"Terrifying Android Malware"

[Mayhem]

See Terrifying Android Malware Hacks Your PC and then Eavesdrops On You With Its Microphone.

Not sure how many of you read Gizmodo and how likely it is that anyone here installed this application but thought it best to pass along just in case.

The program is (was?) called DroidCleaner.

 

[Frisco]

See Terrifying Android Malware Hacks Your PC and then Eavesdrops On You With Its Microphone.

Not sure how many of you read Gizmodo and how likely it is that anyone here installed this application but thought it best to pass along just in case.

The program is (was?) called DroidCleaner.

Darn it. Now everybody in China knows about all my sneezing and burping and stuff.

 

[Kamau]

Odd Android Malware Attacks Windows PCs, Triggers Your Microphone | Maximum PC

As the author says, I'm not sure about what is to be gained by this one. Then again, it may be as simple as someone saying "look what I can do".
In any case, it pays to be on guard because if nothing else, it tells me they (the makers of this type of malware) are still hard at work.

 

[mikedt]

Darn it. Now everybody in China knows about all my sneezing and burping and stuff.

Yup, we now know everything you say and do.

 

[Davdi]

Which is why my BSc. project is a study of the current state of security awareness, and methods to raise security awareness, with a view to develop a toolset to help do just that.

 

[Omar Days]

Ok, granted, the apps were designed as cleanup tools and probably looked fishy anyway, but why do google allow such crap on their app market in the first place? If you get malware by side loading some rogue app, then fair enough, but imo getting malware from the play store is not on. Google should do more to prevent stuff like that even getting on to the play store in the first place.

Have there been any reports of malware on Apple's app store?

 

[2 Phonez]

Have there been any reports of malware on Apple's app store?

It's not impossible - Charlie Miller got a proof of concept rogue app into the App Store without any problems.

 

[Digital Controller]

That's crazy...I mean I am not really surprised...programmers can do a lot these days

 

[2 Phonez]

What you have to remember is the App Store and Play Store use the same type of system to test apps. That is, they simulate them in a virtual environment and test them to see if they're malicious. These systems are helpful but not full proof. The difference is, when a bad app gets through to the Play Store, users can look at the permissions, look into the developer, probe the app themselves in their phones, etc. and skilled geeks can easily see if an app is malicious and bring it to peoples' attention. On iOS you're cut off from what your system is actually doing, so you have no idea if an app is secretly malicious or not. For this reason I feel a lot safer installing apps from the Play Store than I do installing apps from the App Store.

 

[Thom]

The only issue is an assumption ... Play Store does not validate that an app is not malicious and never has. There have been many examples of that in the past.

iPhone - the responsibility is Apple's
Android - the responsibility is the end user

When a malicious app is found in Play Store they remove it.

... Thom

 

[2 Phonez]

The only issue is an assumption ... Play Store does not validate that an app is not malicious and never has. There have been many examples of that in the past.

iPhone - the responsibility is Apple's
Android - the responsibility is the end user

When a malicious app is found in Play Store they remove it.

... Thom

Incorrect, the Play Store has a system for checking apps too. In fact it has two of them: one on the server side and one on the client side.

That's why I say if apps can get past that they can just as easily get past Apple's.

 

[Thom]

I didn't say Play Store did nothing. I said Play Store did not VALIDATE the apps. The article you referenced also says that.

People in third-party companies have been discovering these problems in Play Store as opposed to Google employees.

... Thom

 

[2 Phonez]

I didn't say Play Store did nothing. I said Play Store did not VALIDATE the apps. The article you referenced also says that.

People in third-party companies have been discovering these problems in Play Store as opposed to Google employees.

... Thom

What do you mean by validate? It's not like Apple has people manually looking through source code on all the apps.

 

[Thom]

I have never been through the Apple acceptance process. It is my understanding that it is rather extensive and time consuming. They were taking responsibility. Perhaps they lightened up over the last year and are doing less?

The big difference ... iPhone - apple responsible / Android - end user responsible.

You tell me.

... Thom

 

[2 Phonez]

I have never been through the Apple acceptance process. It is my understanding that it is rather extensive and time consuming. They were taking responsibility. Perhaps they lightened up over the last year and are doing less?

The big difference ... iPhone - apple responsible / Android - end user responsible.

You tell me.

... Thom

Apple gets hundreds of apps submitted every day and as of around 2009 they aim to approve or reject apps within the space of a single week. Given this fact, there is no way they do extensive testing on every app. As far as I know they run it through a simulator and maybe an actual human being takes a quick look to make sure it has no porn in it and that's it.

In fact I think the process is something like this:

 

[Thom]

Cute.

... Thom

 

[dibblebill]

Honestly, Google has a small degree of culpability, but I'd rather have a more open platform with me having more responsibility than a closed one. Caution and sense are always the best antivirus.

I like to use Kaspersky for when those fail

 

[Thom]

... I have always used Norton's and scan EVERY app I install from ANYWHERE.

I always look for popularity inEVERY app I install from ANYWHERE.

... Thom

 

[dibblebill]

That, too. Look at reviews and download counts, always.

 

[Davdi]

If you feel secure (iOS) you're not so lileky to be aware of potential security breaches on your device, even if it starts acting oddly.
If you feel less secure (Android) you are much more aware of possible security breaches on your device and more likely to take steps to prevent/detect/mitigate any such possible breaches.
It's like you run Anti-Virus, anti-malware and firewall software on your windows PC, or probably just a firewall on Linux. but you know that's not total security so yuo're still aware if things start acting oddly. It's up to us to be aware of security issues and to not trust the device/software to do it for us.