Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Security IT

Infected Androids Run Up Big Texting Bills 279

Hugh Pickens writes "Computerworld reports that a rogue Android app is hijacking smartphones and running up big texting bills to premium rate numbers before the owner knows it. Chinese hackers grabbed a copy of Steamy Windows, a free program, added a backdoor Trojan horse to the app's code, then placed the reworked app on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it."
This discussion has been archived. No new comments can be posted.

Infected Androids Run Up Big Texting Bills

Comments Filter:
  • Holy AI, Batman (Score:5, Insightful)

    by Calibax ( 151875 ) * on Monday February 28, 2011 @09:05PM (#35343888)

    "[...] where unsuspecting or careless Android smartphones find it, download it and install it."

    I really dislike careless phones. Perhaps reviewers can test and report which are careful.

    I'd also like to know how to make my phone less naive about unauthorised app stores.

    Perhaps I should take away my phone's download privileges...

  • Oh noes! (Score:3, Insightful)

    by Microlith ( 54737 ) on Monday February 28, 2011 @09:09PM (#35343908)

    Obviously this means we should abdicate (forcibly, if necessary) all control over our computing devices to large corporations with a vested interest in denying us the ability to use them as we see fit.

    • Comment removed based on user account deletion
      • What are they going to do, call your cell phone number? so if it's being used by someone else they'll call them and that person will say "yeah sure go ahead"?

        In this case though it's a bit of caveat emptor. This isn't a remote attack vector that you get just by visiting a website - you have to install the app. Be wary of installing apps from unofficial sources and monitor your own damn bill.

        • It's the usual consumer thing.

          I want a phone capable of running any application, no matter where it may originate from, and it must be able to make full use of every hardware feature of my phone, but if it actually does so, I also must be able to reject any charges it may incur.

          I deny being responsible for what my phone may or may not have done or will do.

          And I want a pony.

    • Re:Oh noes! (Score:5, Insightful)

      by icebike ( 68054 ) on Monday February 28, 2011 @09:17PM (#35343980)

      Obviously this means we should abdicate (forcibly, if necessary) all control over our computing devices to large corporations with a vested interest in denying us the ability to use them as we see fit.

      You buy stuff from trusted sources. There are a few trusted ones, and none of them have addresses in China.
      The people getting these infected apps knew damn well what they were doing. They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way. Looking for Porn is my guess. I have very little sympathy.

      The point is no one falls into this trap using the Google market or the upcoming Amazon market, or a couple others.

      • by mjwx ( 966435 )

        The people getting these infected apps knew damn well what they were doing. They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way

        Worse yet, they actually went out of their way to find pirated software and install it with little regard for actual consequences.

        Not really for or against piracy but... If you do do it and dont know how to check for things like this then you get what you deserve.

        • Re:Oh noes! (Score:5, Informative)

          by compro01 ( 777531 ) on Monday February 28, 2011 @11:09PM (#35344680)

          Where are you getting pirated software out of this? They're referring to non-Google markets, like Amazon's Appstore, Archos' Appslib, and others.

        • Re:Oh noes! (Score:5, Informative)

          by Kitkoan ( 1719118 ) on Monday February 28, 2011 @11:26PM (#35344762)
          The apps weren't pirated since the original App was free. This is one of the catches of freedom. You have the freedom to choose and make it yours, but that freedom can also be the freedom to screw yourself over by malicious people. This is why Android phones by default don't allow you to install non-market apps. You can of course turn that off and install any and everything under the sun that works on Android and that it your choice and freedom but it warns you when trying to do it that you can be taking a risk and be careful what you install. (my phone lists it as "Your phone and personal data are more vulnerable to attack by applications from unknown sources. You agree that you are solely responsible for any damage to your phone or loss of data that may result from using these applications") This is a very good popup (and you have to click OK for it to let you do this) that gives a nice, clear, non-legalese warning. Now if your ignore this clearly spelled out warning and still get screwed over, then its your fault and your problem.
      • permissions (Score:5, Insightful)

        by t2t10 ( 1909766 ) on Monday February 28, 2011 @10:03PM (#35344268)

        They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way

        More importantly, they had to give the app permission to send texts. Very few apps need that permission.

        • This is something that Google needs to work on. They really need to add a feature that requires you to authorize things like that when they come up. At least for the first time. It's seemed to me for some time that it's irresponsible not giving users more control over a function which they might only use once in a while. Directory applications shouldn't have to be given permanent permission to place calls just because once in a long while the user might want that.

          Ultimately, it makes little sense to require

        • Re: (Score:2, Interesting)

          by macs4all ( 973270 )

          They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way

          More importantly, they had to give the app permission to send texts. Very few apps need that permission.

          But the REAL problem is that Android only asks ONCE, at install time, for whatever permissions it might need. So, instead of them getting an Alert saying "Hey, Hello Kitty Wallpaper Needs Permission To Send Text Messages", when they were just checking their to-do list, they MIGHT be just a LITTLE more suspicious, even if they are a noob.

