back to article Your phone may not be spying on you now - but it soon will be

Tibetan political campaigners targeted by mysterious smartphone-spying software. Eastern European governments' mobiles allegedly snooped on by state-sponsored hackers. Malware feared injected into gadgets during customs inspections. You've seen these headlines. And according to Kaspersky Lab’s senior malware analyst Denis …

COMMENTS

This topic is closed for new posts.
  1. Pen-y-gors

    A good starting point for activists

    a) Don't use a smartphone

    b) If you need a smartphone, keep it plain vanilla and never downlaod any extra apps

    c) Google to update the whole Andoid setup so that it's possible to refuse apps permissions on a permission-by-permission basis rather than all or nothing as at present. At the moment I'm sure people get bored with the long, long list and just hit OK anyway.

    1. BillG
      Facepalm

      Re: A good starting point for activists

      Two words: Screen Lock.

    2. t.est

      Re: A good starting point for activists

      Or well get that iphone :p

  2. Schultz
    Joke

    Mass profiling

    is great tool (ask your policeman or politician). We should just lock away the .1% most suspicious citizens every year to protect the children | curb terrorism | make this world a better place.

    1. JonP
      Joke

      Re: Mass profiling

      Yes but who would run the country then?!

    2. Malmesbury
      Terminator

      Re: Mass profiling

      But a "Man in a suit" will show up to save you from crime. If you live in New York.

  3. John Smith 19 Gold badge
    Joke

    Next seasons must have fashion accessory.

    Signal blocking wallet*

    A joke now.

    1. GBL Initialiser

      A joke where?

      http://www.thinkgeek.com/product/8cdd/

  4. Alister
    Coat

    Smash it with a hammer now, it's the only way to be sure.

    Dear El Reg, having followed your advice as above, I now find great difficulty in making calls on my smartphone.

    The touchscreen appears to be not as responsive as before, and the large cracks across it make viewing the screen difficult.

    In addition, the phone fails to ring on occasion when an incoming call is received.

    Please can you advise what I can do to improve matters.

    1. Justice
      Joke

      Re: Smash it with a hammer now, it's the only way to be sure.

      I missed the the first bit and only read 'it's the only way to be sure.'

      Regrettable, I nuked the entire site from orbit.

    2. Anonymous Coward
      Anonymous Coward

      ref. phone fails to ring on occasion when an incoming call is received.

      so how do you know a call has been received? Is the backlit still operational?

    3. Ru

      Re: Smash it with a hammer now, it's the only way to be sure.

      Please can you advise what I can do to improve matters

      Have you tried holding it differently?

  5. P. Lee

    MS opportunity, likely to be missed

    An always-on RT server sold as a disk + extra services (like WD media streamer)

    Turn off the snooping, turn on fine-grained controls.

    Use the RT or x86 server and a vpn rather an the cloud for service provision.

  6. Steve Davies 3 Silver badge
    Coat

    Perhaps....

    the walled Apple Orchard is not so bad after all?

    Note that MS has signed a deal with the Chinese (ZTE) that includes all their patents.

    http://news.cnet.com/8301-10805_3-57581081-75/microsoft-signs-patent-deal-with-chinese-phone-maker-zte/

    not that I have an iPhone, Android or WP7/8 device.

    Mines the one with the clockwork radio in the pocket.

  7. xyz Silver badge
    Devil

    Seriously.... this is new?

    Mobiles have always been ripped to shreds by FIS in governemnt. Take one to Russia and you have to bin it when you come back. The only difference is that before smart phones arrived en mass, you left the phone in a locker, didn't carry it about or used a throw away phone for the duration of the threat. Now, with smart phones everyone is up their own ass "to be in the loop" and want to carry the damn things everywhere, so security has been relaxed a bit.

    For Joe Public, well they are always going to be ****ed over downloading all sorts of "apps" and for the bad man writer this is like the late 1990s all over again!

  8. Anonymous Coward
    Anonymous Coward

    Thank Goodness...

    ... we have stallwarts like Kaspersky to protect us... :-/

  9. A J Stiles
    Holmes

    There's another way to be sure

    There's another way to be sure: make the next generation of secure smartphones physically incapable of running native code. There's simply no excuse for it, in this day and age; processors, and therefore interpreters, are fast enough nowadays. Every single processor could be made with a different and incompatible instruction set, if needs be.

    If everything on the phone has to be interpreted, then everything on the phone -- including malware -- also has to be human-readable. Then, if you're sufficiently bothered about security, you can pay some disinterested third party to audit apps on your behalf.

