Terrifying lack of security on Android devices.

[anteries]

I've recently bought a HTC Wildfire and absolutely loved it and the concept of android.

But as a long-time computer user the seeming lack of security is freaking me out a bit.

I've read the guidelines about what services and application has access to, but just about every single application asks for access to things that are worrying.

So it's mostly a matter of install and pray.

The advice is, to listen to android community feedback about particular applications. Obviously some applications have become well known and legitimate.

But unless I'm mistaken, there doesn't seem to be any way to find out if any application is Malware. the only way a person would know, is if they had their identity stolen, their passwords stolen, or money stolen from their bank account.

And then how would a person know which application was stealing data? how would one know it was even the phone over ones computer.

So the idea that a community can offer feedback and warn each other of malware hidden in applications, is a false assumption.

It seems to me, that android phones desperately need some sort of firewall. And a means of recording which applications might be sending data to unknown locations.

I don't need to scare anyone, but as a newbie this is how it seems to me, if I'm wrong here please let me know, because I really do want to be wrong.

 

[Brian Rubin]

From what I understand, Android -- which is based on Linux -- is fairly safe. If you get Lookout, stick to apps with lots of/high ratings and always check their permissions, you should be fine.

 

[Rigel]

From what I understand, Android -- which is based on Linux -- is fairly safe. If you get Lookout, stick to apps with lots of/high ratings and always check their permissions, you should be fine.

What you say is true. thanks "lookout" good. but its still a little like an inpregnable fortress, to which the window cleaner and the paper boy demand copies of the master key, to engage their services. bit melodramatic I know.

 

[Brian Rubin]

Um...overtly and unnecessarily melodramatic.

 

[A.Nonymous]

What apps are you trying to install that have permissions that are "terrifying"? Can you give some examples.

 

[DeathBySnooSnoo]

The OP is 100% correct. This platform, as great as it is, happens to live by a "buyer beware" model. All I've ever seen people say about security is "be careful what you install."

So we're supposed to rely upon our "hunches" and "good/bad feelings" to determine what apps pose security problems?

This is where the Apple Store has Google Trumped. At least there is some oversight as to what is being developed.

IMO unless someone creates a new Market and puts layers of review and oversight this platform is going to be in for some bad publicity when hackers flood the market and eventually control it with their malware. At which point consider the platform extinct.

Despite all the doom and gloom I love my Droid. There is just some major room for improvement and it needs to happen ASAP otherwise we'll all be using iPhones (again).

 

[revtime]

The sky is falling.................The sky is falling!!!!!!!!!!!!

Do you need to be diligent and do your homework? Of course you do. Is it as bad as some make it sound? Of course not.

 

[bberryhill0]

I have yet to see a report of any malware on Android. There was a vague rumor of a virus for the iPhone a while ago.

If you don't trust your smartphone, turn it off. And pull the battery. ' They' can listen in on turned off phones.

 

[CarsnGadgets]

Just be careful, if it scares you that much then dont install any apps that dont have a long history and have been well tested with a 5 star rating from thousands of downloads. Dont install from outside the market, use Lookout or similar.

but really the hype about security holes in android or ios are so over the top, yes there may have been one or two instances where apps have posed as wallpaper apps or porn apps but have actually posted your gps location or worse to their devs, but seriously, when they installed a wallpaper app and it said it needed permission to their location services etc it should have told them something was wrong.

read what permissions the app is requesting, make your mind up based on that info, and if it looks dodgy or too good to be true, or has poor reviews then dont install it.

dont worry so much, just enjoy your phone. :0)

 

[CXXV]

Sheesh...it's just a phone. Something happens you just reflash it....

 

[takeshi]

I've read the guidelines about what services and application has access to, but just about every single application asks for access to things that are worrying.

It sounds like you need to read up on the various permissions. You can't always understand why an app is requesting a particular permission just based on the name of the permission alone. It's not always so straightforward. Often, a needed capability is stuck under a certain permission and the capability and the name of the permission aren't clearly related at a glance.

