

        Re: Android Heaven

        "Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play," writes Rik Ferguson, director of security research and communications at Trend Micro."

        Play probably only hosts these things for a short space of time what with Google's own virtualised testing and threat analysis, 3rd party AV efforts, and users able to report dodgy apps. And if a threat is found afterwards, Play also has a remote kill capability.

        Exposure is probably minimal anyway.

        1. jai

          Re: Android Heaven

          that's a lot of "probably" that you've used there

          you probably won't get hit by a car if you run across the motorway, but i'm not entirely happy with the idea of doing it myself

        2. Spearchucker Jones
          WTF?

          @DrXym - Re: Android Heaven

          "...Exposure is probably minimal anyway..."

          That's arguably the *best* security policy I've ever seen/read/heard about.

        3. JimTopbloke

          Re: Android Heaven

          The remote kill facility can remove the initial app, but what about anything installed by that first malicious infection?

          Anyone who's ever had to clean up a virus or even a program that installs third party 'crapware' knows the problems here..

      3. eulampios

        random numbers generator

        One should really ask him/herself how this "scanning" is done? What is the algorithm to label an app "malicious"? Errors of the 1st and 2nd order, what about them? No magic algorithm exists and the numbers should be taken with a a great amount of skepticism.

        Unless Google Play address the problem..

        It's been addressed in the Android API already. It's called permissions transparency. Take, ths swiftkey keyboard example. It wants your sms, Internet access, phone communications . (While, another keyboard app, eg., hacker's keyboard, needs nothing of those!) Unheard of! It just doesn't call itself "fishy". One needs no keylogger malware with this one. The real problem is that it is really popular.

        The only way I can see Google could improve on that is to put all potentially dangerous permissions, like reading identity, sms, Internet telecommunication, phone calls etc in flashing red font along with extra warnings and alarms when those are permissions are required.

      4. BillG
        WTF?

        Re: Android Heaven

        Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play,

        There are more than a few things suspicious about this story.

        Why is it I can't find a list of these malicious apps found by Trend Micro anywhere?

        Isn't Google Play supposed to remove these 68,740 apps as a violation of their TOS?

        Is this an accurate account, or is this really an attempt for Trend Micro to scare people into installing their Android security apps?

        Which BTW have sweeping permissions And after the 30-day trial Trend Micro Mobile Security costs you a whopping $29.99 (.£19.75).

        1. Anonymous Coward
          Stop

          Re: Android Heaven

          Wow, look at all the AC's in this thread, it's a bang'n! All out OS ~security~ comparisons, marketing share comparisons, one of them even snuck Win8 into it!

          Anyways, this kid has demonstrated that running code on a computer can do things. Don't get me wrong, I'm glad he wrote this application, we now have a name to associate to malware. If you get malware, e-mail this kid with your thoughts. Anyhow, maybe his next attention getter will be demonstrating how to wreck a car if it is moving.

        2. Anonymous Coward
          Thumb Up

          Re: Android Heaven

          "Which BTW have sweeping permissions And after the 30-day trial Trend Micro Mobile Security costs you a whopping $29.99 (.£19.75)."

          @BillG: Yep, seems like FUD. I have the same thought, and that thought trumps all those "statistics". Also, I don't think you can find a list because all other malware scanners are part of that list! If you think about it, wouldn't they have to be detected as such due to their nature?

        3. Anonymous Coward 15

          Re: Android Heaven

          Can I plug Avast! here, as you seem to get a lot of features for free.

    2. Anonymous Coward
      Anonymous Coward

      But Android gives you the freedom to do so. It was mooted as a selling point.

      1. Anonymous Coward
        Anonymous Coward

        #FAIL

        It was never " mooted as a selling point." I love how people just make shit up, the same applies to PS3 OtherOS, also something that was never promoted, suddenly has claims to be advertised as a feature (unless a single line mention in the handbook is now advertising...)

        The other point is, yes, it gives you the freedom to do so, but not without first giving you a scary Malware warning that tells you that you are opening yourself up to Malware, and keyloggers and all sorts of other nasty shit.

        So rather than these idiots trying to scare people into buying their virus "solution", the press should be highlighting those that encourage users to enable sideloading. Facebook and Amazon being the two biggest culprits.

