Linked by Thom Holwerda on Mon 22nd Apr 2013 23:00 UTC
Google "The family of Android malware that slipped past security defenses and infiltrated Google Play is more widespread than previously thought. New evidence shows it was folded into three additional apps and has been operating for at least 10 months, according to security researchers." Google removed most of it, but not before it was installed anywhere between 2 to 9 million times - finally some figures from Google itself, and not scaremongering by antivirus companies. At 9 million, that's 1.2% of all Android devices sold.
Thread beginning with comment 559522
To read all comments associated with this story, please click here.
Getting you bit by bit
by orfanum on Tue 23rd Apr 2013 04:55 UTC
orfanum
Member since:
2006-06-02

So, most of the said apps originate from Russia or are Russian-language specific. Why is this a surprise to anyone? Even from the days of searching for files via ftp servers I have avoided .ru ones (as well as Chinese-bases hosts) even where these were apparently attached to legit institutions seemingly, such as in the educational sector.

Also, doing a search for 'bitdefender' via Google Play gives one the first option of 'Bitdefender mobile security'. Take a look at the permissions that programme demands. Is this legit, and if it is, why would Bitdefender need such access to my device? If it isn't, why is it there and why does Google's search algorithm present it as the top choice?

I am a reasonably savvy hobbyist user (which means mostly I have absorbed enough information to be on the sanely side of twitchy rather than having become technically expert as such over the years) but getting corroboration of validity and authenticity even when alarm bells start to ring seems to me to be getting gradually harder and harder to achieve with confidence since the advent of smartphones.

I may be rambling here (as an amateur that's another hit-and-miss risk one takes) so am open to being corrected.

Reply Score: 2

RE: Getting you bit by bit
by pandronic on Tue 23rd Apr 2013 05:18 in reply to "Getting you bit by bit"
pandronic Member since:
2006-05-18

Bitdefender is not made by a Russian company, but by a Romanian one, also it's one of the top antiviruses on the market.

Reply Parent Score: 3

RE[2]: Getting you bit by bit
by orfanum on Tue 23rd Apr 2013 15:04 in reply to "RE: Getting you bit by bit"
orfanum Member since:
2006-06-02

I wasn't suggesting it was ;) Good to know the origin though-not that it makes me feel safer...

Reply Parent Score: 2

RE: Getting you bit by bit
by aligatro on Tue 23rd Apr 2013 05:33 in reply to "Getting you bit by bit"
aligatro Member since:
2010-01-28

"So, most of the said apps originate from Russia or are Russian-language specific. Why is this a surprise to anyone? Even from the days of searching for files via ftp servers I have avoided .ru ones (as well as Chinese-bases hosts) even where these were apparently attached to legit institutions seemingly, such as in the educational sector. "

They do, however you are ignoring the fact that's its mostly the rogue ad-network that caused those infections. Of course its the also the fault of those developers for not realizing this. Something similar can happen even with legitimate ad-networks and in result with legitimate websites.


"Bitdefender is not made by a Russian company, but by a Romanian one, also it's one of the top antiviruses on the market."

So what you are saying is: its more trust-worthy because the company was founded in Romania?

Edited 2013-04-23 05:42 UTC

Reply Parent Score: 2

RE[2]: Getting you bit by bit
by orfanum on Tue 23rd Apr 2013 15:09 in reply to "RE: Getting you bit by bit"
orfanum Member since:
2006-06-02

Yes, you are right, my conclusion was a bit unfocused of me really since I had read the article fully and had come away with the notion that it explained the complexities of the situation well enough for a layperson to comprehend. Still, there seems to be a fair amount of correlation going on which to me suggests either it's possibly malicious use of the ad-framework or a lack of rigour on the part of the developers. Neither possibility fills me with any greater feeling of ease regarding apps that originate from that part of the world, unfortunately.

Reply Parent Score: 2

RE[2]: Getting you bit by bit
by Soulbender on Thu 25th Apr 2013 03:10 in reply to "RE: Getting you bit by bit"
Soulbender Member since:
2005-08-18

So, are you saying it's less trustworthy because it's not made in western Europe or the US?

Reply Parent Score: 2