Infected Androids Run Up Big Texting Bills 279
Hugh Pickens writes "Computerworld reports that a rogue Android app is hijacking smartphones and running up big texting bills to premium rate numbers before the owner knows it. Chinese hackers grabbed a copy of Steamy Windows, a free program, added a backdoor Trojan horse to the app's code, then placed the reworked app on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it."
Holy AI, Batman (Score:5, Insightful)
"[...] where unsuspecting or careless Android smartphones find it, download it and install it."
I really dislike careless phones. Perhaps reviewers can test and report which are careful.
I'd also like to know how to make my phone less naive about unauthorised app stores.
Perhaps I should take away my phone's download privileges...
Oh noes! (Score:3, Insightful)
Obviously this means we should abdicate (forcibly, if necessary) all control over our computing devices to large corporations with a vested interest in denying us the ability to use them as we see fit.
Common Sense (Score:3, Insightful)
If not within the OS itself, cellphone accounts should come with voluntary (user-adjustable) quotas to mitigate such things. It might be just as useful for parents to control runaway texting teenagers.
Re:Common Sense (Score:4, Insightful)
Re:Oh noes! (Score:5, Insightful)
Obviously this means we should abdicate (forcibly, if necessary) all control over our computing devices to large corporations with a vested interest in denying us the ability to use them as we see fit.
You buy stuff from trusted sources. There are a few trusted ones, and none of them have addresses in China.
The people getting these infected apps knew damn well what they were doing. They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way. Looking for Porn is my guess. I have very little sympathy.
The point is no one falls into this trap using the Google market or the upcoming Amazon market, or a couple others.
Re:Common Sense (Score:5, Insightful)
Who do you trust: The phone company, the phone, or the user?
If you trust the phone company, then having a cellphone contract option to limit data/text/etc. usage to some cap can mitigate the worst case bill you'll be surprised with.
If you trust the phone, then OS options to limit what an app can do can mitigate worse case damage done.
In either case, you have to trust the user to make the right choices with respect to cellphone contract or app permissions.
I think my problem is that I don't trust any of the above.
permissions (Score:5, Insightful)
More importantly, they had to give the app permission to send texts. Very few apps need that permission.
Re:Oh noes! (Score:1, Insightful)
Are you like some kind of leftover hippie? You even throw around the word "corporate" as if it's automatically a bad thing. The very computer you used to type your post was spawned from the evil corporate world you hate so much.
You won't ever admit it, of course, but the fact is that there is a trade-off between controlled and open that involves security, reliability, and speed, and the world is moving toward the paradigm of appliance computing. Most people don't give a shit about "openness" or being able to install software from any third-party. This is little different from the system already in place on game consoles, for example, which has beaten out PC gaming. In other words, you're part of a niche, but you didn't know it, because, until recently, everyone else was forced to use Wild West platforms like Windows. Now, so-called "walled gardens" are taking over, and app stores are the new way to get software. Even Windows is getting one.
That people are willingly choosing this new way of computing drives you crazy.
What makes a source trusted, preempt or react? (Score:4, Insightful)
You buy stuff from trusted sources.
What makes a source trusted? Do they screen apps for inappropriate behavior before putting an app on the store (preempt) or do they just remove inappropriately behaving apps after they are discovered in the field (react)? I don't think trust is a binary state, its a range of levels. A reputable source that preempts may be more trustworthy, a reputable source that merely reacts may be less trustworthy but more convenient.
Yes, you are pathetic (Score:3, Insightful)
So basically you want some magic situation where people have freedom but no responsibility. How typical. This is NOTHING new, everyone can install software from anywhere on the PC and the stupid have always had problems with this.
We do leave people behind here, if you are to stupid to tell what software is legit and which isn't, then you shouldn't be installing crap.
Freedom for those who can handle the responsibility, lockin for those who can't.
Clearly you can't.
Then go dry hump your Android and shut up (Score:3, Insightful)
Seriously--you never hear any iPhone-fan screaming that Android or the Android marketplace shouldn't exist. Never. If that's what you want, then go for it.
The Android world, though, (by and large) is completely obnoxious towards people who choose an iPhone (I guess CHOICE is only a virtue when someone chooses your way)--to the point of trying to somehow force Apple to do things differently. The Android world looks down on the grandmothers of the world who just want to be able to Facetime easily with their grandchildren. You see, if you aren't l33t enough to run SETI@home on your phone then you don't deserve to have a smartphone, right?
And, most irksome to me personally, the Android world operates under the delusion that technical people don't use iPhones. I think I probably know more about computers than you do--and I use an iPhone because I appreciate good design and I want something that works. I don't care that I can't compile the Linux kernel on it for the same reason that I don't care that I can compile the Linux kernel on my microwave.
Get a life.