        1. tom dial Silver badge
          Stop

          Re: #FAIL

          Can't say for sure about Android, but PS3 OtherOS capability was advertised, if perhaps not heavily promoted, for the original and, I believe, first revision units. At least one company, whose name I don't recall at the moment, offered a PS3 with preinstalled Yellow Dog Linux for about the same as the combined price of the PS3 and the Yellow Dog installation media. I bought a PS3 for the BD player, as Sony adoption of Blue Ray appeared to presage the death of HD-DVD, and for the OtherOS feature. I have not upgraded the Sony firmware since they removed it (and will not do so), and eliminated Sony from my hardware candidate lists, especially after their action against George Hotz.

    3. Avatar of They
      FAIL

      Hang on a bit.

      Given that Google play itself is filled with malware as well. I have downloaded at least three that my sophos home virus scanner & my android avast scanner have detected and killed. For the record they were the gangnum style type things (can't remember the app name)

      Google play store is just as bad and should be treated with utmost care.

    4. Anonymous Coward
      Anonymous Coward

      Thought being a mug was a pre-requisite? ;)

    5. JimTopbloke

      so you didn't read the article then?

    6. Dana W
      WTF?

      Seriously?

      If I'm stuck only using the official Google store, my reason for going to Android becomes moot. It starts looking like that "walled garden" of Apple's that is supposed to be restricting my freedom so badly.

      I thought the point of Android was freedom, and not being stuck with an involuntary walled garden. So now you are telling me to be safe I need a VOLUNTARY one? Make up your mind, walled gardens, bad or not? If you still can't leave a jail, does it matter if the door is locked or not?

      1. Anonymous Coward
        Anonymous Coward

        Re: Seriously?

        You're not stuck using the Google Play store, but you accept that there are risks if you don't. If you aren't prepared to accept the risks, then really you should be in the walled garden (not a criticism or an insult - promise).

        The trouble is this article suggests (and maybe right, I've not seen the quality of the original research) that while you may be taking fewer risks by sticking to the Google Play store you're still running a level of risk that you wouldn't be if you were using iOS or WinPho8.

        To be clear, I'm not advocating the Apple/MS walled garden route as some panacea - nothing is perfect - but for many non-techies it's safer and more appropriate. For the average savvy punter on here though, the ability to understand the risks and consequences and positively accept them is a good place to be accepting also not to beef when you pick up some key logging from an obscure apps depository that you really shouldn't have used.

        In the end the reason for going to Android is the same and doesn't change, but the way to approach the whole area of Apps and how/where you source them does change.

  2. We're all in it together

    Oh well

    Back to using pay phones and the BT charge card assuming either exist.

    1. AceRimmer
      Boffin

      Re: Oh well

      If I am going to get a virus I prefer it to be electronic

  3. jake Silver badge

    Sheeple are sheeple.

    Pseudo-programmers aren't needed to prove that fact.

    Another non-story from ElReg ... how about, instead, focusing on how marketards are fleecing idiots? And maybe giving the kids who might be capable of using social engineering the tools to keeps friends & family safe?

    1. Anonymous Coward
      Windows

      Re: Sheeple are sheeple.

      Valid point but i'll wager (myself included) those sheeple would rather the efforts be focused on stopping or helping to mitigate "attacks" like this....

      If you cant trust the (goole, MS, Apple BB etc) company to provide you with clean, tested and approved software then we are all screwed...

      1. jake Silver badge

        @cornz 1 (was: Re: Sheeple are sheeple.)

        "If you cant trust the (goole, MS, Apple BB etc) company to provide you with clean, tested and approved software then we are all screwed..."

        I don't use any of the above, because I don't trust any of the above. Marketing doesn't provide clean, tested software ... rather, they sell whatever sells. And the sheeple slurp it up.

        Sales doesn't equal "safe and secure". Never has, never will. Sheeple are sheeple.

        1. Chris 3

          Re: @cornz 1 (was: Sheeple are sheeple.)

          OK, I'll bite. What OS/firmware *is* your phone running?

          1. Anonymous Coward
            Anonymous Coward

            Re: @cornz 1 (was: Sheeple are sheeple.)

            *Grabs popcorn and waits for the neo-luddite to reply

            1. jake Silver badge

              @AC 08:33 (was: Re: @cornz 1 (was: Sheeple are sheeple.))

              I am a neo-luddite.

              But you can't come up with a reason why I might be wrong, can you.

          2. jake Silver badge

            @Chris 3 (was: Re: @cornz 1 (was: Sheeple are sheeple.))

            Which phone?

            The one at my elbow is an early 1950s Western Electric 500 rotary dial. The one in my shirt pocket is a Nokia 5185. My telephones are telephones, nothing more, nothing less. They make and receive telephone calls. That's it. I'm an old UNIX hacker ... one simple tool that does the required job, and I'm happy with it.

