Very interesting interview with Adrian Ludwig, lead engineer for Android security at Google. There are a lot of fascinating answers to quote here, and I’m going for this one – do you need antivirus crap on your Android phone?
In 2014, according to Verify Apps data collected by Google and ignoring rooting apps that were intentionally installed by users, fewer than 0.15 percent of Applications installed from outside of Google Play to U.S. English devices were classified as Potentially Harmful Applications. Given the built-in protection provided by Verify Apps and the low frequency of occurrence of installation of PHAs, the potential security benefit of an additional security solution is very small.
I – and many others – have been saying this for ages, but let me just repeat it: do not install third-party security solutions on your Android phone. They are useless resource hogs that provide no additional security, and are built by scammy, untrustworthy, and needlessly alarmist software peddlers.
That being said, it’d be great if Google released more information about these background security tools in Android – more specifically, numbers, numbers, numbers.
McAfee shows how to uninstall McAfee: https://www.youtube.com/watch?v=bKgf5PaBzyg
Immoral mafia buffs.
I think that should say needfully alarmist. Because, they need to be alarmist to justify their existence. I mean, you wouldn’t need them if you weren’t convinced something was wrong, right?
No questions re: Data-mining, tracking, how “safe” can applications with 3rd-party advertisers tacked-on truly be.
In many cases authors can do a lot more explaining why they need certain ‘sensitive’ permissions. Sometimes a simple app needs those permissions because of the ad-routine that has been tacked on.
There are tons of *simple* apps that request contact info, phone number that’s calling you, authenticate accounts, read sensitive data logs. Recently there was an app developer who went through his user’s contact info and started sending unsolicited emails (Javelin Browser).
Also, for devices considered mobile (always-on), why no feature-rich firewall?
THIS! Very much this!
Looking into this, I’m left wondering why this didn’t get much press at all. Incredibly sleazy behavior and the excuses given by the developer doesn’t even remotely cut it. “it was a slipup” Oh right, yeah, ok, you just accidentally created the feature in your app to collect all email addresses, accidentally made it send them to you and then by accident had a whole setup for sending unsolicited emails. A likely story.
Looking into this, I’m left wondering why this didn’t get much press at all. Incredibly sleazy behavior and the excuses given by the developer doesn’t even remotely cut it. “it was a slipup” Oh right, yeah, ok, you just accidentally created the feature in your app to collect all email addresses, accidentally made it send them to you and then by accident had a whole setup for sending unsolicited emails. A likely story.
I would feel much safer if point 3 was not just the ability to view permissions, but to toggle permissions on a app pr app basis.
Never mind that Google actually made it harder to see the specific permissions an app wants, and obscures when new ones are added that may be worse than the ones initially granted, with a recent Play Store update.
Also, i wish they pressed them on the snake oil that was the Storage Access Framework. In no way was that about “security”. At least not for user data, but perhaps Big Media “content”.
Edited 2015-02-12 23:44 UTC
Most of the fear about Android malware comes from the fact that malware occasionally slips into the Play Store.
There is a whole industry of 1)making a stealth Android malware apps so they pass under the bouncher radar and 2)paying human users to give them good rankings and increase download numbers so they don’t appear fake.
http://www.kaspersky.com/about/news/virus/2014/how-much-do-cybercri… (yes, link to a fearmonger)
For example: How many of the following apps the following search returned are real and how many are malware or scams?
https://play.google.com/store/search?q=ps1
App Stores should not be like that. They are supposed to be Stores not unregulated middle-east Bazaars where anyone can set up a tent and sell stuff of questionable legality, function and safety while being anonymous (the Play Store model)
Edited 2015-02-13 00:07 UTC
Middle-eastern Bazaars are awesome.
I never knew you could long press on a notification to see what generated it, and take action.
O_o Usually (always?) I know what generates the notifications. Nice to know, though, that if I don’t I can identify it.