So, in summary:
Company with vested interest in bigging up the malware problem rubbishes claims of company with vested interest in minimising the malware problem.
And so the world turns...
Google's bold claims that Android doesn't have a malware problem and is more secure than Apple's iOS have singularly failed to convince security researchers. No less a figure than Eric Schmidt, Google's executive chairman, declared Android to be “more secure” than the iPhone, during the Gartner Symposium/ITxpo in Orlando, …
4.3 implements a permissions manager which allows you to toggle on or off certain permissions. But they've hidden it, presumably because it's not ready for widespread adoption.
My own view is that Android should assign every app to one of three default groups - built-in, store downloads and untrusted. Then run each permission used by the app through an engine, checking the group rules for permissibility. Perhaps it would prompt the user, allow or block the action depending on the response.
Rules don't have to be dumb either. Google might identify a breed of malware which was sending SMS messages in the middle of the night and so craft a rule which only triggers during a certain timeframe, or period of user inactivity.
Users should also be able to tweak the permissions further, outright denying actions which might not be malicious but which are annoying or intrusive.
But anyway, I suspect the vast bulk of malware on Android has nothing to do with store downloads but people downloading dodgy warez. There is only so much that can be done in a phone without limiting freedom to protect against the biggest security threat - stupid users.
Well in the article they say 46% is from the store, so nearly half aren't dodgy warez, and protecting against stupid users is exactly what Apple's draconian restriction are there for.
I'm left wondering, if an outside company can analyse the store for malware why aren't google doing the same?
Google's Play Store "apps" routinely request all sorts of permissions, which most of the users probably never look at.
For starters, see how many require full access to the users phone call information, despite having nothing whatever to do with contacts or calls.
What security is there when users are effectively being encouraged to leave the key under the Welcome mat.
Terry, you're right, but - if you want an app you usually have to compromise. I have a dashcam app on an old Android. I had to give it permissions to make calls (e.g. to the emergency services or a specified contact) so that its call-on-collision function can work, even though I keep this function switched off. But if I'd said 'no' I'd have to do without the app.
The primary defence is economic. The dashcam phone has no SIM, so it can't cost me money. My own phone is PAYG, so the highest cost I could incur is exhausting my call or text credit before the end of the month.
In terms of privacy, Google could tighten up some rules: for instance when an app asks for permission to use contacts, one should be able to deny that without forgoing access to the app, perhaps my having an OS level option to restrict the contacts available to that app to a specific group of those on the phone.
I think Google could reduce permission bloat by adding a weighting to the search results according to the number and type of permissions an app needs. So if some game asks for everything under the sun it will get buried. Less people would install the app and therefore the rate of infection is so much lower.
It wouldn't make much difference when showing results for calendaring / contact apps because they'd all use the same permissions so the weightings would cancel each other out.
The problem is that most "free" (actually adware) apps incorporate the permission needs of the ad libraries infecting them, which usually include full network access, location access and phone state etc. access - this is actually the fastest way to find out if an app intends to throw ads at you...
All or nothing.
Unconnected permissions bundled together - what has the application knowing if you're in a phone call or not got to do with getting the device ID?
The hidden privacy manager in 4.3 and Cyanogenmod's Privacy Guard are ways of closing the barn door after the horse has bolted. What sense does it make giving apps a permission at install time only to take it away at runtime?
Instead the system should pop up a dialog box the first time that a permission is used when the app is run. If a wallpaper app requires full contact list/full calendar/full account list/device ID then the least the system can do is pop up a honking huge dialog box the first time the permission is used when the app is run asking if the user is really sure. People might be willing to click 'next' at install time but having to do it 5-10 times at runtime might make them suspect that something's amiss. It also means that devs will have to get used to coding for a 'no' or empty set answer.
Devs also need to be encouraged to use as few permissions as possible so malware apps stand out. Apps should have a way of getting the system to prompt the user for a contact/calendar entry/etc... and letting the user choose an entry which is then returned to the app. This method should not require any special permission in the manifest - it's interactive, the rest of the data in the address book/calendar/etc... is protected by the system, only good apps are going to use it, bad ones are more likely to need a permission to non-interactively read all contacts/the calendar/etc...
All excellent points. Fact is that too many apps demand (you have no option, either accept or don't install) far too many permissions. Some of those permissions may be justified, but usually you are given absolutely no indication why they are needed, and what they used for. And that's supposing the user understands exactly what the permission involves, which is a massive assumption.
I want apps to state exactly, upfront, what permissions they need, why they need them and how they will be used. And I want Android to give me the option of disabling the permissions I don't want to grant. At that point I want the app to accept this gracefully, and explain what it won't be able to do as a consequence.
Only then can I make an informed decision about the app and what it should be doing on my device.
The reason Android app permissions are all-or-nothing is because the developers DEMANDED it of Google. IOW, it was the ONLY way Google could convince developers to migrate. Otherwise, they would've stuck with Apple (who was top dog at the time so they HAD to bite the bullet), and Android would've gone nowhere.
