back to article Beware of geeks bearing gifts: Evil game guides infect 2 million Androids

Ad-displaying malware in nearly 50 apps on the Google Play Store has infected nearly two million phones. And it's all thanks a combination of user stupidity, and the ad giant failing to spot and remove the software nasty lurking in its application souk. The rogue code – dubbed Falseguide because it is contained within game …

Maximum permissions

Surely a simple first step for Google would be to limit permissions based on application type. In this case available permissions ought to be minimal.

Taking it a step further, any developer requesting admin permissions could be vetted, as in theory happens when requesting a EV SSL certificate.

10
0

Re: Maximum permissions

That’s assuming they’re paying attention …

1
0

Pick a name, any name

I guess it is simply unthinkable that some non-Russian wanting to cover their tracks, would pick a Russian name...

But yeah, when I see the permissions of the apps that my kid wants to install, I get really worried... why does a camera app need to access your identity? The whole permissions think is seriously broken, users need much more guidance and Google needs to start chucking apps off the store. We complain about Fake News, but what about Fake Apps?...

3
0
Black Helicopters

Re: Pick a name, any name

"why does a camera app need to access your identity?"

So the NSA* know who took the picture, obviously.

(*Or the Putinistas, depending on your paranoia-orientation.)

1
0
Silver badge

Re: Pick a name, any name

It gets worse - I was beginning to rejoice seeing a recent-ish version of Android popping up individual permission requests for various rights (my older phone is "all or nothing" at install time), only to come to realize that absolutely all apps asking for any right whatsoever work... still "all or nothing", because denying ANY permission, even the least important one, results in all apps simply immediately quitting. There was nothing I could refuse them that would still see them continue, and I tried several different ones, iterating on the permission trying to refuse at least one - NOPE. So yeah, yay, progress*...

* I would REALLY like to know why the permission system isn't doing what the xposed framework already did years ago - namely, it never actually refused an app anything, it just faked everything I told it to deny. Fake position for location, fake empty address book - the works... Why can't we still have this officially?!?

1
0

But nobody at Google is interested in play store,that's boring.

Their busy touting the recent update to play store,but they still cannot do that properly,you still cannot search your past apps,they still appear to be thrown together at random,still no search by device,time,or name or type..

As an "alpha" tester,my original play store account now has 5-6 thousand apps in my apps,searching that lot is not fun..

Google have always paid lip service to security,nothing has changed..

4
0
Silver badge

So glad I did not ownload any game guides... Having said that, I will have to check on my daughter's tablet if she inadvertently downloaded something as she complains of adverts popping up.

0
0
Silver badge

"two million idiots have ignored this red flag waved"

Sorry, but much of this falls down on Googles non-existent validation.

As a walled garden, would it of been to much for Google to deny store access to say a torch app that wants your call history, read SMS's, access to photos and media?

Because of the utter lack of any enforcement, allow an app access to pretty much everything has become the norm for most people.

Hell Google ones are amongst the worst for it.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017