Linked by Howard Fosdick on Mon 21st Nov 2011 07:28 UTC
Bugs & Viruses "What happens when anyone can develop and publish an application to the Android Market? A 472% increase in Android malware samples since July 2011." A study by The Global Threat Center over at Juniper Networks details mobile attacks that are increasing both in numbers and sophistication. This contrasts to the iPhone, more secure in part due to Apple's proprietary hold over the platform through its review process.
Thread beginning with comment 497774
To view parent comment, click here.
To read all comments associated with this story, please click here.
Thom_Holwerda
Member since:
2005-06-29

Stick to the Android Market - as 99% of users do - and there is no virus problem. It's just your typical FUD.

Reply Parent Score: 1

Alfman Member since:
2011-01-28

Thom Holwerda,

"Stick to the Android Market - as 99% of users do - and there is no virus problem. It's just your typical FUD."

The article gives the impression that the malware was found in the respective app stores.

Having reviewed vs untested repositories would at least help users make more informed choices, IMO. And it wouldn't have to impose a totalitarian grip ala-apple.

Reply Parent Score: 3

B. Janssen Member since:
2006-10-11

Having reviewed vs untested repositories would at least help users make more informed choices, IMO. And it wouldn't have to impose a totalitarian grip ala-apple.


I have a business idea for you right here: open an app shop, guarantee malware screening and take a little fee, e. g. 1$/month. Considering how popular subscriber AVS are on MS Windows, I think that could work. You can thank me later ;)

Reply Parent Score: 2

Panajev Member since:
2008-01-09

Thom...

http://blog.trendmicro.com/droiddreamlight-variant-pretends-to-mana...

That was on the official Android market and it's not the only time it happened.

I am not saying that Google should make rooting tougher (it should be easier, it would help with debugging NDK code), or that it should not be possible to have other markets, etc...

I am saying that paying more attention to their own store could help. I do not think that they have the will to dedicate enough resources to policing it a bit more Apple-style not to produce huge delays between submission and publication. Still, the sense of Android being an understaffed and underfunded project (I do not know why Google is treating such a cash cow like this) is still there... especially when I visit the Tools page.

Edited 2011-11-21 10:31 UTC

Reply Parent Score: 4

sparkyERTW Member since:
2010-06-09

Stick to the Android Market - as 99% of users do - and there is no virus problem. It's just your typical FUD.


I would argue that even this sort of rigidity isn't necessary. Even on my Windows partitions, I cannot remember the last time I encountered a virus on my machine; it's been many, many years. And it's not like all the applications installed came from a closed, heavily-regulated distribution channel.

The key is I don't install software from sources I don't trust. I don't go installing cracked commercial software from warez sites (surely a person who distributes cracked software wouldn't possibly pull anything shady). I don't go installing some random software from www.free-software-really-good-stuff-free-free-free.com.org.net.ru. I don't go blindly installing some software my friend who purports to be "computer savvy" tells me I have to try without doing a little research, and I sure as hell don't let ANYONE go installing stuff on my machines.

If I install GIMP, Ardour, LibreOffice, etc., I don't go grabbing a binary from some strange corner of the Internet. I get it from the repo of a well-established software distribution, or I go directly to the source itself.

It's all about common sense. Even if an app store claims to have thorough, strict review policies, take a long, hard look at what you're about to install. Does it have plenty of history behind it? How many people are using it, and what are their experiences? Who makes it: do you know them? What does the app say it needs access to; can you figure out a good justification they might have for needing those permissions? These questions might not save you every time, but it will definitely reduce the risk by an enormous factor.

Critical thinking: it's the bee's knees.

Reply Parent Score: 2

Alfman Member since:
2011-01-28

sparkyERTW,


"The key is I don't install software from sources I don't trust...."

You are trusting software based on WHO is providing it rather than on what the software DOES. This shouldn't be the primary goal of platform security. Keep in mind this is exactly how ActiveX worked, and that was a nightmare. Now one could argue that it's the user's fault for installing controls from "untrusted sources", but what reasonable approach can a normal user take to determine the trustworthiness of a website running a technology that was meant to be ubiquitous?

The other issue is that even trustworthy sources can contain exploits and rootkits.


Clearly identity based solutions aren't a good substitute for good sandbox designs. You generally can run java/javascript from any arbitrary website using a recent web browser with fair confidence that it can't take over your machine.

We should take some responsibility by making operating systems that can securely contain nefarious apps.

Reply Parent Score: 2