            1. Anonymous Coward
              Anonymous Coward

              Re: @Chris 3 (was: @cornz 1 (was: Sheeple are sheeple.))

              ...now get off my lawn.

          3. Anonymous Coward
            Anonymous Coward

            Re: @cornz 1 (was: Sheeple are sheeple.)

            He just doesn't want to admit to being a Blackberry owner :)

            What makes open source any more trustworthy? unless you validate the code and compile it yourself then it is no different to anything else, you're still trusting someone to be supplying you with a clean product.

            It's almost like trying to buy drugs and wondering what you are getting and if the supplier is legit.

          4. Anonymous Coward
            Windows

            Re: @cornz 1 (was: Sheeple are sheeple.)

            Bite?? Fuck all to bite here...

            Im on a lumia 920 with wp8.

            Its a phone!!!!! With a bloody good camera....

            1. Anonymous Coward
              Anonymous Coward

              Re: @cornz 1 (was: Sheeple are sheeple.)

              "Im on a lumia 920 with wp8."

              Me too.

    2. DrXym

      Re: Sheeple are sheeple.

      People who call others "sheeple" immediately lose whatever point they are trying to make.

      1. jake Silver badge

        @DrXym (was: Re: Sheeple are sheeple.)

        Except to actual people who are capable of thinking for themselves.

        1. Anonymous Coward
          Anonymous Coward

          Re: @DrXym (was: Sheeple are sheeple.) @jake

          "Except to actual people who are capable of thinking for themselves."

          Untrue.

        2. DrXym

          Re: @DrXym (was: Sheeple are sheeple.)

          @jake "Except to actual people who are capable of thinking for themselves."

          This is exactly why you lost. You're so absolutely sure of your point of view that you are not willing to entertain any other and dismiss people who do as "sheeple".

          1. jake Silver badge

            Re: @DrXym (was: Sheeple are sheeple.)

            No, DrXym. I haven't lost anything.

            I'm calling the vast majority of the unwashed masses "sheeple", because they follow the flock unthinkingly. They don't actually have a personal point of view, even if they are potentially capable of obtaining one. They follow the church, the political party, the ruling party, the computer company, etc., even in the face of reality that is obviously smacking their faith with cold, hard facts.

            They have lost. Sad, that. And I'm totally fucking serious when it comes to this opinion.

            If you think I've "lost" because of "thumbs" here on ElReg, you are deluded.

      2. Wize

        Re: Sheeple are sheeple.

        'People who call others "sheeple" immediately lose whatever point they are trying to make.'

        And they always make me think of http://xkcd.com/1013/

      3. Anonymous Coward
        Anonymous Coward

        Re: Sheeple are sheeple.

        Besides, the word "sheeple" is now banned because Ms. Richards will get upset.

        http://www.theregister.co.uk/2013/03/22/donglestorm/

    3. Anonymous Coward
      Trollface

      Re: Sheeple are sheeple.

      Jake, everyone is "sheeple" to someone else. You're not a surgeon, so you're "sheeple" to them. Also, if you are all about doing 1 thing and doing it well, why does it take 2+ posts to prove your point? :-)

      1. jake Silver badge

        @MyBackDoor (was: Re: Sheeple are sheeple.)

        I'm not a surgeon? No? ::eyeballs DVM cert. hanging on wall[1]:: OK. If you say so ...

        It takes more than one post to respond to more than one commentard. Kinda like trying to treat fatty tumors & thyroid issues in an old dog with a torn ACL and mange.

  4. WonkoTheSane
    Megaphone

    "Should custom Android keyboards even be allowed?"

    I find that with a rooted Xoom 1 running JB 4.2.2, a custom keyboard like (genuine) Swiftkey is NECESSARY!

    This is because the stock keyboard closes itself after EVERY keypress.

    1. Jim 48
      Alert

      WHOOOOOOSH!

      Hear that sound? That's the point of this article going right over your head.

    2. Robert Carnegie Silver badge

      Re: "Should custom Android keyboards even be allowed?"

      I want a version of Fitaly - kind'a. As it is, I use Fitaly on full-fat Windows touch devices, such as right now. For stylus or one-finger typing, it's a lot faster than the QWERTY layout, once you learn it. But about half the speed - for me - of typing on a good real keyboard. I assume that a tablet screenboard or skinnyboard is also less satisfactory than a real keyboard - and real keyboards presently very very quickly make my hands and wrists hurt like heck, so I need to use an alternative. Speech recognition is cute, but I'm a programmer so I have to write things like "SET @if_digest = N'IF ( ' + STR(@spdigest) + N' = 1 ) ' " which are, at best, tricky to say aloud.

