Yikes.. an Android Trojan on the loose!

[adrynalyne]

How much you wanna bet there were tell-tale signs in the permissions before you install it?

 

[euph_22]

I was kind of thinking that too. Not saying that this trojan is fake (but also not saying its real either). It makes me wonder what their motive is that it just so happened a security company is the one to "discover" a trojan. And no, just because they're a security company doesn't mean they automatically have a better chance of running across it. Seems similar to the earlier scare of the wallpaper app fiasco, which so happened to be another security company to report it. And, well all I can say is their traffic/users shot through the roof.

Again, not calling BS but just throwing out a conspiracy theory

The company has X number of employees working Y hours a day trying to identify emergent threats/malware. How does that NOT make them more likely to be first to PUBLICLY identify it?

 

[34.50]

I suppose with open source stuff, and Google allowing anyone to make an app and submit it in the market.....it was only a matter of time.

I'm actually quite surprised how long it took for someone to release some sort of malware.

 

[woop]

The company has X number of employees working Y hours a day trying to identify emergent threats/malware. How does that NOT make them more likely to be first to PUBLICLY identify it?

I never said publicly, you're putting words in my mouth sir. I said the chances of someone running across it whether that be the millions of normal Android users or that be a security company are the same. The chances of me not knowingly downloading an app that consist of a trojan is completely identical to someone working for a company. That company worker cannot identify a trojan until they download the app or atleast see the source code. So it isn't like they're looking for multi-colored eggs out in the open. If anything, the normal user would have a better chance considering many don't even bother looking at the permissions, and then when they're phone bill is 5x more than what it should be, theres a chance that person would raise hell with VZW and its Android relations

 

[kdarling]

I suppose with open source stuff, and Google allowing anyone to make an app and submit it in the market.....it was only a matter of time.

It has nothing to do with open source.

It has everything to do with people not paying attention to the permissions that an app desires.

At least Android users can see those permissions. Combing through the permissions also makes it especially easy for watchers to find apps that need to be monitored to see if they're doing anything nasty.

Users of WinMo and iOS phones don't know what their apps have access to.

There have been iPhone apps found that secretly send your Contacts overseas, for example. Who knows what else is out there that hasn't been found yet.

So Apple's simple check / censor of apps isn't going to find all trojans. Witness also the recent example of a WiFi hotspot hidden in an iPhone flashlight app.

Fortunately both Google and Apple have a way to remotely delete an app found to be malicious.

 

[A.Nonymous]

Hi, I'm Jessie and I have an app addiction. ;-) I do pay close attention to permissions before I install an app. If an app seems to have strange permission requests, I won't install it. My question is, what if the developer doesn't list all permissions? I have seen some comments in the market from users angry that an app was using programs that were not listed in the permissions area. I haven't had that problem myself (that I know of) but it seems very possible, even likely, that a malicious app, virus, or trojan would not exactly be honest about what it would have access to. Thoughts?

The angry users don't know what they're talking about. You don't have an option of whether you list permissions or not. When you compile a program the list of permissions is automatically generated. If you write code in your program that lets you read a phones contact list, when you compile your program, that permission goes to the list of permissions the program requires.

 

[Jessie]

The angry users don't know what they're talking about. You don't have an option of whether you list permissions or not. When you compile a program the list of permissions is automatically generated. If you write code in your program that lets you read a phones contact list, when you compile your program, that permission goes to the list of permissions the program requires.

Thank you for the reply. I've wondered about this, especially with the news of a possible trojan on the loose. And yeah, I agree that the angry users are often angry through a lack of their own misunderstanding; not reading the app details, not being able to figure the app out within a few seconds, or (my personal fave) not knowing the difference between an app and a widget.

 

[killadanny]

Well don't mess with me, or they'll be hell to pay.