Spyware Alert!

[Android_J]

Apparently there is/was a malicious wallpaper app in the Android Market that steals your info and sends it to China. I think my foray into Android land will come to an end. Google is just too lax with security for my taste.

Android wallpaper app that steals your data was downloaded by millions | VentureBeat

 

[Baldilocks]

There are several anti-virus anti-spyware apps in the Market as well.

I use Lookout Mobile Security

 

[ace35]

so for us geeks around here, is there some logs that we can look at to see where our phones are sending information, as i just looked at my on bill, and all i see is wap.celluar.com for where my info is going.

 

[Android_J]

There are several anti-virus anti-spyware apps in the Market as well.

I use Lookout Mobile Security

Not sure how anit-virus could have prevented this. It's more of a trojan. Tons of apps have access to contacts, internet, etc. for Android so nothing really out of the ordinary.

Lookout was the firm that found the issue, and only through forensics. Unfortunately, they found it after the program was downloaded "anywhere from 1.1 million to 4.6 million times. The exact number isn

 

[t-readyroc]

Blaming Google for this would be like blaming Microsoft for your having downloaded scareware.

 

[NukaCola]

Blaming Google for this would be like blaming Microsoft for your having downloaded scareware.

No I do think some of the blame falls on google. The app/wallpaper was downloaded via *their* market place, people trust it because googles name is behind it. They should have a mechanism in place to prevent outright fraud.

Now if you sideload (or use appbrain) thats a different story.

 

[t-readyroc]

Some, yes, but not all. I stand by my scareware analogy.

If that stupid pop-up window comes at you that's made to look like Windows & tells you your system's infected & that you'd better run a scan, "NOW!" You're going to have to accept some blame if you go ahead & click that "OK" button...

I dunno what this app looked like, but I've seen some of the SPAM apps in the market & they look pretty dang craptastic/shady right off the bat. Gotta take a moment to think about what you're doing if you're looking to install something like that.

This is precisely why I use AppBrain... heh

 

[Prim8]

Apparently there is/was a malicious wallpaper app in the Android Market that steals your info and sends it to China. I think my foray into Android land will come to an end. Google is just too lax with security for my taste.

Android wallpaper app that steals your data .was downloaded by millions | VentureBeat

Yeah it's not like apple didn't have apps that stole your contact list.
It wouldn't have been an issue if people looked at the screen that tells you what the program is going to access.
Google gave people the tools to prevent this people just don't use them.

 

[jeremytanner]

Yeah, I was downloading live wallpapers the other day and found a few that wanted internet access, and I was like, Umm, yeah, *that* isn't going on my phone....

 

[Simba501]

There are several anti-virus anti-spyware apps in the Market as well.

I use Lookout Mobile Security

Does it have a negative effect on your battery life?

 

[jazzman09]

I don't trust any apps in app store

 

[baddress]

I just downloaded the AT&T Mywireless App and it has the access to format my SD card and report back on my phone model to match it up with my data plan. I'm sure an upstanding corporation like AT&T would never use their format ability to erase my phone. In fact I'm making this post from my phone ri


<connection lost>

 

[tekonus]

No I do think some of the blame falls on google. The app/wallpaper was downloaded via *their* market place, people trust it because googles name is behind it. They should have a mechanism in place to prevent outright fraud.

A mechanism in place to prevent fraud... hmmmmm... You mean like the part before you click install that tells you what every application you install has access to? If you give a live wallpaper access to all your info, AND internet access to send it off... thats your fault. Thats like blaming the security guard who was standing 10 feet away from you about being robbed when you just took your wallet out and handed it to someone.

Also, if you think Apple's app approval process is any better... they approved a flashlight app that had secret tethering capabilities. They didn't realize until it was smeared across the internet. You would think that a simple look at the code would tell that something is amiss with this flashlight app...

 

[Android_J]

Yeah it's not like apple didn't have apps that stole your contact list.

What Apple app stole contacts?

A mechanism in place to prevent fraud... hmmmmm... You mean like the part before you click install that tells you what every application you install has access to? If you give a live wallpaper access to all your info, AND internet access to send it off... thats your fault. Thats like blaming the security guard who was standing 10 feet away from you about being robbed when you just took your wallet out and handed it to someone.

True. But what about when someone comes out with, say, a SMS app that doubles as spyware? You would give an SMS app full contact and internet access. It's not always going to be easy to spot malware such as a wallpaper app needing contact access.