Also, as an example, you need to consider the bigger picture. For example, if you read the warnings for any keyboard app you'd probably live in constant fear that everything is being keylogged. However, if the keyboard app doesn't have the permissions to transmit data then it isn't going to do a malicious developer any good unless he intends to physically take your device from you to retrieve the data.

In other words, you really have to be able to read between the lines.

 

[A.Nonymous]

The OP is 100% correct. This platform, as great as it is, happens to live by a "buyer beware" model. All I've ever seen people say about security is "be careful what you install."

So we're supposed to rely upon our "hunches" and "good/bad feelings" to determine what apps pose security problems?

This is where the Apple Store has Google Trumped. At least there is some oversight as to what is being developed.

IMO unless someone creates a new Market and puts layers of review and oversight this platform is going to be in for some bad publicity when hackers flood the market and eventually control it with their malware. At which point consider the platform extinct.

Despite all the doom and gloom I love my Droid. There is just some major room for improvement and it needs to happen ASAP otherwise we'll all be using iPhones (again).

While I agree with you that the Marketplace is kind of a cesspool, I'm not so sure that it needs complete oversight like the Apple Store.

Really it's all about common sense. I downloaded some live wallpaper the other day. It wanted Full Internet Access. In my mind, I know that it makes no sense for a live wall paper to need that. So I didn't install it. I put Angry Birds on my phone today. It says it's ad supported. The only permission it asked for was Full Internet Access. This makes sense to me since it's ad-supported.

 

[Oriley]

So guys why is there NO " Safe apps recommened " here in the Wildfire forum ? Searched most , and find ,as yet , no Sticky , to tell which apps are good and Safe , hm ,strange .........or trust a stranger........

 

[A.Nonymous]

So guys why is there NO " Safe apps recommened " here in the Wildfire forum ? Searched most , and find ,as yet , no Sticky , to tell which apps are good and Safe , hm ,strange .........or trust a stranger........

No trust your own common sense.

 

[blackvyper]

Much ado about nothing.

 

[Sulfur]

If you don't want an app to access a permission that it is requesting, don't install it. Simple as that.

 

[budmuncher]

Do developers NEED to mention what permissions their apps will request? Whats to stop developers from not mentioning permission requests and using their apps to access your private info without your knowledge......to me this is a serious concern.

 

[Szadzik]

Do developers NEED to mention what permissions their apps will request? Whats to stop developers from not mentioning permission requests and using their apps to access your private info without your knowledge......to me this is a serious concern.

The Market knows all the permissions an app will request at the moment of installing and developers cannot hide it. The moment app is submitted to be published to the Market it is scanned for permissions and other stuff.

 

[droidros]

The Market knows all the permissions an app will request at the moment of installing and developers cannot hide it. The moment app is submitted to be published to the Market it is scanned for permissions and other stuff.

That's good to know.

I think the OP is asking a legitimate question and answers along the lines of "if you don't understand why it's asking to access xyz then don't install it" aren't particularly helpful.

I am new to Android based phones and love all the apps available, but I don't always understand why certain apps need to access certain data. I didn't install one particular app because it wanted access to my Contacts. I think it was just a news service so why would it need that? Other than cases like that, I've installed the apps that look interesting based on user comments and just trust that if others haven't reported a problem, it's probably okay.

But it is somewhat reassuring to hear that there haven't been too many reports of malware on Android systems.

 

[sookster54]

I have yet to see a report of any malware on Android. There was a vague rumor of a virus for the iPhone a while ago.

If you don't trust your smartphone, turn it off. And pull the battery. ' They' can listen in on turned off phones.

You haven't looked hard enough, there's about 3 or 4 of them out there right now (they're coming from China and Russia).

It takes common sense to keep your phone secure, think about what apps you're downloading and what permissions they need. Also you're at risk if you go download a pirated app that you don't want to pay for on the market, there's a copy of Swype floating around that I wouldn't touch, also there's Need for Speed: Shift and probably Angry Birds and such.

 

[sghere]

The only way to insure complete privacy is to go off the grid completely.

You install applications on your computer don't you? Look at all the cookies that are accepted which collect "anonymous" information.

