Forgot your password?
typodupeerror
Security Android

Google: BadNews Malware Wasn't Really Bad, After All 24

Posted by Unknown Lamer
from the mundane-bad-news dept.
chicksdaddy writes "When reports surfaced about 'BadNews,' a new family of mobile malware that affected Google Android devices the news sounded — well — bad. BadNews was described by Lookout Mobile Security as a new kind of mobile malware for the Android platform-one that harness mobile ad networks to push out malicious links, harvest information on compromised devices and more. Now, six weeks later, a senior member of Google's Android security team claims that BadNews wasn't really all that bad, after all. Speaking at an event in Washington D.C. sponsored by the Federal Trade Commission, Google employee and Android team member Adrian Ludwig threw cold water on reports linking BadNews to sites that installed malicious programs. The search giant, he said, had not found any evidence linking BadNews to so-called SMS 'toll fraud' malware."
This discussion has been archived. No new comments can be posted.

Google: BadNews Malware Wasn't Really Bad, After All

Comments Filter:
  • by Anonymous Coward

    This just in: Vendor claims malware isn't as bad as people say. Film at 11.

    Did anyone really expect them to say different?

    • by stephanruby (542433) on Monday June 10, 2013 @07:00PM (#43967961)

      Did anyone really expect them to say different?

      I didn't.

      The application asked for permission to send sms (and potentially cost you money).

      It's not malware if it tells you exactly what it's going to do, and then does it with your explicit permission (not that it even did that since it was only a proof-of-concept app). It's only a malware app if someone else has temporary possession of your phone, plus its pin number, and then installs the application just to cause you harm without you knowing.

      And this is actually nothing new to Android users.

      • by Anonymous Coward

        This is the biggest reason why I won't be moving to Android anytime soon. On iOS, it'll ask for permission when it needs to send something, and I can stop it. There are plenty of apps that require permissions that I only want to give access to occasionally. If an app wants access to my pictures, I tell it what pictures it can access. Same with contact information. Giving apps blanket access at install time is brain dead.

        • by DrXym (126579)
          The up front permissions is better than nothing but it's not good enough.

          Android really needs to ask the user to grant / deny a permission each time it is accessed, with a checkbox to remember the decision. Some apps can be incredibly annoying, such as Facebook which is constantly turning on GPS which saps battery power. I should be able to disable that permission and force it to use a less precise location system or none at all. Another app might have a genuine need to launch the dialler, to call someone

    • by tangent3 (449222)

      This just in: Anti-malware vendor claims malware is worse than it actually is. Film at 11.

      Did anyone really expect them to say different?

  • by ADRA (37398) on Monday June 10, 2013 @06:00PM (#43967557)

    How can we flame you if there's no story!! Wahh!

    • by Anonymous Coward

      Since when did reason ever get in the way of a good flame war?

    • by icebike (68054)

      How can we flame you if there's no story!! Wahh!

      You can flame someone for jumping the gun perhaps?
      With not a shred of evidence it appears that Lookout actually precipitated this stampede, and Google followed suit.

  • Ad networks will always be a potential vector of infection and since many, if not most, apps on Google Play (and iOS) that are free will have ads from a major ad network, it means that any application can potentially give you malware with no fault of the application developers themselves.
  • Often when there is a major security issue in a software product, there is a marketing that follows in the next few weeks saying it wasn't really as big a deal as the researchers originally claimed. Normally they state how the issues raised don't really apply in the real world. Often the phrase 'Threw cold water' is used. This is done as a distraction and PR exercise to deflect from the fact that the company does not wish to invest the time and effort into fixing the issue.

    The IT press normally picks up

  • `Speaking at an event in Washington D.C. sponsored by the Federal Trade Commission, Google employee and Android team member Adrian Ludwig threw cold water on reports linking BadNews to sites that installed malicious programs. The search giant, he said, had not found any evidence linking BadNews to so-called SMS 'toll fraud' malware."'

    So it was just a ruse by the AV companies to sell more AV product ...
    • by lxs (131946)

      Yup. Also Google isn't sharing your email with NSA spies and their datacenters are patrolled by fairies on unicorns in search of rogue rainbows.

  • Malware wasn't really bad after all. Oh, my, yes. Plus I'm still in my pajamas.
  • I actually agree with them on this one. This malware wasn't as bad as the recent disclosure of Google's involvement in a top-secret U.S. Government mass surveillance program that has been going on for several years now.

The reason that every major university maintains a department of mathematics is that it's cheaper than institutionalizing all those people.

Working...