    3. Simon Brady

      Re: "Should custom Android keyboards even be allowed?"

      Of course not, because why would any phone user ever need an input method for a language that doesn't come pre-installed by their provider? If English was good enough for Our Lord it should be good enough for us.

  5. Danny 14
    FAIL

    oh well

    tbh, so what? If someone wants to pirate a game, app or keyboard and they get reamed it is about the best lesson they can get in the pitfalls of downloading bootlegged cracked copies. I'm betting they wont do it again.

    1. Anonymous Coward
      Anonymous Coward

      Re: oh well

      Yes, if they are getting the pirated app from some dodgy website or a torrent, but they're downloading these from a Google app store!

      If you walked into PC World and purchased a counterfeit product you would be pissed off, but it seems (according to you) that doing so from a Google app store is okay?

      1. Anonymous Coward 15

        Re: oh well

        I can't walk into PC World, set up a stall and start selling my wares. Think of a car boot sale- is everything there genuine, working, PAT tested?

  6. Dan 55 Silver badge
    WTF?

    Pretty damn obvious what's going to happen

    Who installs a keyboard which asks for permission to access the Internet?

    1. Anonymous Coward
      Anonymous Coward

      Re: Pretty damn obvious what's going to happen

      The keyboard may be downloading additional dictionaries, grammar rules etc. It's not that unreasonable a request.

      1. Dan 55 Silver badge

        Re: Pretty damn obvious what's going to happen

        @AC 8:53: That sort of stuff already comes with the OS.

      2. grammarpolice
        Facepalm

        Re: Pretty damn obvious what's going to happen

        Because the grammar and vocabulary of a language changes on a daily basis...

    2. Anonymous Coward
      Anonymous Coward

      Re: Pretty damn obvious what's going to happen

      I suspect that the answer would be "most Android users"....

    3. Anonymous Coward
      Anonymous Coward

      Re: Pretty damn obvious what's going to happen

      Someone who wants to use the keyboard, but isn't given a more fine-grained option to deny certain permissions while proceeding with the rest, so just shrugs and allows everything.

      1. mickey mouse the fith

        Re: Pretty damn obvious what's going to happen

        "Someone who wants to use the keyboard, but isn't given a more fine-grained option to deny certain permissions while proceeding with the rest, so just shrugs and allows everything."

        Root and use lbe or pdroid combined with avast and adaway and all permission and snooping related issues are gone.

        I rather like the swype beta keyboard, but buried in the smallprint of the terms of service was the fact that it reserved the right to monitor what you were doing for `testing and performance improvement`. Using lbe, I nipped that right in the bud, blocked its internet access and about 10 other snoopy little permissions it grants itself. And pray tell, why would a keyboard need fine (gps) location to do its job of transporting my prose into a textbox?

        1. dave 76

          Re: Pretty damn obvious what's going to happen

          "Root and use lbe or pdroid combined with avast and adaway and all permission and snooping related issues are gone."

          Sure, the average person is going to know that they need to do that and also how to do it.

          I think it is fair to say that most people with a smartphone are not that technically orientated.

          so what's the best way to have fine permission control on your phone that doesn't require rooting it?

          1. mickey mouse the fith

            Re: Pretty damn obvious what's going to happen

            "Sure, the average person is going to know that they need to do that and also how to do it.

            I think it is fair to say that most people with a smartphone are not that technically orientated.

            so what's the best way to have fine permission control on your phone that doesn't require rooting it?"

            This is the problem, even looking at the permission list before installing isnt going to stop a non tech minded person installing that free ringtone maker. Most non-technical people i know with smartphones just install willy nilly, they dont even understand the concept of permissions, its just a screen of boring text to click through.

            The snarky answer is that these people should either take responsibility and educate themselves or suffer the consequences.

            Its the same with windows, i see so many machines with no av and with unpatched browsers laden with toolbars. The owners are stumped as to why their £600 machine goes so slow, they have no concept of malware, trojans etc, even after being told many times. To them its just an appliance.

            This isnt just about Android either, Apple are no better, they just hide the permission system in a `what you cant see cant hurt you` kind of way. Yes, Apples app store is more locked down and thus potentially `safer`, but Android is where the real inovation and off the wall concepts are happening due to the low barrier`s of entry and lack of restrictions development wise.

            I think the only solution is education, i love how open Android is and wouldnt want to see it go down the Apple closed ecosystem route because a load of numpty`s got pwned through their own lazy ignorance.

