Google Pulls 21 Malware Apps From Android Market 242
Hugh Pickens writes writes "CNN reports that Google has pulled 21 free apps from the Android Market that, according to the company, are aimed at gaining root access to the user's device, gathering a wide range of available data, and downloading more code without the user's knowledge. Unfortunately although Google has moved swiftly to remove the apps, they have already been downloaded by at least 50,000 Android users. The apps are all pirated versions of popular games and utilities which once downloaded, root the user's device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID, and finally act as a wide-open backdoor for your device to quietly download more malicious code. 'If you've downloaded one of these apps, it might be best to take your device to your carrier and exchange it for a new one, since you can't be sure that your device and user information is truly secure,' writes Jolie O'Dell. 'Considering how much we do on our phones — shopping and mobile banking included — it's better to take precautions.'"
Exchange (Score:5, Insightful)
"it might be best to take your device to your carrier and exchange it for a new one"
Yeah good luck with that.
What is up with Android malware? (Score:4, Insightful)
I keep reading stories about Android malware. Why does Android attract more malware than any other phone platform?
I'm curious. It doesn't have the largest marketshare, so that argument is moot.
Re:What is up with Android malware? (Score:5, Insightful)
Re:This is one reason why I have an iPhone (Score:4, Insightful)
but at least I know someone at Apple has personally looked at every app and its update I installed on my phone so a situation like this won't happen.
That's a "famous last words" just waiting to happen. Yes, it's arguably more unlikely. But to say it won't ever happen is just dumb.
Sure it can happen. But unlike the Google store, at least in theory, Apple actually reviews each app and supposedly does basic analysis and testing. Simple solution, Google should have an option or something in their store to have the app verified as passing some sort of bare minimum testing for safety and security. Google Android isn't so perfect it can't learn from others...
Re:What is up with Android malware? (Score:2, Insightful)
That argument never made any sense anyway. If it did, Apache would receive the greater attention from the mal-intentioned than IIS, by far.
The whole "there aren't viruses on the Mac because nobody cares about that platform" argument goes right along with it.
Re:What is up with Android malware? (Score:4, Insightful)
How about just having a proper security system...
BlackBerries ask you for each privileged task the app wants, whether you want to always allow that task, always deny, or prompt when the app needs it...
Re:What is up with Android malware? (Score:5, Insightful)
The other issue is that the way the application presents the security access it needs is, for the average user, completely confusing. You install an app and it gives you a list of 7 things it needs to do including things like "read phone state" and "access internet".
For overly simple apps it may be possible for something like "access contacts data" to be picked up as nefarious by the end user - but in the vast majority of cases there is a long list of permissions and the users are given no real help in understanding what it all means. As such, they blindly accept what is presented to them because they don't understand what the phone is trying to tell them.
(Hell, if I were to decline to install any apps where I didn't fully understand the access it was asking for I don't think I'd have anything installed on my device)
In short, whilst you cannot stop stupidity, there are some pretty major flaws in the user experience which isn't exactly helping people.