BadNews, fandroids: MILLIONS of Google Play downloads riddled with malware At least two million Google Play downloads gave Android users an unwanted freebie in the form of BadNews, a piece of malware which masqueraded as a legitimate advertising network. The malware was integrated into 32 different apps in the Google Store, according to mobile security specialist Lookout. Those apps have been …
Yes, they're very very sorry that this was "slipped" by their automated detection.
The best course of action would be for apps makers to rely on widely recognised advertising network, like... mmmh... Google AdWords?
Do no evil (but let others' evil "slip" if it's financially interesting)
What kind of OS would let a signed app change itself then happily execute it the next time round?
If the Play Store (amongst others) takes care of updating, the OS can safely assume that any changes to the app package are malicious because the app has been compromised. The OS should refuse to execute it.
but this sound like "legitimate" apps that use dodgy ad services. Does Google provide the ad company or does app company (provided the app publisher is not a front for the ad male-ware)? While it not all together surprising, it seems in the interest of getting some "dedicated" Android fans riled up, in actuality this a question of either Google's lack of proper checks, or Shitty Developers being Shitty. Not so much a platform security issue per say, more of a social engineering commonality.
I have looked at the 32 apps that have been removed,
20 are purely in Russian, so most of us won't see them. And the other 12 don't exactly butter my bread, with such classics as "star knife, find number, stupid birds, savage knife".
I would been keen to know if any apps that I see from my play store is malware ridden. Still, this is probably not a huge issue compared to numbers of downloads globally.
The latest facebook update has started saying it needs access for making calls, so pretty much anything can happen if you don't read exactly what you install.
And the logic of "say yes when installed and whatever happens after that is your fault" seems to be the way of Android.
...all through the legitimate Google market place. Very good. Sounds like the policing of what is peddled in the store is a bit lax, bordering on negligent.
I could accept this on some back-street site, but Google? Really? A tad disappointing. 'Do no evil' may be their mantra, but 'ignore evil' appears to be reality.
I have Apple and Android devices. I have more faith in the former, which is a pity, because the better hardware is often the latter.
Actually whats being said is that if you have an open store where anything goes then you're going to end up being shafted by someone who wants all your data. So we keep getting told how great android is and how like its free and open and thats soooo fantastic, till you get your data slurped and then well you know maybe theres a reason for some comapnies who think that owning the platform all the way isn't always a bad thing. It's your choice pal, you can go take your chances with the dodgy daves and get yourself a bargain or you can go to the highstreet and buy something thats genuine and pretty much zero risk.
That moneysavingexpert thead you linked above Stu happens to be from my missus, heh.
Bearing in mind the obvious "don't let your toddler play with phones" mantra - blame her, not me! - I started a more technical thread over on Macrumors (http://forums.macrumors.com/showthread.php?t=1573698) as we've found a popular flash card app for toddlers has rolled out an update that includes a cartoon picture that automatically dials premium rate lines. We've caught it quickly and only sacrificed £40, and have got Apple on the case. I emailed El Reg about it just last night.
Google is letting Android down with the state of Google Play. It is very hard to identify good applications unless you invest a lot of time investigating alternatives outside of google-play before you install anything. Very few consumers will bother. The signal to noise ratio among apps is appalling. App-rating doesn't work. Malware is flourishing. It isn't even possible to determine if an app is available in the language configured in the OS prior to installation. As a developer I would be ashamed to be responsible for such a mess.
This post has been deleted by its author
I think the article purposely ignored a few major points:
1) I didn't see any mention that the apps effected were almost all Russian - how many people reading this English article will have come across them?
2) 32 effected apps.... How many on the Google Play store now? I think that percentage is pretty low.
3) Similarly - 2m downloads... But how many downloads are done DAILY on Google Play? I suspect it's a pretty big number there these days too.
It's still an article-worthy topic, but making out like it's a big deal and a threat to all Android users is just silly.
Recently a friend of a friend was telling me about a "scales" app for Android. Now, I know for a fact that there isn't a weight sensor behind the glass of most smartphones, so this has got to be bogus. (And it is: whatever you place on the phone, it shows the same weight which you entered during calibration). I didn't keep it installed for long after downloading it.
I checked out another one, and the permissions it was requesting scared the backside off me.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