            Maybe some people just shouldnt own smartphones. As a huge believer in the advantages of technology in daily life, that thought really depresses me.

    4. joeW

      Re: Pretty damn obvious what's going to happen

      One of Swiftkey's USPs is that you can feed it the logins for your email/facebook/twitter accounts and it will do a scan of everything you've written in the last few years to build a personalized predictive text database for you.

      Not something I'd be comfortable allowing, but a couple of my less-paranoid mates swear by it.

  7. auburnman
    Unhappy

    Did this guy ask SwiftKey's permission to fiddle with their product? The last thing a decent company needs is a keylogger out there with their brand all over it.

  8. Anonymous Coward
    Holmes

    No Shit Sherlock

    Don't people learn anything from the Windows ecosystem. If it looks dodgy then it probably is.

  9. OMen
    Flame

    Why should Smartphone's OS differs from computer's OS ?

    But why do you think installing a software on a phone should be more secure than on any computer ??? Because MS, Apple or Google host them into a so-called Store ?!!! But this is not a guaranty of safety, only a guaranty for THEM to hold those apps and make business from them !

    A software is simply a pack of instructions that someone (that you trust ?!) created and that you accept to execute on your phone/computer when you install/execute it !

    People install every apps they get, they are kids in front of candies !, without wondering why some meaningless apps ask for so much permissions (GPS, contacts, accounts, running apps, change system settings (?!!!)), and so on...)... But that does not differs from all theses permissions that you have been giving for years to your computer's applications that you daily launch with administrator or root's permissions !!!

    Wake up !

  10. Anonymous Coward
    Anonymous Coward

    Oh FFS.....

    What kind of ----tard would rather pirate Swiftkey than pay the paltry three squidz purchase cost????

    1. Lallabalalla
      Trollface

      Re: Oh FFS..... What kind of ----tard

      any android owner. You know - a regular cheapskate who wants everything to be free like music, films, apps etc etc, and won't stump up for an iPhone, which unjailbroken is the only secure smartphone platform.

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh FFS.....

      "What kind of ----tard would rather pirate Swiftkey than pay the paltry three squidz purchase cost????"

      Presumably the same sort of ----tard that uses a free OS, rather than pay for one?

  11. Chika
    Headmaster

    Spotting an typo...

    "an popular third party Android mobile"

    That's the second time I've seen that grammatical error on this site today.

  12. dannymot

    that isn't an accurate reflection of google play

    Google play houses 800,000 apps.

    Google play housed 68,740 malicious apps.

    So 8.6% of apps could be malicious in some way.

    However it is incredibly easy to post apps on google play.

    Malicious apps don't necessarily stay up for long.

    Malicious apps rarely have a chance of getting noticed or found by a user as most apps have to develop a popularity to be easily found.

    You would often have to either try to search for them knowingly or make a mistake with a search to find one. They often have misspelled or similar names to popular apps so that they actually have a chance of showing up. Similar to sending your bank details to a link on a spam email from an address such as security@hsbc.org.uk

    Actually realistically accessing malicious apps from Google play is not a large scale issue. I don't trudge through 100,000 apps on Google play let alone trudge through the several hundred thousand required to get to the murky stuff at the bottom.

  13. sisk

    So basically....

    Using pirated software is risky because it could be loaded with malware.

    In other news, Sol will be visible in the sky today between dawn and dusk except where cloud cover obscures it.

  14. mmeier

    How could THAT happen - We have been told Android is secure!

    After all Android is Linux and Linux is secure! At least that is the FOSStard mantra. So how could it be that there is an evil greek in the wooden horse I just dragged through my gates?

    1. eulampios
      Linux

      it is not secure, it is way more secure than MS Windows though

      The original softkey keyboard app uses excessive permissions, which are presented to you when you install an app. It wants your network, sms and phone call capabilities. That is why it can be turned into a really bad app. It is already malicious or poorly written software. So judging from the permissions only, don't install it. Is there a way to know the permissions of your non-free windows/mac os x app prior to the install?

      Yet, a better option is a secure repository with a good package manager, like apt, yum or similar

      1. mmeier

        Re: it is not secure, it is way more secure than MS Windows though

        Sure I know their permissions. Same as the permissions of the user executing them. Just like it is on Unix

  15. xyz Silver badge
    Devil

    As I've been sayin' for years...

    Android is in reaility, just ActiveX 2.0. And look what happened there.

This topic is closed for new posts.

Other stories you might like