  10. Tony Paulazzo
    Gimp

    the walled Apple Orchard is not so bad after all?

    Why, because Apple won't bend over for governments / sales

    http://www.theregister.co.uk/2013/04/05/apple_china_itunes_app_removed/

    http://www.theregister.co.uk/2013/04/02/chinese_press_react_favorably_to_cook_apology/

    And once CISPA gets passed (aka the snoop law in the UK), both Apple and Google will have no choice in giving up everything the American government asks for (to avoid liability).

  11. This post has been deleted by its author

  12. Anonymous Coward
    Anonymous Coward

    User beware…

    Got a new android smart phone at the weekend, I noticed the app telling me what the weather was like with some nice graphics of clouds going past, ‘oh that’s cool’ was my first thought, second being ‘hold on, how does it know where I am?

    The next thing I noticed once I had set everything up was not only was my Gmail account open at the click of an app, without the need of logging in the same way you would on a computer, but when using it on the web for the first time all my historic search’s using Chrome on my laptop was automatically populated, including the website for my bank.

    Now me being me I would not use a phone to look at my bank account, and I have stopped this, and various other bits that the phone was trying to do for ‘ease of access’ like tell everyone on facebook where I was everytime I went on it, but I wonder if how many other people do the same? Nobody in the shop told me about setting a password for my phone, the most basic of security, so I doubt many people get told about anything else, All it takes is for someone to lose their phone, it be picked up and assuming they haven’t set a password all they need to do is go to the bank listed in the history, request a new password and use the constantly open email account to be able to be logged in.

    If manufactures insist on having us always online, where a pre-programed app sending GPS information to god knows who about my location, everything I have looked at on the internet on my home computer, and having my emails open for the world to see they need to tell people ‘this is what your phone will do, this is how to stop it if you want’, and not in the small print, this needs to be covered in the section after ‘how to turn on the phone’, not only that but the people in the shop need to go over this as well, I don’t care how many different colours it comes in if my bank account has just been emptied because nobody told me the phone is spying on me.

    1. NumptyScrub

      Re: User beware…

      quote: "The next thing I noticed once I had set everything up was not only was my Gmail account open at the click of an app, without the need of logging in the same way you would on a computer, but when using it on the web for the first time all my historic search’s using Chrome on my laptop was automatically populated, including the website for my bank."

      So, you're ok with Google having all of that information from your PC, but you don't like them letting you get to it from the phone? I'm assuming that you didn't create a new Google account specifically for the phone then?

      Strangely enough most of my friends consider the behaviour you are lambasting to be a good feature. Never underestimate what the average person will agree to in the name of convenience; they actively want one account across all the devices which has all the info available at the touch of a screen (or button).

      I'll leave it to you to work out what the manufacturers think of this consumer trend, and therefore how much effort they are spending to ensure they get all that tasty behavioural info themselves their devices "just work" with other devices and apps.

      1. Anonymous Coward
        Anonymous Coward

        @NumptyScrub - Re: User beware…

        There is a subtle difference here. None of the other applications on your PC knows your Gmail password while on your phone, applications can have it and they do use it. I've been burned by this on my Android tablet when I was forced to use my Google account to be allowed to download the free Mozilla Firefox from Google Appstore (shame on you Mozilla for not offering the app for the side-load). As soon as my password was in the credential store, when visiting YouTube Google has helpfully signed me in without my permission because they already had my credentials. Although I've been a Firefox fan for more than a decade, I promptly reset my shiny Asus TF to factory default losing Firefox but regaining some of my privacy. Even if I know this will make Google kill a kitten, my Android tables is completely anonymous. Also on my lovely Samsung Galaxy phone there is no Google account and GPS is always off, unless I really need it. No need to say no extra apps have been installed and several of the existent have been severely restricted. The heck, all I need is a phone that's all!

      2. Anonymous Coward
        Anonymous Coward

        Re: User beware…

        As previous reply said, I have no problem with my this on my laptop because

        a) My laptop is in my house, which is locked

        b) My Laptop is locked with a password

        c) On my laptop my email account is locked with a password

        d) I don’t carry my Laptop in my pocket everyday

        My phone on the other hand only has one of those listed above (can you guess?) therefore its not as secure generally.

        While I understand the want for ease off access, and people want to be able to get to emails quickly I could also point out it would be quicker to get in and out of my car if it didn’t have door locks and seatbelts…

  13. Anonymous Coward
    Devil

    Insert Android malware FUD ..

