• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Spyware Alert!

so for us geeks around here, is there some logs that we can look at to see where our phones are sending information, as i just looked at my on bill, and all i see is wap.celluar.com for where my info is going.
 
Baldilocks said:
There are several anti-virus anti-spyware apps in the Market as well. :)

I use Lookout Mobile Security
Click to expand...

Not sure how anit-virus could have prevented this. It's more of a trojan. Tons of apps have access to contacts, internet, etc. for Android so nothing really out of the ordinary.

Lookout was the firm that found the issue, and only through forensics. Unfortunately, they found it after the program was downloaded "anywhere from 1.1 million to 4.6 million times. The exact number isn
 
t-readyroc said:
Blaming Google for this would be like blaming Microsoft for your having downloaded scareware.
Click to expand...

No I do think some of the blame falls on google. The app/wallpaper was downloaded via *their* market place, people trust it because googles name is behind it. They should have a mechanism in place to prevent outright fraud.

Now if you sideload (or use appbrain) thats a different story.
 
Some, yes, but not all. I stand by my scareware analogy.

If that stupid pop-up window comes at you that's made to look like Windows & tells you your system's infected & that you'd better run a scan, "NOW!" You're going to have to accept some blame if you go ahead & click that "OK" button...

I dunno what this app looked like, but I've seen some of the SPAM apps in the market & they look pretty dang craptastic/shady right off the bat. Gotta take a moment to think about what you're doing if you're looking to install something like that.

This is precisely why I use AppBrain... heh
 
Android_J said:
Apparently there is/was a malicious wallpaper app in the Android Market that steals your info and sends it to China. I think my foray into Android land will come to an end. Google is just too lax with security for my taste.

Android wallpaper app that steals your data .was downloaded by millions | VentureBeat
Click to expand...

Yeah it's not like apple didn't have apps that stole your contact list.
It wouldn't have been an issue if people looked at the screen that tells you what the program is going to access.
Google gave people the tools to prevent this people just don't use them.
 
Yeah, I was downloading live wallpapers the other day and found a few that wanted internet access, and I was like, Umm, yeah, *that* isn't going on my phone....
 
I just downloaded the AT&T Mywireless App and it has the access to format my SD card and report back on my phone model to match it up with my data plan. I'm sure an upstanding corporation like AT&T would never use their format ability to erase my phone. In fact I'm making this post from my phone ri


<connection lost>
 
NukaCola said:
No I do think some of the blame falls on google. The app/wallpaper was downloaded via *their* market place, people trust it because googles name is behind it. They should have a mechanism in place to prevent outright fraud.
Click to expand...

A mechanism in place to prevent fraud... hmmmmm... You mean like the part before you click install that tells you what every application you install has access to? If you give a live wallpaper access to all your info, AND internet access to send it off... thats your fault. Thats like blaming the security guard who was standing 10 feet away from you about being robbed when you just took your wallet out and handed it to someone.

Also, if you think Apple's app approval process is any better... they approved a flashlight app that had secret tethering capabilities. They didn't realize until it was smeared across the internet. You would think that a simple look at the code would tell that something is amiss with this flashlight app...
 
Prim8 said:
Yeah it's not like apple didn't have apps that stole your contact list.
Click to expand...
What Apple app stole contacts?


tekonus said:
A mechanism in place to prevent fraud... hmmmmm... You mean like the part before you click install that tells you what every application you install has access to? If you give a live wallpaper access to all your info, AND internet access to send it off... thats your fault. Thats like blaming the security guard who was standing 10 feet away from you about being robbed when you just took your wallet out and handed it to someone.
Click to expand...
True. But what about when someone comes out with, say, a SMS app that doubles as spyware? You would give an SMS app full contact and internet access. It's not always going to be easy to spot malware such as a wallpaper app needing contact access.

Also, if you think Apple's app approval process is any better... they approved a flashlight app that had secret tethering capabilities. They didn't realize until it was smeared across the internet. You would think that a simple look at the code would tell that something is amiss with this flashlight app...
Click to expand...
Tethering didn't steal info and send it off to China. And Apple were quick to pull it. The android wallpaper app was downloaded by 1 to 4 million people (anybody find it odd that Android Market doesn't keep track of actual downloads?) and wasn't exposed until the Black Hat conference.

