1. Introducing Channels - a new way to chat with other Android users!
    Dismiss Notice

Terrifying lack of security on Android devices.


Last Updated:

  1. anteries

    anteries Active Member This Topic's Starter

    Joined:
    Oct 10, 2010
    Messages:
    44
    Likes Received:
    1
    I've recently bought a HTC Wildfire and absolutely loved it and the concept of android.

    But as a long-time computer user the seeming lack of security is freaking me out a bit.

    I've read the guidelines about what services and application has access to, but just about every single application asks for access to things that are worrying.

    So it's mostly a matter of install and pray.

    The advice is, to listen to android community feedback about particular applications. Obviously some applications have become well known and legitimate.

    But unless I'm mistaken, there doesn't seem to be any way to find out if any application is Malware. the only way a person would know, is if they had their identity stolen, their passwords stolen, or money stolen from their bank account.

    And then how would a person know which application was stealing data? how would one know it was even the phone over ones computer.

    So the idea that a community can offer feedback and warn each other of malware hidden in applications, is a false assumption.

    It seems to me, that android phones desperately need some sort of firewall. And a means of recording which applications might be sending data to unknown locations.

    I don't need to scare anyone, but as a newbie this is how it seems to me, if I'm wrong here please let me know, because I really do want to be wrong.
     

    Advertisement
  2. Brian Rubin

    Brian Rubin Well-Known Member

    Joined:
    Sep 9, 2010
    Messages:
    337
    Likes Received:
    20
    From what I understand, Android -- which is based on Linux -- is fairly safe. If you get Lookout, stick to apps with lots of/high ratings and always check their permissions, you should be fine.
     
  3. Rigel

    Rigel Member

    Joined:
    Aug 25, 2010
    Messages:
    9
    Likes Received:
    0
    What you say is true. thanks "lookout" good. but its still a little like an inpregnable fortress, to which the window cleaner and the paper boy demand copies of the master key, to engage their services. bit melodramatic I know.
     
  4. Brian Rubin

    Brian Rubin Well-Known Member

    Joined:
    Sep 9, 2010
    Messages:
    337
    Likes Received:
    20
    Um...overtly and unnecessarily melodramatic.
     
    ballr4lyf likes this.
  5. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    What apps are you trying to install that have permissions that are "terrifying"? Can you give some examples.
     
  6. DeathBySnooSnoo

    DeathBySnooSnoo Well-Known Member

    Joined:
    Mar 30, 2010
    Messages:
    55
    Likes Received:
    12
    The OP is 100% correct. This platform, as great as it is, happens to live by a "buyer beware" model. All I've ever seen people say about security is "be careful what you install."

    So we're supposed to rely upon our "hunches" and "good/bad feelings" to determine what apps pose security problems?

    This is where the Apple Store has Google Trumped. At least there is some oversight as to what is being developed.

    IMO unless someone creates a new Market and puts layers of review and oversight this platform is going to be in for some bad publicity when hackers flood the market and eventually control it with their malware. At which point consider the platform extinct.

    Despite all the doom and gloom I love my Droid. There is just some major room for improvement and it needs to happen ASAP otherwise we'll all be using iPhones (again).
     
  7. revtime

    revtime Well-Known Member

    Joined:
    Oct 13, 2009
    Messages:
    173
    Likes Received:
    7
    The sky is falling.................The sky is falling!!!!!!!!!!!!

    Do you need to be diligent and do your homework? Of course you do. Is it as bad as some make it sound? Of course not.
     
  8. bberryhill0

    bberryhill0 Well-Known Member

    Joined:
    Jan 27, 2010
    Messages:
    2,607
    Likes Received:
    411
    I have yet to see a report of any malware on Android. There was a vague rumor of a virus for the iPhone a while ago.

    If you don't trust your smartphone, turn it off. And pull the battery. ' They' can listen in on turned off phones.
     