So Android needed apps, the devs basically demanded control or they wouldn't provide the apps. What else could Google have done?
"Devs also need to be encouraged to use as few permissions as possible so malware apps stand out."
....... is based on persuading people to give permissions that are as extensive as possible - they would have some difficult telling the Dev's "Don't do as we do, do what we tell you to do".
At the OS level.
You want to know where I am - Fine, I am always at the north pole, or halfway across the atlantic.
You want to know my contacts - Fine, this is my wife's number (see dashcam above) or "I know noone"
You want internet access - Just no - mabye WiFi only, maybe specific IP?
Frankly I'd really like to see an "ad server" on the device, so IT can go and get "relevant" ads for me, and then server them locally, so I don't need an internet connection to open daft games...
When I download an Android app I have no idea whether the permissions the app requests are in fact needed by the app. How would I know up-front, so how can I decide whether to grant them? And even as a long time developer on Linux/iOS/MS I have no clue what some of the available Android specific permissions actually mean anyway. If you are not tech savy (majority of population), for the most part you will not have a clue. So yes, its great that Android up-front asks for your permission, but that's only any use if you know what entire app is capable of and you understand the permissions. Ideally, I would like some independent trusted entity (ie not the developer) with something to lose to do all this checking for me.
This. All of this.
I was going to come on here and bemoan the dumbing-down culture that makes it an accepted view that dialogue boxes are just a big nuisance rather than a developer's way of saying "Hey, there are risks here and I'm trying to help you by making you aware of them" (oh well, guess I did that anyway)...
...But stepping down from the ivory tower for a moment, I will add balance and agree that, certainly in the case of Android permissions, more can be done to meet the user halfway. I've been around the block myself and most times I haven't a clue of the full meaning od the perms I'm granting, let alone why in many cases. That leaves me reliant on either the dev having already earned my trust (eg Mozilla) or not seeing any overly worrying reviews in the app store.
I certainly hope that Google get the message and bring more transparency and granularity to the process, but a little more comprehension from users wouldn't hurt either.
The permissions system certainly has a lot of problems, lack of granularity and lack of post install control being the biggest.
All security is about trust, Android has some poor options when developers are asking for permissions and bugger all control for users in permitting them. Devs can't always ask for just the trust they need and users can't choose exactly how much to give. Usually the users can't even guess what they should be accepting anyway. It surprises me I've been asking just a couple of times to justify the permissions in my app, after 100k+ downloads, despite requiring permission to dial out and the certainty they aren't reading the explanation on the Play page.
But those problems also make it very easy for anti malware sellers to exaggerate the stats. I have little confidence they went through 3.7m apps and correctly decided whether permissions were appropriate for all of them, even less confidence they resisted labelling trustworthy apps that *could be* abused as malicious.
That said, many of the ad platforms do appear to be potentially insecure and abusable outside app dev control, which would severely inflate the figures and more attention should be brought to that problem.
46% of malware is on the Play Store? I say Bullshit! I have never seen a single anti-virus company ever produce a list of apps that it considers are malware. Or even a a category of apps. They just look at permissions and if an app is asking for permission for the Contacts list or SMS, it's automatically malware. From time to time, I download these snake-oil software and in 5 years, they haven't found a single malware on my phone.
I do take care though. I never download software from any warez site. These days I turn off unknown sources, until I download from a reputable source like Mozilla, XDA or FDroid. And if the author on the Play Store is unknown, and the permissions look suspicious, I don't download the app unless the author gets back to me with the reasons for the permissions.
I don't think adding line by line permissions is going to work. It will just get irritating and people will simply turn it off en-mass like UAC.
as he sells snakeoil to prevent malware.
Back in the real world however, Google's multiple layers of defence still stand. and are totally valid.
(interesting to note Ferguson "forgot" to mention the last one, the Sandboxing of apps, as that's actually one of the most effective. No app can access any other apps private data. Shame iOS didn't do this, as app data leeching is actually very common on iOS).
The large number of malwares (1,000,000) and low infection rate (0.001%) are not contradictory, it just means the malware is unsuccessful. Also, Trend Micro has a broad definition -- they are including a few ad networks they feel collect too much information as "malware" to get up to the 1,000,000 count.
Anyway, ios is all locked to hell. I expect a phone where you cannot install your own software (only software through the Apple market) to be more secure than a phone where you can install whatever software you want from any source. Android actually does have pretty good security -- but, if you see an "game" that wants to send texts, make phone calls, and so on, and don't question why.... well, what can I say? It at least warns you of fishy behavior, really there's nothing else for the phone to do given it is a fully capable device and not locked down like an Apple. I've found Google is doing a good job of knocking the illegitimate ones off Google Play.
I use Pocket Permissions to see what's going on, Task Manager to see what's running and Uninstall Master to remove anything remotely untoward. Watchdog is useful too. But ack, there's always a risk with the Android market. Probably a greater risk on the alternative markets. But then which is more fun - a Volvo or an old-style Mini?
Biting the hand that feeds IT © 1998–2019