Also, if you think Apple's app approval process is any better... they approved a flashlight app that had secret tethering capabilities. They didn't realize until it was smeared across the internet. You would think that a simple look at the code would tell that something is amiss with this flashlight app...

Tethering didn't steal info and send it off to China. And Apple were quick to pull it. The android wallpaper app was downloaded by 1 to 4 million people (anybody find it odd that Android Market doesn't keep track of actual downloads?) and wasn't exposed until the Black Hat conference.

Nothing is foolproof. All OS are vulnerable. Which is precisely why I'd like to see Google to step up their game a bit for their users' security.

 

[lilo]

What Apple app stole contacts?


True. But what about when someone comes out with, say, a SMS app that doubles as spyware? You would give an SMS app full contact and internet access. It's not always going to be easy to spot malware such as a wallpaper app needing contact access.

Tethering didn't steal info and send it off to China. And Apple were quick to pull it. The android wallpaper app was downloaded by 1 to 4 million people (anybody find it odd that Android Market doesn't keep track of actual downloads?) and wasn't exposed until the Black Hat conference.

Nothing is foolproof. All OS are vulnerable. Which is precisely why I'd like to see Google to step up their game a bit for their users' security.

It's irrelevant that this particular app did not steal data. The important thing is that it could (if the developer wanted to) and Apple would not be able to detect it. Apple pulled the app only after the news was all over the Internet. Google can do the same. If anything iPhone users are in worse shape because they do not get any information about the permissions requested by the app (probably because of the presumed - and non-existent - security of iOS platform)

 

[tekonus]

It's irrelevant that this particular app did not steal data. The important thing is that it could (if the developer wanted to) and Apple would not be able to detect it. Apple pulled the app only after the news was all over the Internet. Google can do the same. If anything iPhone users are in worse shape because they do not get any information about the permissions requested by the app (probably because of the presumed - and non-existent - security of iOS platform)

Exactly... that was kinda my point.

 

[linuxdood]

There are several anti-virus anti-spyware apps in the Market as well.

I use Lookout Mobile Security

Lookout reported the issue. I tried lookout after i heard about it and it didn't even flag the wallpaper app they reported on.

antivirus free did - and removed it.

 

[sremick]

They should have a mechanism in place to prevent outright fraud.

Sure, but then there'd be a lengthy approval process with big fees and such, and it'd take a long time to get apps into the Marketplace... people would be complaining about Android's "walled garden" and blah blah blah... you can't have it both ways.

 

[Prim8]

It sounds like the developer has reasonable explanations and it was all exaggerated at first anyway.

 

[Benclayton]

There are several anti-virus anti-spyware apps in the Market as well.

I use Lookout Mobile Security

I use common sense.

 

[keredini]

i use common sense.

qft

 

[burningblue102]

how do i know if i have spy ware on my phone
i got app task running but i dont know what the heck any of them are or if they came on phone or not

 

[CrimsonPride]

Most of these things are blown out of proportion but its true, when youre as open as google, that people are going to take advantage of it. so for me i just read the permissions, if i think an app doesnt need a permission it asks for i dont download it.

the apple store has had apps that have been removed because it was thought that information was sent from the users phone. the thing with apple is you have to have a mac to write their programs i believe, and i know you have to pay a pretty large sum of money to even put your app in their store, and i believe they even take some of the money from each app downloaded. google sends all the money to the devs and there are no huge sums of money they have to pay to get their apps out there.

but i would still much rather buy and install free apps from the android market than have 1 penny go to the communists over at apple

 

[tekonus]

Most of these things are blown out of proportion but its true, when youre as open as google, that people are going to take advantage of it. so for me i just read the permissions, if i think an app doesnt need a permission it asks for i dont download it.

the apple store has had apps that have been removed because it was thought that information was sent from the users phone. the thing with apple is you have to have a mac to write their programs i believe, and i know you have to pay a pretty large sum of money to even put your app in their store, and i believe they even take some of the money from each app downloaded. google sends all the money to the devs and there are no huge sums of money they have to pay to get their apps out there.

but i would still much rather buy and install free apps from the android market than have 1 penny go to the communists over at apple

You're wrong about 2 things.
-There are startup costs for developing on both iOS and Android. The cost is less on Android, however. You are right in saying that you need to develop on a mac.
-Google and Apple both take a cut of paid apps. I believe it is around 30%.

 

[ulbonado]

so for me i just read the permissions, if i think an app doesnt need a permission it asks for i dont download it.

That's well and good, but I should point out that the most recent spyware brouhaha related to apps that actually rooted the phone on the sly, which means that the permissions you think are assigned mean nothing.