So don't use third party Android stores!
You are a mug if you do.
A mobile software developer has turned an popular third party Android mobile keyboard called SwiftKey into a counterfeit package loaded with a trojan as a warning about the perils of using pirated or cracked apps from back-street app stores. Georgie Casey, who runs a popular Android app-development blog in Ireland, created a …
Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play," writes Rik Ferguson, director of security research and communications at Trend Micro.
So there are many Android users living in blissful ignorance with a phone stuffed full of malware.
Unless Google Play address the problem it will get progressively worse.
It make Apples problems really insignificant in comparison.
"WP8 has zero security holes so far, and WP7 only a minor cert related one. IOS has had over 400 vulnerabilities now - not really on the same level...Windows Phone is highly secure."
You are an idiot. You use the term "so far" and then state "Windows Phone is highly secure" in the next sentence.
Can't you see how stupid that is?
"Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play," writes Rik Ferguson, director of security research and communications at Trend Micro."
Play probably only hosts these things for a short space of time what with Google's own virtualised testing and threat analysis, 3rd party AV efforts, and users able to report dodgy apps. And if a threat is found afterwards, Play also has a remote kill capability.
Exposure is probably minimal anyway.
One should really ask him/herself how this "scanning" is done? What is the algorithm to label an app "malicious"? Errors of the 1st and 2nd order, what about them? No magic algorithm exists and the numbers should be taken with a a great amount of skepticism.
Unless Google Play address the problem..
It's been addressed in the Android API already. It's called permissions transparency. Take, ths swiftkey keyboard example. It wants your sms, Internet access, phone communications . (While, another keyboard app, eg., hacker's keyboard, needs nothing of those!) Unheard of! It just doesn't call itself "fishy". One needs no keylogger malware with this one. The real problem is that it is really popular.
The only way I can see Google could improve on that is to put all potentially dangerous permissions, like reading identity, sms, Internet telecommunication, phone calls etc in flashing red font along with extra warnings and alarms when those are permissions are required.
Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play,
There are more than a few things suspicious about this story.
Why is it I can't find a list of these malicious apps found by Trend Micro anywhere?
Isn't Google Play supposed to remove these 68,740 apps as a violation of their TOS?
Is this an accurate account, or is this really an attempt for Trend Micro to scare people into installing their Android security apps?
Which BTW have sweeping permissions And after the 30-day trial Trend Micro Mobile Security costs you a whopping $29.99 (.£19.75).
Wow, look at all the AC's in this thread, it's a bang'n! All out OS ~security~ comparisons, marketing share comparisons, one of them even snuck Win8 into it!
Anyways, this kid has demonstrated that running code on a computer can do things. Don't get me wrong, I'm glad he wrote this application, we now have a name to associate to malware. If you get malware, e-mail this kid with your thoughts. Anyhow, maybe his next attention getter will be demonstrating how to wreck a car if it is moving.
"Which BTW have sweeping permissions And after the 30-day trial Trend Micro Mobile Security costs you a whopping $29.99 (.£19.75)."
@BillG: Yep, seems like FUD. I have the same thought, and that thought trumps all those "statistics". Also, I don't think you can find a list because all other malware scanners are part of that list! If you think about it, wouldn't they have to be detected as such due to their nature?
It was never " mooted as a selling point." I love how people just make shit up, the same applies to PS3 OtherOS, also something that was never promoted, suddenly has claims to be advertised as a feature (unless a single line mention in the handbook is now advertising...)
The other point is, yes, it gives you the freedom to do so, but not without first giving you a scary Malware warning that tells you that you are opening yourself up to Malware, and keyloggers and all sorts of other nasty shit.
So rather than these idiots trying to scare people into buying their virus "solution", the press should be highlighting those that encourage users to enable sideloading. Facebook and Amazon being the two biggest culprits.
Can't say for sure about Android, but PS3 OtherOS capability was advertised, if perhaps not heavily promoted, for the original and, I believe, first revision units. At least one company, whose name I don't recall at the moment, offered a PS3 with preinstalled Yellow Dog Linux for about the same as the combined price of the PS3 and the Yellow Dog installation media. I bought a PS3 for the BD player, as Sony adoption of Blue Ray appeared to presage the death of HD-DVD, and for the OtherOS feature. I have not upgraded the Sony firmware since they removed it (and will not do so), and eliminated Sony from my hardware candidate lists, especially after their action against George Hotz.
Given that Google play itself is filled with malware as well. I have downloaded at least three that my sophos home virus scanner & my android avast scanner have detected and killed. For the record they were the gangnum style type things (can't remember the app name)
Google play store is just as bad and should be treated with utmost care.
If I'm stuck only using the official Google store, my reason for going to Android becomes moot. It starts looking like that "walled garden" of Apple's that is supposed to be restricting my freedom so badly.
I thought the point of Android was freedom, and not being stuck with an involuntary walled garden. So now you are telling me to be safe I need a VOLUNTARY one? Make up your mind, walled gardens, bad or not? If you still can't leave a jail, does it matter if the door is locked or not?
You're not stuck using the Google Play store, but you accept that there are risks if you don't. If you aren't prepared to accept the risks, then really you should be in the walled garden (not a criticism or an insult - promise).
The trouble is this article suggests (and maybe right, I've not seen the quality of the original research) that while you may be taking fewer risks by sticking to the Google Play store you're still running a level of risk that you wouldn't be if you were using iOS or WinPho8.
To be clear, I'm not advocating the Apple/MS walled garden route as some panacea - nothing is perfect - but for many non-techies it's safer and more appropriate. For the average savvy punter on here though, the ability to understand the risks and consequences and positively accept them is a good place to be accepting also not to beef when you pick up some key logging from an obscure apps depository that you really shouldn't have used.
In the end the reason for going to Android is the same and doesn't change, but the way to approach the whole area of Apps and how/where you source them does change.
Valid point but i'll wager (myself included) those sheeple would rather the efforts be focused on stopping or helping to mitigate "attacks" like this....
If you cant trust the (goole, MS, Apple BB etc) company to provide you with clean, tested and approved software then we are all screwed...
"If you cant trust the (goole, MS, Apple BB etc) company to provide you with clean, tested and approved software then we are all screwed..."
I don't use any of the above, because I don't trust any of the above. Marketing doesn't provide clean, tested software ... rather, they sell whatever sells. And the sheeple slurp it up.
Sales doesn't equal "safe and secure". Never has, never will. Sheeple are sheeple.
Which phone?
The one at my elbow is an early 1950s Western Electric 500 rotary dial. The one in my shirt pocket is a Nokia 5185. My telephones are telephones, nothing more, nothing less. They make and receive telephone calls. That's it. I'm an old UNIX hacker ... one simple tool that does the required job, and I'm happy with it.
He just doesn't want to admit to being a Blackberry owner :)
What makes open source any more trustworthy? unless you validate the code and compile it yourself then it is no different to anything else, you're still trusting someone to be supplying you with a clean product.
It's almost like trying to buy drugs and wondering what you are getting and if the supplier is legit.