          I am not advocating something that asks every time an app needs to do something other than display text; but asking a non-computer-savvy person to decide on permissions at

          • mod parent +Infinity. So far, this is the only comment that actually addresses the issue in a sensible and realistic fashion.
      • Considering the ease with which one can release software in the Android Market I'm not that sure. Of course they have some measures in place to verify identity (the small, one-off registration fee particularly), this is not much to stop malicious software from entering that market.

        Reg fees can be paid with stolen credit card numbers, for example. And good chance it takes a month for the owner to realise this has happened (as in next billing cycle), so it may take a while before such fraudulent accounts are

        • What does Google have to do with unofficial markets? This is NOT the Android Market place that this is happening on. The PC equivelant would be blaiming EA for virusses found in games on thepiratebay.

          • I was commenting on parent's:

            The point is no one falls into this trap using the Google market or the upcoming Amazon market, or a couple others.

            where he implied that Google's official Android market is guaranteed trusted. And I just wanted to point out that at least Google's market is not to be trusted blindly, and that due diligence remains important. Amazon's market is not up yet, they may vet apps before release so may be better, but nonetheless even Apple's thoroughly vetted app store is not perfectly clean. They will definitely be better and safer than many third-party app stores; it doesn't mean they're perfect.

            A

      • by perpenso ( 1613749 ) on Monday February 28, 2011 @10:43PM (#35344548)

        You buy stuff from trusted sources.

        What makes a source trusted? Do they screen apps for inappropriate behavior before putting an app on the store (preempt) or do they just remove inappropriately behaving apps after they are discovered in the field (react)? I don't think trust is a binary state, its a range of levels. A reputable source that preempts may be more trustworthy, a reputable source that merely reacts may be less trustworthy but more convenient.

        • by icebike ( 68054 )

          What makes a source trusted?

          That little check box in the Android Applications Settings Labeled "unknown sources".

          Once you allow unknown sources all bets are off. You can download an app with the standard
          web browser, but you can't install it unless you uncheck that box.

          So that is what makes a source trusted or untrusted.

          • What makes a source trusted?

            That little check box in the Android Applications Settings Labeled "unknown sources".

            Once you allow unknown sources all bets are off. You can download an app with the standard web browser, but you can't install it unless you uncheck that box.

            So that is what makes a source trusted or untrusted.

            A known source is not necessarily a trusted source regardless of what the check box is labeled. You need to read the sentences beyond the first one to understand the question, ie how trustworthy is a source that merely reacts? Less so for early adopters of an app, more so for those who those who get it later?

        • I don't think trust is a binary state

          No, it's a source state, of course. Unfortunately, these newfangled app-stores only show binary :-(

          Long live Maemo/Meego, where you are able to see source!

      • The people getting these infected apps knew damn well what they were doing. They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way.

        The funny part is - this is exactly what many Slashdotters have been howling for ever since, well, forever. That users be able to get apps from whoever they want without being tethered, forced, or locked in. But as soon as that freedom exists, and (quite predictably) something goes wrong - the cry goes

        • So basically you want some magic situation where people have freedom but no responsibility. How typical. This is NOTHING new, everyone can install software from anywhere on the PC and the stupid have always had problems with this.

          We do leave people behind here, if you are to stupid to tell what software is legit and which isn't, then you shouldn't be installing crap.

          Freedom for those who can handle the responsibility, lockin for those who can't.

          Clearly you can't.

      • by julesh ( 229690 )

        The people getting these infected apps knew damn well what they were doing. They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way.

        Not necessarily. Access to Android Market is restricted to official OS builds. A lot of the cheap device manufacturers in China are shipping devices that run unofficial builds and are not able to access the official market. Users of these devices are just doing the only thing they can by using altern

    • by bmo ( 77928 )

      No, it means that people should stick to trusted software, and sites. You can have a software repository with a ton of third party applications without having a huge corporation behind it.

      Debian, for instance.

      Google and iPhone stores are only a half step. The ability to have third party repositories should be added.

      --
      BMO

      • It is the third party repositories and side loading apps that are causing this to happen to being with.

        users can't be trusted to do the smart, right thing. they don't understand why their app needs internet access, or text access. so they click on yes all the time. they have been trained to just give the application what it requests because that is the ONLY answer the application will accept. If your new game doesn't run without internet access then it gets it no questions asked. even if it doesn't act

        • Re:Oh noes! (Score:4, Interesting)

          by ArcherB ( 796902 ) on Monday February 28, 2011 @10:55PM (#35344612) Journal

          Giving the average user control, is like giving them a plane and believing that since they have an autopilot they can land safely.

          Apple's walled garden has limited this kind of behavior so far despite having 10's of million of more phones sold.

          Well, if you are an "average user", and I presume you are, then I guess you need someone holding your hand in a walled garden.