    Who does one sue if this malware results in loss of confidential data?

    What is the process whereby *.APK files get executed from email attachments?

  14. heyrick Silver badge

    Do you think activists are that stupid?

    ...to have a shiny phone with an address book packed with contact info of all their cohorts? What next, they'll all be signing into Latitude and sharing their location?

    The simple, obvious, answer is that if you feel the need to maintain a level of privacy while passing through borders that are dubious (and these days I'd consider entering America to be the same too) then there are some things to do:

    1. Buy a new phone. Some generic cheapo Android. If you're a fan of the big pomme, maybe look to eBay or classified adverts?

    2. Blank the phone, install a generic blank SD card. Transfer your SIM if necessary (though you'll probably get better deals buying a SIM in the country you're visiting).

    3. Install NOTHING.

    4. Extract the apk files for the apps you can't be without and hide them uncompressed (one by one, not zipped up 'cos you can't guarantee to be able to unzip stuff) on some web space someplace.

    5. After entering into the country, if you have any suspicions, use the option to reset your phone to factory defaults.

    6. Buy/install SIM, make sure the phone part works. Then find some WiFi access and start downloading and installing the apps you need. This might lead on to protected archives containing vCards for your contacts, documents, and such.

    Of course, Android is capable of that flexibility once the phone is unlocked from the carrier. Your mileage may vary with other types of phone...

  15. Will Godfrey Silver badge
    Meh

    zzzzzzZZZZZZ {ploink}

    Eh? Wassat?

    Oh, sky falling again.

    zzzzzzzzzZZZZZZZZZZZZZZZZZZ

  16. DerekCurrie
    Big Brother

    Android Malware and Number of Infected Devices

    "Please don't think your smartphone or tablet is safer than your PC"

    Unless you're using an iOS device, which suffers from zero malware.

    Keeping up with the Android malware count is difficult. But here is one recent report:

    http://www.nbcnews.com/technology/technolog/android-malware-more-doubled-worldwide-2012-6C9525347

    "The amount of malware aimed at infecting Android devices worldwide more than doubled last year, according to a new report from a mobile-security firm.

    "The sheer number of pieces of malware for the Android platform rose from less than 25,000 in 2011 to more than 65,000 in 2012.

    "The annual report, published by mobile security company NQ Mobile, also estimated that nearly 33 million devices were infected in 2012, up from just under 11 million the year before — an increase of more than 200 percent."

    1. Tony Paulazzo

      Re: Android Malware and Number of Infected Devices

      Unless you're using an iOS device, which suffers from zero malware.

      Almost, not quite the same as zero.

      http://dottech.org/99956/android-accounts-for-79-of-mobile-malware-and-ios-0-7-according-to-repot-by-f-secure/

      As of March 2013 (the only reason I bring this to attention is because people then expect to never be bitten with malware when using iOS devices).

      1. DerekCurrie
        Big Brother

        Re: Android Malware and Number of Infected Devices

        The only malware for iOS attacks user-hacked iPhones. If you stick to the 'walled garden', there is zero.

        But I should point out that Dr. Charlie Miller stuck a surveillance app past Apple's App Store process. Therefore, it's not impossible to foist malware to iPhone users. But when it happens, Apple simply yank the app and disable it on all iPhones.

        In general, it is a good ideal to keep malware in mind and to be a safe user, not a 'LUSER'. No operating system is perfect. Modern programming continues to be plagued with poor memory management, allowing buffer overflows and PWNing of systems. However, having your apps vetted for you before you install them is extremely useful, as indicated by the number of iOS malware vs Android malware.

        1. heyrick Silver badge

          Re: Android Malware and Number of Infected Devices

          Maybe the average Android user is a softer target than an iOS user? This doesn't mean that iOS is secure, just that it isn't being vigorously attacked (though a weak market model and crap permissions model don't help Android much).

          Remind me, how many vulns does iOS have? Try this: http://www.cultofandroid.com/26133/android-main-malware-target-but-ios-has-more-vulnerabilities/

          Just be glad the evil lulz crowd is gunning for Android, you Apple guys can live in peace . . . for now.

        2. N13L5

          Re: Android Malware and Number of Infected Devices

          With Apple, iOS is the malware, since they will pass on your data to any government that asks...

    2. Maharg
      Big Brother

      Re: Android Malware and Number of Infected Devices

      "Unless you're using an iOS device, which suffers from not very much malware, unless you jailbreak it, then your f***ed."

      I fixed it for you

This topic is closed for new posts.

Other stories you might like