  9. CarsnGadgets

    CarsnGadgets Well-Known Member

    Joined:
    May 17, 2010
    Messages:
    1,067
    Likes Received:
    252
    Just be careful, if it scares you that much then dont install any apps that dont have a long history and have been well tested with a 5 star rating from thousands of downloads. Dont install from outside the market, use Lookout or similar.

    but really the hype about security holes in android or ios are so over the top, yes there may have been one or two instances where apps have posed as wallpaper apps or porn apps but have actually posted your gps location or worse to their devs, but seriously, when they installed a wallpaper app and it said it needed permission to their location services etc it should have told them something was wrong.

    read what permissions the app is requesting, make your mind up based on that info, and if it looks dodgy or too good to be true, or has poor reviews then dont install it.

    dont worry so much, just enjoy your phone. :0)
     
    Steelwool199 and Sunray like this.
  10. CXXV

    CXXV Well-Known Member

    Joined:
    Jan 23, 2010
    Messages:
    252
    Likes Received:
    10
    Sheesh...it's just a phone. Something happens you just reflash it....:rolleyes:
     
  11. takeshi

    takeshi Well-Known Member

    Joined:
    Dec 6, 2009
    Messages:
    3,354
    Likes Received:
    281
    It sounds like you need to read up on the various permissions. You can't always understand why an app is requesting a particular permission just based on the name of the permission alone. It's not always so straightforward. Often, a needed capability is stuck under a certain permission and the capability and the name of the permission aren't clearly related at a glance.

    Also, as an example, you need to consider the bigger picture. For example, if you read the warnings for any keyboard app you'd probably live in constant fear that everything is being keylogged. However, if the keyboard app doesn't have the permissions to transmit data then it isn't going to do a malicious developer any good unless he intends to physically take your device from you to retrieve the data.

    In other words, you really have to be able to read between the lines.
     
  12. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    While I agree with you that the Marketplace is kind of a cesspool, I'm not so sure that it needs complete oversight like the Apple Store.

    Really it's all about common sense. I downloaded some live wallpaper the other day. It wanted Full Internet Access. In my mind, I know that it makes no sense for a live wall paper to need that. So I didn't install it. I put Angry Birds on my phone today. It says it's ad supported. The only permission it asked for was Full Internet Access. This makes sense to me since it's ad-supported.
     
  13. Oriley

    Oriley Member

    Joined:
    Oct 16, 2010
    Messages:
    10
    Likes Received:
    0
    So guys why is there NO " Safe apps recommened " here in the Wildfire forum ? Searched most , and find ,as yet , no Sticky , to tell which apps are good and Safe , hm ,strange .........or trust a stranger........:confused:
     
  14. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    No trust your own common sense.
     
  15. blackvyper

    blackvyper Well-Known Member

    Joined:
    Dec 27, 2009
    Messages:
    170
    Likes Received:
    17
    Much ado about nothing.
     
  16. Sulfur

    Sulfur Well-Known Member

    Joined:
    Aug 11, 2010
    Messages:
    81
    Likes Received:
    6
    If you don't want an app to access a permission that it is requesting, don't install it. Simple as that.
     
  17. budmuncher

    budmuncher New Member

    Joined:
    Oct 4, 2010
    Messages:
    4
    Likes Received:
    0
    Do developers NEED to mention what permissions their apps will request? Whats to stop developers from not mentioning permission requests and using their apps to access your private info without your knowledge......to me this is a serious concern.
     
  18. Szadzik

    Szadzik Well-Known Member

    Joined:
    Feb 15, 2010
    Messages:
    5,413
    Likes Received:
    715
    The Market knows all the permissions an app will request at the moment of installing and developers cannot hide it. The moment app is submitted to be published to the Market it is scanned for permissions and other stuff.
     
  19. droidros

    droidros Well-Known Member

    Joined:
    Oct 10, 2010
    Messages:
    491
    Likes Received:
    22
    That's good to know.

    I think the OP is asking a legitimate question and answers along the lines of "if you don't understand why it's asking to access xyz then don't install it" aren't particularly helpful.

    I am new to Android based phones and love all the apps available, but I don't always understand why certain apps need to access certain data. I didn't install one particular app because it wanted access to my Contacts. I think it was just a news service so why would it need that? Other than cases like that, I've installed the apps that look interesting based on user comments and just trust that if others haven't reported a problem, it's probably okay.

    But it is somewhat reassuring to hear that there haven't been too many reports of malware on Android systems.
     
    wellmiss likes this.
  20. sookster54

    sookster54 Well-Known Member

    Joined:
    Jul 28, 2010
    Messages:
    906
    Likes Received:
    56
    You haven't looked hard enough, there's about 3 or 4 of them out there right now (they're coming from China and Russia).

    It takes common sense to keep your phone secure, think about what apps you're downloading and what permissions they need. Also you're at risk if you go download a pirated app that you don't want to pay for on the market, there's a copy of Swype floating around that I wouldn't touch, also there's Need for Speed: Shift and probably Angry Birds and such.
     
    Sunray likes this.
  21. sghere

    sghere Well-Known Member

    Joined:
    Nov 7, 2009
    Messages:
    127
    Likes Received:
    4
    The only way to insure complete privacy is to go off the grid completely.