Nothing is foolproof. All OS are vulnerable. Which is precisely why I'd like to see Google to step up their game a bit for their users' security.
 
Android_J said:
What Apple app stole contacts?


True. But what about when someone comes out with, say, a SMS app that doubles as spyware? You would give an SMS app full contact and internet access. It's not always going to be easy to spot malware such as a wallpaper app needing contact access.

Tethering didn't steal info and send it off to China. And Apple were quick to pull it. The android wallpaper app was downloaded by 1 to 4 million people (anybody find it odd that Android Market doesn't keep track of actual downloads?) and wasn't exposed until the Black Hat conference.

Nothing is foolproof. All OS are vulnerable. Which is precisely why I'd like to see Google to step up their game a bit for their users' security.
Click to expand...

It's irrelevant that this particular app did not steal data. The important thing is that it could (if the developer wanted to) and Apple would not be able to detect it. Apple pulled the app only after the news was all over the Internet. Google can do the same. If anything iPhone users are in worse shape because they do not get any information about the permissions requested by the app (probably because of the presumed - and non-existent - security of iOS platform)
 
lilo said:
It's irrelevant that this particular app did not steal data. The important thing is that it could (if the developer wanted to) and Apple would not be able to detect it. Apple pulled the app only after the news was all over the Internet. Google can do the same. If anything iPhone users are in worse shape because they do not get any information about the permissions requested by the app (probably because of the presumed - and non-existent - security of iOS platform)
Click to expand...

Exactly... that was kinda my point. :p
 
Baldilocks said:
There are several anti-virus anti-spyware apps in the Market as well. :)

I use Lookout Mobile Security
Click to expand...

Lookout reported the issue. I tried lookout after i heard about it and it didn't even flag the wallpaper app they reported on.

antivirus free did - and removed it.
 
NukaCola said:
They should have a mechanism in place to prevent outright fraud.
Click to expand...

Sure, but then there'd be a lengthy approval process with big fees and such, and it'd take a long time to get apps into the Marketplace... people would be complaining about Android's "walled garden" and blah blah blah... you can't have it both ways.
 
It sounds like the developer has reasonable explanations and it was all exaggerated at first anyway.
 
how do i know if i have spy ware on my phone
i got app task running but i dont know what the heck any of them are or if they came on phone or not
 
Most of these things are blown out of proportion but its true, when youre as open as google, that people are going to take advantage of it. so for me i just read the permissions, if i think an app doesnt need a permission it asks for i dont download it.

the apple store has had apps that have been removed because it was thought that information was sent from the users phone. the thing with apple is you have to have a mac to write their programs i believe, and i know you have to pay a pretty large sum of money to even put your app in their store, and i believe they even take some of the money from each app downloaded. google sends all the money to the devs and there are no huge sums of money they have to pay to get their apps out there.

but i would still much rather buy and install free apps from the android market than have 1 penny go to the communists over at apple
 
CrimsonPride said:
Most of these things are blown out of proportion but its true, when youre as open as google, that people are going to take advantage of it. so for me i just read the permissions, if i think an app doesnt need a permission it asks for i dont download it.

the apple store has had apps that have been removed because it was thought that information was sent from the users phone. the thing with apple is you have to have a mac to write their programs i believe, and i know you have to pay a pretty large sum of money to even put your app in their store, and i believe they even take some of the money from each app downloaded. google sends all the money to the devs and there are no huge sums of money they have to pay to get their apps out there.

but i would still much rather buy and install free apps from the android market than have 1 penny go to the communists over at apple
Click to expand...

You're wrong about 2 things.
-There are startup costs for developing on both iOS and Android. The cost is less on Android, however. You are right in saying that you need to develop on a mac.
-Google and Apple both take a cut of paid apps. I believe it is around 30%.
 
CrimsonPride said:
so for me i just read the permissions, if i think an app doesnt need a permission it asks for i dont download it.
Click to expand...

That's well and good, but I should point out that the most recent spyware brouhaha related to apps that actually rooted the phone on the sly, which means that the permissions you think are assigned mean nothing.
 
You must log in or register to reply here.
Back
Top Bottom