63 posts • joined 27 Oct 2011
It looks like Loonib to me! Maybe she said no though
"Could be, but I'd have expected them to be crowing about it as soon as Google pushed the update, especially once it had been pushed to Nexus devices. As it is, at least 3 months after release to ASOP, I'm not convinced."
From the article.
"We appreciate Bluebox responsibly reporting this vulnerability to us; third party research is one of the ways Android is made stronger for users," a Google spokesman told El Reg in an emailed statement.
And the reason they waited 3 months is probably to give OEMs a chance to push the update too.
The fact it required no permissions should have been enough to alert a potential buyer it was a scam. Also doesn't the play store give you 15 minutes to use the app and cancel it if you don't want it after that time?
"The two developer devices offered for sale included the Keon, an entry-level model with a low-resolution screen; and the Peak, a version with more generous hardware specs. "
Wow! They sold two devices. Samsung must be shaking in their boots.
Re: its a reboot issue for me
Which phone and version of Android are you using?
When I had this problem on my S3 it was with every other application apart from Chrome. It looked like Chrome worked around the problem using their own clipboard buffer because Chrome would quite happily cut and paste while every application would crash or just not paste store anything in the clipboard.
Re: I would have thought
Spot on. Particularly when it's for an app to deliver her music, which makes her more money!
That reminds me. I must check my Kickstarter project to buy me a helicopter so I can get to work on time.
Re: After the update ...
"Doubly ironic, as the reason you can't read the comments on this article is the comments you posted earlier have broken the thread so the app can't read it. D'oh."
It will be the signed byte you use to store the number of comments ;-)
Re: Installed ...
Ditto Galaxy S3 Android 4.1.2
This is about iTunes song downloads so you're playing it wrong.
If farting is music to you though can I interest you in my latest album? It includes some classic songs
Wind Beneath My Wings
Re: Block smut & violence
So there's stuff on the internet that's not smut or violent? Well you learn something new everyday.
Pot meet Kettle, Kettle meet Pot.
Is he hoping to get a free cup of coffee from his local barista in return?
Re: Did you read the blog post, Mr Register?
"Granting permissions implies that the person using the app is experienced enough to know what all of that means."
If they're not, they're probably not experienced enough to to enable the installation of 3rd party applications that's also required.
I agree with your point about denying permissions by default though.
Did you read the blog post, Mr Register?
From the article..
"SpamSoldier infects smartphones and spews out thousands of SMS messages without the user's permission."
From the blog http://blog.cloudmark.com/2012/12/16/android-trojan-used-to-create-simple-sms-spam-botnet/
"Then you have to grant permission to the app to do all sorts of things that no Angry Bird should ever need to do, like surfing the web and sending SMS messages"
Re: Can it, for example, turn on a camera
If you're wanking to Babestation you've got bigger problems than a security hole in your Smart TV
I'm going to point out the obvious and say that there a hell of a lot of red-neck bible-bashers in the USA that ARE sickening as well.
Re: Not to state the obvious...
It might be just me being pedantic but 1/8" = 3.175mm and according to the Apple web the iPhone does have a 3.5mm jack.
Re: Not to state the obvious...
Isn't it a 3.5mm jack on the iPhone not a 2.5mm jack?
They've already put the ruling up on their web site
It's still got 55% of the market two years after launch. If that's a fail what do you count as a success?
Re: I shudder to think how much abuse Apple would have taken if they had done this
Speaking of copy and paste..
Never mind this. There's an app on my wife's iPad pretending to be a map application
"SGIII owners, laugh, hardly and loudly at iPhone 5 buyers"
"Laugh, hardly"? What, you get an errection thinking about iPhone 5 buyers?
From the Symantec article
"To send a spoofed SMS message there is no need to send a text message over the air. In fact, a message is never sent or received, instead, the system service in charge of receiving text messages is tricked into thinking a message has arrived—and it will happily store the text message and notify the user of the event. One can specify any arbitrary "from address" for the SMSishing attack and no special permissions are required to insert a spoofed message."
Based on the number of actual SMS messages that I receive with SMSishing attacks in though, it's nothing new.