    You install applications on your computer don't you? Look at all the cookies that are accepted which collect "anonymous" information.

    If you're that paranoid about applications and security, then technology isn't for you.

    There are ALWAYS ALWAYS 2 sides to everything...good/bad, light/dark, secure/unsecure etc., etc.

    Not flaming you personally here, but if you really want to see something scary, Google your name "firstname lastname" (in quotes) and see what comes up.

    There are even sites that charge $14.95 to get your social security #, annual income, where you live, aliases etc.

    So if you're worried about the security of the phone, turn around and take it back for a "non" smart phone.

    Take care
    S
     
  22. rastoma

    rastoma Member

    Joined:
    Oct 17, 2010
    Messages:
    20
    Likes Received:
    5
    Wow.

    I just got my first Android device, Epic 4G and LOVE it. I was excited to find a, what seems to be, good Android community. And I see comments regarding security as 'just go off the grid then'.... 'use common sense'.... 'pull your battery then'.

    I can tell that everyone here is a 'geek' with a big computer background (myself included). You all build your own computers, do computer repair or big into programming, etc. And if this the only people in the world that ever buy Android based phones, then yes, none of us will have any problems because we all 'know better'.

    But I for one, want Android to SUCCEED (which it is so far but is FAR from beating the iphone yet) and want it to LAST. In order for that to happen, the MASS MARKET is going to have to buy. The MAJORITY of those people will not know better. They will trust that the product is safe to use. They will assume that if the item is the marketplace then it's safe to use. We all assume that if something is for sale in a store then it's ok to use.

    Everyone needs to stop acting like they know everything and start appreciating that there's people out there that don't realize there could be a hazard in installing an innocently looking app. That doesn't make them stupid or less intelligent. It's something they don't have background in. And before makes a stupid comment by saying they shouldn't buy an Android phone then.... well that's just a stupid comment. Because if you don't know there's a danger then how would you know not to buy it?

    I hope Android conquers the iphone eventually and it will never happen if it's not made safer to use. That's not doom and gloom and I know there's nothing bad happened yet, other than the mentioned one or two wallpaper apps that caused an issue.

    I just can't see why it would be so hard for Google to have a team of people to scan through new app submissions for malicious activity or even come up with some kind of automated scanner to check for things.
     
  23. locus

    locus Well-Known Member

    Joined:
    Mar 19, 2010
    Messages:
    61
    Likes Received:
    4
    At least when installing apps on the Android it tells you or asks you the permissions it wants, I Have installed apps on Nokia Symbian and apple ipod or ipad and never been asked or told what services the app needs, yet it seems no one really wonders or asks what itunes apps are doing with information it gathers from your phone, at least on Android I have a choice and know what is going on. My $0.02 cents
     
  24. sookster54

    sookster54 Well-Known Member

    Joined:
    Jul 28, 2010
    Messages:
    906
    Likes Received:
    56
    Exactly and the risk is even greater when you jailbreak your iPhone/iPod, my iPod is jailbroken and Cydia has a list of downloadable apps, and I'm not bothering, only thing I downloaded were wallpapers and icon packs for the winterboard then I leave the iPod in flight mode to be safe and I use prepaid cards when I want to purchase something.

    Blackberries also prompts permissions when you install apps, there was one app I installed a year ago I got off crackberry (I forget what it was) and had suspicious permission requests so I dumped it immediately.

    By the way, Apple store isn't 100% secure, there's one SMS app that's constantly flooding TELUS right now.
     
  25. Ozymandias88

    Ozymandias88 Well-Known Member

    Joined:
    Apr 29, 2010
    Messages:
    84
    Likes Received:
    17
    I actually think your overestimating the security of the iPhone store, nobody actually knows what apple does to validate an app. The number of times apps are pulled from the app store AFTER being added and the volume of apps submitted each day means that they just can't be thoroughly testing every app before allowing them onto the store it's just not possible. You could say that provides a false sense of security as my understanding of the iphone store is that you don't even know what an app can do ever. At least on android you know exactly what an app can access.

    My take on the whole thing anyway is that you have to have some common sense to use any technology. If its running android don't install the sexy girl wallpaper that wants access to your gps, contacts, and services that cost you money. If it's windows don't click that button on a website that says you've just won $10000000000 click here to claim it.

    Also as it's not been posted yet anyone whos wondering about permissions should read this:
    http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html

    Edit: Ah beaten to me point by lokus and sookster
     
    Sunray likes this.

Share This Page

Loading...