1. Download our Official Android App: Forums for Android!

Terrifying lack of security on Android devices.

Discussion in 'Android Apps & Games' started by anteries, Oct 14, 2010.

  1. anteries

    anteries Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    44
    Joined:
    Oct 10, 2010

    Oct 10, 2010
    44
    1
    16
    I've recently bought a HTC Wildfire and absolutely loved it and the concept of android.

    But as a long-time computer user the seeming lack of security is freaking me out a bit.

    I've read the guidelines about what services and application has access to, but just about every single application asks for access to things that are worrying.

    So it's mostly a matter of install and pray.

    The advice is, to listen to android community feedback about particular applications. Obviously some applications have become well known and legitimate.

    But unless I'm mistaken, there doesn't seem to be any way to find out if any application is Malware. the only way a person would know, is if they had their identity stolen, their passwords stolen, or money stolen from their bank account.

    And then how would a person know which application was stealing data? how would one know it was even the phone over ones computer.

    So the idea that a community can offer feedback and warn each other of malware hidden in applications, is a false assumption.

    It seems to me, that android phones desperately need some sort of firewall. And a means of recording which applications might be sending data to unknown locations.

    I don't need to scare anyone, but as a newbie this is how it seems to me, if I'm wrong here please let me know, because I really do want to be wrong.
     

    Advertisement

  2. Brian Rubin

    Brian Rubin Android Enthusiast
    Rank:
    None
    Points:
    58
    Posts:
    337
    Joined:
    Sep 9, 2010

    Sep 9, 2010
    337
    20
    58
    Los Angeles, CA
    From what I understand, Android -- which is based on Linux -- is fairly safe. If you get Lookout, stick to apps with lots of/high ratings and always check their permissions, you should be fine.
     
  3. Rigel

    Rigel Lurker
    Rank:
    None
    Points:
    5
    Posts:
    9
    Joined:
    Aug 25, 2010

    Aug 25, 2010
    9
    0
    5
    What you say is true. thanks "lookout" good. but its still a little like an inpregnable fortress, to which the window cleaner and the paper boy demand copies of the master key, to engage their services. bit melodramatic I know.
     
  4. Brian Rubin

    Brian Rubin Android Enthusiast
    Rank:
    None
    Points:
    58
    Posts:
    337
    Joined:
    Sep 9, 2010

    Sep 9, 2010
    337
    20
    58
    Los Angeles, CA
    Um...overtly and unnecessarily melodramatic.
     
    ballr4lyf likes this.
  5. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    966
    213
    What apps are you trying to install that have permissions that are "terrifying"? Can you give some examples.
     
  6. DeathBySnooSnoo

    Rank:
    None
    Points:
    18
    Posts:
    55
    Joined:
    Mar 30, 2010

    Mar 30, 2010
    55
    12
    18
    Network & Telephony Admin
    Tucson, AZ
    The OP is 100% correct. This platform, as great as it is, happens to live by a "buyer beware" model. All I've ever seen people say about security is "be careful what you install."

    So we're supposed to rely upon our "hunches" and "good/bad feelings" to determine what apps pose security problems?

    This is where the Apple Store has Google Trumped. At least there is some oversight as to what is being developed.

    IMO unless someone creates a new Market and puts layers of review and oversight this platform is going to be in for some bad publicity when hackers flood the market and eventually control it with their malware. At which point consider the platform extinct.

    Despite all the doom and gloom I love my Droid. There is just some major room for improvement and it needs to happen ASAP otherwise we'll all be using iPhones (again).
     
  7. revtime

    revtime Well-Known Member
    Rank:
    None
    Points:
    36
    Posts:
    173
    Joined:
    Oct 13, 2009

    Oct 13, 2009
    173
    7
    36
    The sky is falling.................The sky is falling!!!!!!!!!!!!

    Do you need to be diligent and do your homework? Of course you do. Is it as bad as some make it sound? Of course not.
     
  8. bberryhill0

    bberryhill0 Android Expert
    Rank:
    None
    Points:
    273
    Posts:
    2,716
    Joined:
    Jan 27, 2010

    I have yet to see a report of any malware on Android. There was a vague rumor of a virus for the iPhone a while ago.

    If you don't trust your smartphone, turn it off. And pull the battery. ' They' can listen in on turned off phones.
     
  9. CarsnGadgets

    CarsnGadgets Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,067
    Joined:
    May 17, 2010

    May 17, 2010
    1,067
    252
    163
    technical illustrator
    UK
    Just be careful, if it scares you that much then dont install any apps that dont have a long history and have been well tested with a 5 star rating from thousands of downloads. Dont install from outside the market, use Lookout or similar.

    but really the hype about security holes in android or ios are so over the top, yes there may have been one or two instances where apps have posed as wallpaper apps or porn apps but have actually posted your gps location or worse to their devs, but seriously, when they installed a wallpaper app and it said it needed permission to their location services etc it should have told them something was wrong.

    read what permissions the app is requesting, make your mind up based on that info, and if it looks dodgy or too good to be true, or has poor reviews then dont install it.

    dont worry so much, just enjoy your phone. :0)
     
    Steelwool199 and Sunray like this.
  10. CXXV

    CXXV Android Enthusiast
    Rank:
    None
    Points:
    38
    Posts:
    252
    Joined:
    Jan 23, 2010

    Jan 23, 2010
    252
    10
    38
    Sheesh...it's just a phone. Something happens you just reflash it....:rolleyes:
     
  11. takeshi

    takeshi Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    3,354
    Joined:
    Dec 6, 2009

    Dec 6, 2009
    3,354
    283
    163
    It sounds like you need to read up on the various permissions. You can't always understand why an app is requesting a particular permission just based on the name of the permission alone. It's not always so straightforward. Often, a needed capability is stuck under a certain permission and the capability and the name of the permission aren't clearly related at a glance.

    Also, as an example, you need to consider the bigger picture. For example, if you read the warnings for any keyboard app you'd probably live in constant fear that everything is being keylogged. However, if the keyboard app doesn't have the permissions to transmit data then it isn't going to do a malicious developer any good unless he intends to physically take your device from you to retrieve the data.

    In other words, you really have to be able to read between the lines.
     
  12. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    966
    213
    While I agree with you that the Marketplace is kind of a cesspool, I'm not so sure that it needs complete oversight like the Apple Store.

    Really it's all about common sense. I downloaded some live wallpaper the other day. It wanted Full Internet Access. In my mind, I know that it makes no sense for a live wall paper to need that. So I didn't install it. I put Angry Birds on my phone today. It says it's ad supported. The only permission it asked for was Full Internet Access. This makes sense to me since it's ad-supported.
     
  13. Oriley

    Oriley Newbie
    Rank:
    None
    Points:
    15
    Posts:
    10
    Joined:
    Oct 16, 2010

    Oct 16, 2010
    10
    0
    15
    So guys why is there NO " Safe apps recommened " here in the Wildfire forum ? Searched most , and find ,as yet , no Sticky , to tell which apps are good and Safe , hm ,strange .........or trust a stranger........:thinking:
     
  14. A.Nonymous

    A.Nonymous Android Expert
    Rank:
    None
    Points:
    213
    Posts:
    7,059
    Joined:
    Jun 7, 2010

    Jun 7, 2010
    7,059
    966
    213
    No trust your own common sense.
     
  15. blackvyper

    blackvyper Well-Known Member
    Rank:
    None
    Points:
    38
    Posts:
    170
    Joined:
    Dec 27, 2009

    Dec 27, 2009
    170
    17
    38
    Regensburg, Germany
    Much ado about nothing.
     
  16. Sulfur

    Sulfur Well-Known Member
    Rank:
    None
    Points:
    16
    Posts:
    81
    Joined:
    Aug 11, 2010

    Aug 11, 2010
    81
    6
    16
    Iowa
    If you don't want an app to access a permission that it is requesting, don't install it. Simple as that.
     
  17. budmuncher

    budmuncher Lurker
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Oct 4, 2010

    Oct 4, 2010
    4
    0
    5
    Do developers NEED to mention what permissions their apps will request? Whats to stop developers from not mentioning permission requests and using their apps to access your private info without your knowledge......to me this is a serious concern.
     
  18. Szadzik

    Szadzik Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    5,413
    Joined:
    Feb 15, 2010

    Feb 15, 2010
    5,413
    715
    223
    Male
    FAS Admin
    The Market knows all the permissions an app will request at the moment of installing and developers cannot hide it. The moment app is submitted to be published to the Market it is scanned for permissions and other stuff.
     
  19. droidros

    droidros Android Enthusiast
    Rank:
     #248
    Points:
    88
    Posts:
    504
    Joined:
    Oct 10, 2010

    Oct 10, 2010
    504
    26
    88
    Federal employee - Instructional Designer/Project
    DC Metro Area
    That's good to know.

    I think the OP is asking a legitimate question and answers along the lines of "if you don't understand why it's asking to access xyz then don't install it" aren't particularly helpful.

    I am new to Android based phones and love all the apps available, but I don't always understand why certain apps need to access certain data. I didn't install one particular app because it wanted access to my Contacts. I think it was just a news service so why would it need that? Other than cases like that, I've installed the apps that look interesting based on user comments and just trust that if others haven't reported a problem, it's probably okay.

    But it is somewhat reassuring to hear that there haven't been too many reports of malware on Android systems.
     
    wellmiss likes this.
  20. sookster54

    sookster54 Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    906
    Joined:
    Jul 28, 2010

    Jul 28, 2010
    906
    56
    78
    You haven't looked hard enough, there's about 3 or 4 of them out there right now (they're coming from China and Russia).

    It takes common sense to keep your phone secure, think about what apps you're downloading and what permissions they need. Also you're at risk if you go download a pirated app that you don't want to pay for on the market, there's a copy of Swype floating around that I wouldn't touch, also there's Need for Speed: Shift and probably Angry Birds and such.
     
    Sunray likes this.
  21. sghere

    sghere Well-Known Member
    Rank:
    None
    Points:
    36
    Posts:
    127
    Joined:
    Nov 7, 2009

    Nov 7, 2009
    127
    4
    36
    Network Engineer
    IL
    The only way to insure complete privacy is to go off the grid completely.

    You install applications on your computer don't you? Look at all the cookies that are accepted which collect "anonymous" information.

    If you're that paranoid about applications and security, then technology isn't for you.

    There are ALWAYS ALWAYS 2 sides to everything...good/bad, light/dark, secure/unsecure etc., etc.

    Not flaming you personally here, but if you really want to see something scary, Google your name "firstname lastname" (in quotes) and see what comes up.

    There are even sites that charge $14.95 to get your social security #, annual income, where you live, aliases etc.

    So if you're worried about the security of the phone, turn around and take it back for a "non" smart phone.

    Take care
    S
     
  22. rastoma

    rastoma Newbie
    Rank:
    None
    Points:
    16
    Posts:
    20
    Joined:
    Oct 17, 2010

    Oct 17, 2010
    20
    5
    16
    Wow.

    I just got my first Android device, Epic 4G and LOVE it. I was excited to find a, what seems to be, good Android community. And I see comments regarding security as 'just go off the grid then'.... 'use common sense'.... 'pull your battery then'.

    I can tell that everyone here is a 'geek' with a big computer background (myself included). You all build your own computers, do computer repair or big into programming, etc. And if this the only people in the world that ever buy Android based phones, then yes, none of us will have any problems because we all 'know better'.

    But I for one, want Android to SUCCEED (which it is so far but is FAR from beating the iphone yet) and want it to LAST. In order for that to happen, the MASS MARKET is going to have to buy. The MAJORITY of those people will not know better. They will trust that the product is safe to use. They will assume that if the item is the marketplace then it's safe to use. We all assume that if something is for sale in a store then it's ok to use.

    Everyone needs to stop acting like they know everything and start appreciating that there's people out there that don't realize there could be a hazard in installing an innocently looking app. That doesn't make them stupid or less intelligent. It's something they don't have background in. And before makes a stupid comment by saying they shouldn't buy an Android phone then.... well that's just a stupid comment. Because if you don't know there's a danger then how would you know not to buy it?

    I hope Android conquers the iphone eventually and it will never happen if it's not made safer to use. That's not doom and gloom and I know there's nothing bad happened yet, other than the mentioned one or two wallpaper apps that caused an issue.

    I just can't see why it would be so hard for Google to have a team of people to scan through new app submissions for malicious activity or even come up with some kind of automated scanner to check for things.
     
  23. locus

    locus Member
    Rank:
    None
    Points:
    16
    Posts:
    61
    Joined:
    Mar 19, 2010

    Mar 19, 2010
    61
    4
    16
    EHS Coordinator
    Toronto
    At least when installing apps on the Android it tells you or asks you the permissions it wants, I Have installed apps on Nokia Symbian and apple ipod or ipad and never been asked or told what services the app needs, yet it seems no one really wonders or asks what itunes apps are doing with information it gathers from your phone, at least on Android I have a choice and know what is going on. My $0.02 cents
     
  24. sookster54

    sookster54 Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    906
    Joined:
    Jul 28, 2010

    Jul 28, 2010
    906
    56
    78
    Exactly and the risk is even greater when you jailbreak your iPhone/iPod, my iPod is jailbroken and Cydia has a list of downloadable apps, and I'm not bothering, only thing I downloaded were wallpapers and icon packs for the winterboard then I leave the iPod in flight mode to be safe and I use prepaid cards when I want to purchase something.

    Blackberries also prompts permissions when you install apps, there was one app I installed a year ago I got off crackberry (I forget what it was) and had suspicious permission requests so I dumped it immediately.

    By the way, Apple store isn't 100% secure, there's one SMS app that's constantly flooding TELUS right now.
     
  25. Ozymandias88

    Ozymandias88 Well-Known Member
    Rank:
    None
    Points:
    18
    Posts:
    84
    Joined:
    Apr 29, 2010

    Apr 29, 2010
    84
    17
    18
    Aerospace Engineering Student
    Sheffield, UK
    I actually think your overestimating the security of the iPhone store, nobody actually knows what apple does to validate an app. The number of times apps are pulled from the app store AFTER being added and the volume of apps submitted each day means that they just can't be thoroughly testing every app before allowing them onto the store it's just not possible. You could say that provides a false sense of security as my understanding of the iphone store is that you don't even know what an app can do ever. At least on android you know exactly what an app can access.

    My take on the whole thing anyway is that you have to have some common sense to use any technology. If its running android don't install the sexy girl wallpaper that wants access to your gps, contacts, and services that cost you money. If it's windows don't click that button on a website that says you've just won $10000000000 click here to claim it.

    Also as it's not been posted yet anyone whos wondering about permissions should read this:
    http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html

    Edit: Ah beaten to me point by lokus and sookster
     
    Sunray likes this.

Share This Page

Loading...