That reminds me I must find out what's happening about my PPI claim. Funny thing is I don't remember taking it out...
It can't be this Register it say's it's "highly respected"
That's fair enough. The only non Apple tablet mentioned on the Apple UK site is a Samsung Tablet which sounds rubbish based on a UK judges description
They might also want to point out what the Judge said about the Samsung tablets.
""From the front they belong to the family which includes the Apple design; but the Samsung products are very thin, almost insubstantial members of that family with unusual details on the back."
You do seem a little bit obsessed with Apple. The lady doth protest too much, methinks.
Re: I'm so surprized...
Fandroid's never read the article. They just keep spouting (copying) the same rubbish.
I've not heard about Apple deleting emails. Where did you hear that?
Re: "sources who have proven accurate in the past"
I'm sure El Reg. would quote you. They've quoted everyone else
...or if Sony want to make a similar phone they can lay their hands on some CAD designs!
Re: ahhh man
and uncool = NOT cool, so...
"Now NOT being cool IS the NEW cool!"
So what's happened to the OLD cool? Are they now NOT cool? And if they're NOT cool does that make them the NEW NOT cool which means they're the NEW NEW cool?
"Though I still won't want one! Don't want people thinking I'm a complete twat"
It's a bit late for that
Re: Got to love it
It rebooted due to an app falling over? That's pretty worrying. An application falling over shouldn't cause a reboot. On Android each Dalvik application runs in it's own process with it's own instance of the Dalvik VM and even a native app shouldn't bring down the machine.
"In my house, we have 1 MacBook Pro, 1 PowerBook, 3 iMacs (of various generations and shapes), 1 iBook, 3 iPod Touches, 2 iPod videos, 1 Apple TV, 4 iPhones, and a G4 Tower
I'm probably missing something."
A life perhaps?
i think you'll find
...that S60 is a software stack running on top Symbian, of which S^3 is the latest iteration and S40 is Nokia's mid teir os and has nothing to do with Symbian.
Why are you holding the iPhone wrong? Don't you know it won't work if you do that.
It looks like it's been removed then. I downloaded it this afternoon.
Replying to my own post it seems from the article on Sophos that the applications requested permission to send SMS, so nothing wrong with the Android permission system.
" I'd be wary of the lawyers if I were to call them malicious."
Well my dictionary defines malicious as " motivated by wrongful,vicious,or mischievous purposes" and since they were copying over peoples work I'd call that malicious.
There's something wrong here
...either with the article or Android.
If the applications only asked for permission to “edit SMS or MMS, read SMS or MMS, receive SMS” how was it able to send sms? That requires the "SEND SMS" permission.
"And why fandroids are the new fanbois. Smug, arrogant and humourless? Check!"
No he's that because he's a bigot not because he's a fandroid.
Surely any self respecting Register reader who wants one has already got one, haven't they?
Maybe Apple should try to get it banned as an environmental hazard
Yes, some of this is exploited using Intents that apps have exposed and it is a powerful mechanism but as the paper says it's not tightly controlled on some of the applications. If an application is exposing a function that requires permission, the application (or ideally Android itself) should check that the requester has sufficient authority. It's the equivalent of locking your front door but leaving your windows open.
And your statement that "If anyone is that concerned it is fairly trivial to decompile applications to see what they are up to" is quite frankly ridiculous. Are you seriously suggesting that the average Android user would be able to decompile and understand what an application is doing?
Actually it appears to be that there are applications installed on these phones that expose an unprotected public interface for doing things that are usually protected by the permissions system. For instance rather than getting permission to make a call, a malicious application could just broadcast a particular message (for which it doesn't need permission) and the rogue application picks up the message and makes the call.
The Nexus rogue application doesn't actually sound too serious. Apparently a malicious app can uninstall the com.svox.langpick.installer application! Which sounds like it stops you installing voices for the speech synthesiser.
Quote of the Week
"You filmed it for us and showed us the placenta and now you want some privacy?"
1 - It depends where the app is storing it's data. I believe the memory usage in the settings screen shown just indicates memory used by the application in it's "authorised" storage area. It could look to see if an SD card is available and store it there in which case it wouldn't show up on that screen.
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO