Sign in / up

back to article Boffins laugh at Play Store bonehead security with instant app checker

An armada of university researchers have devised a novel method of detecting malicious applications on Android app, and by way of demonstration have dug up 127,429 shady software offerings, including some bearing exploits for a whopping 20 zero days. The scheme dubbed MassVet is the brainchild of eight researchers: Kai Chen; …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. gollux

    Yeah, we get it, Google Play Store and Android increasingly are the turds floating in the mobile device pool. Not enough competition, what with Apple, Amazon's Fire Android variant and Microsoft Windows 10 being the only other options out there. Wait, maybe it's time to dump Google Android.

    2 14 Reply
    1. Destroy All Monsters Silver badge
      Reply Icon
      Thumb Down

      The doctor recommends one coffee and transcendental meditation before posting.

      8 1 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Back in the real world, android devices with malware are very very rare indeed.

      Snakeoil vendors and clickbait hungry reporting is keen to overinflate the significance of this.

      Windows by far is still the cessspool. I have already come across windows 10 machines filled with viruses and adware.

      3 4 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        >Windows by far is still the cessspool.

        Not in mobile. The ultimate in security by obscurity. If there is malware for WM it was probably written by someone in Redmond as they are the only ones with the devices.

        5 1 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        And

        exactley how many windows PHONES have you found, as you say, filled with viruses, spy/malware???

        1 1 Reply
      3. Anonymous Coward
        Reply Icon
        Anonymous Coward

        >Back in the real world, android devices with malware are very very rare indeed.

        Except for the fact that %90+ of all android phones can still be pwned with a single mms and Android still has no decent universal patching mechanism.

        2 0 Reply
        1. Planty Bronze badge
          Reply Icon

          Really???

          So why is this not happening then...

          Becuase its horseshit, that's why. The vast majority of those phones have ASLR which pretty much mitigates things. I guess you chose to forget that..

          Like I said, storm in a teacup, any security company bigging this up isn't trustworthy..

          0 0 Reply
    3. fung0
      Reply Icon

      I think this is missing the point. The study finds that the tide of quick-and-dirty malware is increasing to the point where a bulk-analysis approach becomes worthwhile, probably as an adjunct to conventional anti-malware techniques. The study doesn't show that Google is screwing up - more that the playing field has shifted, and Google needs to broaden its approach accordingly.

      4 0 Reply
  2. Destroy All Monsters Silver badge
    Thumb Up

    I have to say this sounds rather cool.

    More things to study. Sigh.

    5 0 Reply
  3. frank ly

    "... 127,429 shady software offerings, ..."

    We've seen articles like this before, from various researchers. Why don't they ever name the top 'selling' dodgy applications? If Angry Turds has been seen to sign the phone up to premium SMS services or if Mandy Blush has been seen to send a phone's entire contacts list to a Vietnamese server, why doesn't anyone ever say so?

    16 1 Reply
    1. Pascal Monett Silver badge
      Reply Icon
      Coat

      Re: Why don't they ever name the top 'selling' dodgy applications ?

      Because they publish in Lawsuit Country ?

      12 0 Reply
      1. Mark 85
        Reply Icon

        Re: Why don't they ever name the top 'selling' dodgy applications ?

        So being right about "dodgy" won't stop a lawsuit? That might cause them (the devs) some serious problems if such a lawsuit went to court.

        3 1 Reply
        1. Pascal Monett Silver badge
          Reply Icon

          If being right stopped lawsuits there would be no patent trolls.

          3 0 Reply
  4. Mage Silver badge
    Coat

    several spew adware

    That explains Google's lackadaisical approach.

    4 0 Reply
  5. Adam 1

    False positives? Number of detections isn't sufficient for evaluating the detection rate. It has to have a high detection rate without misidentifying benign apps as malware. That is the tricky part.

    2 2 Reply
    1. fung0
      Reply Icon

      Read the PDF. The researchers have done quite a bit of analysis on this exact topic. I'm not qualified to evaluate their statistical math, but it looks pretty reasonable.

      4 0 Reply
  6. Alan Denman

    Apple bans similar analysis?

    No flies on them!

    0 5 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Apple bans similar analysis?

      Apple bans similar analysis?

      Oh really? Since When?

      What I particularly like is the irony of Chinese people showing up Google. That has to hurt.

      I think this is good news - the more people catch Google with their trousers down when it comes to app security, the more pressure it brings on them to fix issues which can only benefit everyone (well, of non-evil intent), and a framework that is simple is one that can be checked by others. Every time it gets complicated it creates nice little TL;DR boltholes for mistakes and oversights to hide.

      5 0 Reply
  7. g00se
    FAIL

    Virus Total

    beating all 54 antivirus scanners, including the popular Virus Total online analysis machine

    Surely the point of Virus Total is that it essentially IS 'all 54 antivirus scanners' or am I missing something?

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Virus Total

      Surely the point of Virus Total is that it essentially IS 'all 54 antivirus scanners' or am I missing something?

      Sssssh. Don't interfere with someone bigging up a statement.. (upvote, though).

      0 0 Reply
    2. Destroy All Monsters Silver badge
      Reply Icon

      Re: Virus Total

      In that case Virus Total is "all 53 antivirus scanners", really.

      1 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    f__k the Playstore

    I have finally reached the point where I can get by with only one store on my Android phone and that is F-Droid. If you use a custom rom with it you can have zero accounts tracking you (don't necessarily need root access and can lock the bootloader after installing). Best of all, though F-Droid is not guaranteed to be free of malware but if an app is on there its source has to be available as well.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like