1. Are you ready for the Galaxy S20? Here is everything we know so far!

Researchers discover first malware to target Google's Android

Discussion in 'Android Lounge' started by Slick1020, Aug 11, 2010.

  1. Slick1020

    Slick1020 Android Enthusiast
    Thread Starter

  2. laredo7mm

    laredo7mm Android Enthusiast

    double tap...lol
  3. Why won't they say what app it is ? Kinda messed up, heh.
  4. Vihzel

    Vihzel Destroying Balls Everyday

    The article says it's called "Movie Player"
    optikalillusi0n likes this.
  5. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    So it begins.
  6. ThatNewAndroidGuy

    ThatNewAndroidGuy Android Enthusiast

    Yea its gonna suck, esp at the rate android OS is climbing, while also being open source.
  7. Ack.. I totally missed that. lol, thanks.
  8. pwnst*r

    pwnst*r Android Expert

    Yet another reason not to download the latest apps in the Market from newcomers. That's the catch .22 between the Market and Apple's store.
  9. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    Yet another reason I wish I could run apps in a doghouse.

    I also wish the Android firewall would work also, but so far, it's no soap for me on the Evo.
  10. pwnst*r

    pwnst*r Android Expert

    When you say doghouse, are you referring to a sandbox environment?
  11. grainysand

    grainysand Android Expert

    Do you... do you actually think open-source magically means it's less secure? I'm not sure you get what "open-source" means.

  12. I think he's referring more to the fact that the Android market is virtually unmonitored.
  13. Bitbang3r

    Bitbang3r Well-Known Member

    The supreme irony is that 6 months from now, users with rooted phones and AOSP will yawn, because we'll have long since hacked the source to intercept and block outgoing SMS requests to shortcodes and non-American areacodes. Meanwhile, users obediently running official carrier-blessed ROMs will be screwed since carriers won't want to risk having twenty million customers decide to not send votes to American Idol because it would mean having to unblock shortcodes first in the settings menu...
  14. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    Actually more of a virtual wrapper around the app so that all ports in and out may be controlled or even simulated for study.

    Just as a sandbox protects a repository and limits damage done to source by local tinkering, a doghouse protects an OS and limits the damage an app can do by nefarious outreach of network ports.

    In some organizations the two terms have a certain interchangeability.
  15. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    I took it at face value and that the meaning was simply that with open source there might be a higher potential for exploits to be found by direct examination of the infrastructure and privileged-action handling mechanisms.

    This has been a well-known and long-term admonition against open source and proponents line up on both sides of the line in the sand to argue for and against its reasonableness and probability.

    I didn't say it, but that's how I read it, and I defend that it's at least worthy to keep on the table until this OS matures further and all facts are known.

    FWIW - I'm a huge proponent and supporter of FOSS and have been for nearly two decades.
  16. huntleth

    huntleth Well-Known Member

    I think the best option to avoid restricting the freedom of the market is to introduce settings to filter out all apps that don't have a certain amount of ratings, good or bad, unless otherwise specified that you wish to see them.
  17. Big D

    Big D Well-Known Member

    This is the double edged sword. No restrictions on apps but no security either!
  18. ThatNewAndroidGuy

    ThatNewAndroidGuy Android Enthusiast

    This is what I meant. To me it's like you have the blueprints for the bank/mansion you want to break into. So they will just look for the doors in the source.
  19. EarlyMon

    EarlyMon The PearlyMon
    VIP Member

    Russian (and now Chinese) hackers are known to be particularly clever.

    However, in this case, I think the entire exploit was relying on user laissez-faire and was rather straightforward, from what little I've read.

    Regardless of market vetting by any camp, over-trust by users will probably always be the most-used infection vector for any OS, in my opinion.

    People often flame me for what I'm about to say, and that's a don't-care for me:

    I note that the report on this exploit was given by a anti-virus/malware vendor.

    I've noted over the years that the anti-virus/malware vendors seem particularly adept at fixing viruses almost as soon as they're released into the wild - and the more vendors for that sort of thing there are, the more viruses seem to crop up.

    People tell me there's no one hiding under my bed and that I have cause and effect wrong.

    And I just follow the money.

    On this, I'm probably completely wrong. I often am.

    In this case, the exploit did accompany a profit motive for the black hats.

Share This Page