Linked by Thom Holwerda on Sun 27th Jul 2014 11:51 UTC

Antivirus peddler Trend Micro recently issued a "report", in which it states that "Google Play [is] populated with fake apps, with more than half carrying malware". Sounds scary, right?

Well, reality is a little different, as TechRepulic and Android Police found out.

It turns out that Trend Micro is guilty of a little over-eager language that obfuscated the nature of some of these threats. While there are indeed fake versions of many popular Android apps available for download, Trend failed to mention in their initial promotion for the report that the apps in question were posted outside the Play Store, and had to be installed manually in what's commonly known as a side-load. This requires users to download the app in a browser, ignore a standard security warning about APK files, and disable a security option in Android's main settings menu.

As I've been saying for years and years now, antivirus peddlers are the scum of the technology industry. These people actively lie and spread FUD about popular platforms just to scare people into buying their crappy, bloated, unnecessary software. They tried these scummy scare tactics for OS X, iOS, and recently it's been Android's turn. Of course, it doesn't help that people like Tim Cook actively join in on the lying and FUD.

You can spot the FUD from miles away. It usually contains something like "99% of all mobile malware targets Android", which may technically be true, but is actually entirely meaningless without the figure that actually matters: infection rates to determine just how successful this malware actually is. The actual infection rate figures make it very clear that they are, in fact, not successful at all. Another dead giveaway that you're dealing with antivirus FUD is "[platform] is insecure. Buy our software to make it secure".

Android is just as secure as iOS. The figures are out there for all to see. Any time you see articles about reports regarding Android's security, you can be 100% sure it's coming from antivirus peddlers, meaning the figures will be contorted, false, manipulated, or just downright made up. These people are not to be trusted. If you still haven't learned that lesson, you are either stupid, or you have an agenda to push.

Permalink for comment 593339
To read all comments associated with this story, please click here.
RE[4]: Comment by DhulKarnain
by anda_skoa on Sun 27th Jul 2014 20:39 UTC in reply to "RE[3]: Comment by DhulKarnain"
Member since:

For things to be executed in a Unix environment after being downloaded, the user would either have to chmod+x and run it themselves

This is true for running the download itself, but I think one should consider a broader range of execution forms.

The downloaded item could be input to something that actually runs.
For example an extension to a program (like a browser extension) does not have to be executable itself but can still perform things within the functionality limits exposed by the program's scripting framework.
Which could very well include downloading capability, local file access and running child processes.

Even more problematic example are inputs to programs running with elevated permissions.
One easily overlooked example for this is the system's package manager.

Unless it has been configured to only accept packages signed by specific keys, it would without hesitation run pre- and post-install hook scripts. As root!

Sure, running the package manager will usually require a password, but it would still be a viable attack vector for a trojan, i.e. something that can reasonably claim to have to be installed.

Reply Parent Score: 4