If you're that paranoid about applications and security, then technology isn't for you.

There are ALWAYS ALWAYS 2 sides to everything...good/bad, light/dark, secure/unsecure etc., etc.

Not flaming you personally here, but if you really want to see something scary, Google your name "firstname lastname" (in quotes) and see what comes up.

There are even sites that charge $14.95 to get your social security #, annual income, where you live, aliases etc.

So if you're worried about the security of the phone, turn around and take it back for a "non" smart phone.

Take care
S

 

[rastoma]

Wow.

I just got my first Android device, Epic 4G and LOVE it. I was excited to find a, what seems to be, good Android community. And I see comments regarding security as 'just go off the grid then'.... 'use common sense'.... 'pull your battery then'.

I can tell that everyone here is a 'geek' with a big computer background (myself included). You all build your own computers, do computer repair or big into programming, etc. And if this the only people in the world that ever buy Android based phones, then yes, none of us will have any problems because we all 'know better'.

But I for one, want Android to SUCCEED (which it is so far but is FAR from beating the iphone yet) and want it to LAST. In order for that to happen, the MASS MARKET is going to have to buy. The MAJORITY of those people will not know better. They will trust that the product is safe to use. They will assume that if the item is the marketplace then it's safe to use. We all assume that if something is for sale in a store then it's ok to use.

Everyone needs to stop acting like they know everything and start appreciating that there's people out there that don't realize there could be a hazard in installing an innocently looking app. That doesn't make them stupid or less intelligent. It's something they don't have background in. And before makes a stupid comment by saying they shouldn't buy an Android phone then.... well that's just a stupid comment. Because if you don't know there's a danger then how would you know not to buy it?

I hope Android conquers the iphone eventually and it will never happen if it's not made safer to use. That's not doom and gloom and I know there's nothing bad happened yet, other than the mentioned one or two wallpaper apps that caused an issue.

I just can't see why it would be so hard for Google to have a team of people to scan through new app submissions for malicious activity or even come up with some kind of automated scanner to check for things.

 

[locus]

At least when installing apps on the Android it tells you or asks you the permissions it wants, I Have installed apps on Nokia Symbian and apple ipod or ipad and never been asked or told what services the app needs, yet it seems no one really wonders or asks what itunes apps are doing with information it gathers from your phone, at least on Android I have a choice and know what is going on. My $0.02 cents

 

[sookster54]

At least when installing apps on the Android it tells you or asks you the permissions it wants, I Have installed apps on Nokia Symbian and apple ipod or ipad and never been asked or told what services the app needs, yet it seems no one really wonders or asks what itunes apps are doing with information it gathers from your phone, at least on Android I have a choice and know what is going on. My $0.02 cents

Exactly and the risk is even greater when you jailbreak your iPhone/iPod, my iPod is jailbroken and Cydia has a list of downloadable apps, and I'm not bothering, only thing I downloaded were wallpapers and icon packs for the winterboard then I leave the iPod in flight mode to be safe and I use prepaid cards when I want to purchase something.

Blackberries also prompts permissions when you install apps, there was one app I installed a year ago I got off crackberry (I forget what it was) and had suspicious permission requests so I dumped it immediately.

By the way, Apple store isn't 100% secure, there's one SMS app that's constantly flooding TELUS right now.

 

[Ozymandias88]

I actually think your overestimating the security of the iPhone store, nobody actually knows what apple does to validate an app. The number of times apps are pulled from the app store AFTER being added and the volume of apps submitted each day means that they just can't be thoroughly testing every app before allowing them onto the store it's just not possible. You could say that provides a false sense of security as my understanding of the iphone store is that you don't even know what an app can do ever. At least on android you know exactly what an app can access.

My take on the whole thing anyway is that you have to have some common sense to use any technology. If its running android don't install the sexy girl wallpaper that wants access to your gps, contacts, and services that cost you money. If it's windows don't click that button on a website that says you've just won $10000000000 click here to claim it.

Also as it's not been posted yet anyone whos wondering about permissions should read this:
http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html

Edit: Ah beaten to me point by lokus and sookster