          Personally, I'm NOT an average user. To use your airplane analogy, I'm a pilot who wants the auto-pilot turned off! I demand the ability to do whatever I wish to MY phone and I am fully aware that I am responsible for the consequences. Look, I don't mind a walled garden. All the stuff I install comes from the Android Market exclusively. But within my walled garden, I want to choose the plants that are in there. I want to choose the color of the wall and decide what bricks it's made of. I want to decide if my garden is organic or so full of pesticides that the birds die from flying over it. So, with a simple rooting of my phone, I have my walled garden and the ability to remove/disable all the crapware I don't want on my phone. I'm now fully able to put any GUI I wish on MY phone. I chose the one that came with it, but dammit I MADE THAT CHOICE, not some turtleneck wearing, Hollywood social elite who thinks he knows what I want better than I do.

          • Seriously--you never hear any iPhone-fan screaming that Android or the Android marketplace shouldn't exist. Never. If that's what you want, then go for it.

            The Android world, though, (by and large) is completely obnoxious towards people who choose an iPhone (I guess CHOICE is only a virtue when someone chooses your way)--to the point of trying to somehow force Apple to do things differently. The Android world looks down on the grandmothers of the world who just want to be able to Facetime easily with their g

      • by t2t10 ( 1909766 )

        Google and iPhone stores are only a half step. The ability to have third party repositories should be added.

        Android has third party repositories.

        And they are generally safe, since apps need to request permission to text--third party app store or not.

  • by MrEricSir ( 398214 ) on Monday February 28, 2011 @09:11PM (#35343928) Homepage

    AT&T, Verizon, or Sprint?

  • Hmm.

    The cynic in me would suspect Google of throwing these stories out there, via proxy, so that people would not stray from their app store.

    Realistically though, I don't think I've seen a large surge in non-Google app stores.. although, perhaps in countries / areas where providers haven't paid Google for access, there is a growing trend?

    • You're not being quite cynical enough. There's others out there with much more to gain by spreading stories about Android viruses, especially just before big product releases, as an example .. not that I'd point fingers.
    • Realistically though, I don't think I've seen a large surge in non-Google app stores.. although, perhaps in countries / areas where providers haven't paid Google for access, there is a growing trend?

      A friend of mine showed me one he had on his phone. It was basically a warez site. All those apps you have to pay for in Android Market? The pay-versions were available for download for free there.

  • Common Sense (Score:3, Insightful)

    by timeOday ( 582209 ) on Monday February 28, 2011 @09:14PM (#35343956)
    Android apps should operate within a jail that limits anomalous behavior like this - that is, the OS itself should have a form of common sense, and they should make it easy to install useful apps without giving them enough access to overwrite that part of the OS.

    If not within the OS itself, cellphone accounts should come with voluntary (user-adjustable) quotas to mitigate such things. It might be just as useful for parents to control runaway texting teenagers.

    • Re:Common Sense (Score:4, Insightful)

      by Locke2005 ( 849178 ) on Monday February 28, 2011 @09:17PM (#35343978)
      When you install any Android app, it explicitly asks for permissions to perform various categories of activities. If you granted the app permission to perform activities it doesn't need, e.g. SEND TEXT MESSAGES, then shame on you, not on the OS!
      • A binary rule is not good enough. There is nothing odd or strange about an app sending an SMS here or there. But sending enough to run up a huge bill is clearly a different thing, at least to a human being. That common sense should be built into the system to avoid unwanted surprises.
        • PS, the existing warning system clearly does not have enough teeth:

          Android.Pjapps also has a built-in filter that blocks incoming texts from the user's carrier, a trick it uses to keep victims in the dark about the invisible texting.

          "It monitors inbound SMS texts, and blocks alerts telling you that you've already exceeded your quota," Thakur said. Smartphone owners then wouldn't be aware of the charges they've racked up texting premium services until they receive their next statement.

          At some point, it i

          • The app not adding or removing quotas at all. It is adding itself as an activity interested in ALL incoming texts, then selectively consuming the texts it wishes to block while passing all other on to other activities.
          • this is where the carriers are part of the problem. They get big kickbacks for managing "billing" on all these fraudulent text-to scams.

            When you sign up for a telephone line you sign up for "unlimited" credit. I never, ever understood how I could sign up for a $50 phone bill and get $500+ in charges? That's like 10x the amount of "credit" extended in the first place, no sane business would ever do that... except the phone company's "product" in this case is essentially free, so take what sticks. If that hap

        • Oh come on. The app in question (steamy window) should not be asking for permission to send texts. If you see that, and it doesn't raise flags...
          • by Rich0 ( 548339 )

            Perhaps it would help if you could just hit the no button and still install the app.

            There is no reason that users shouldn't be able to veto individual permissions.

            • by h4rr4r ( 612664 )

              I agree with you, but this would mean people could install ad supported versions and never see the ads. This is why Google will not allow that.

              • True, but there's ways around that. Google could provide an API specifically for ads and data required for that. Which if done properly would greatly restrict what malware authors could be doing, if say they could only pull ads in through that.

          • OK, in this case a binary send/no-send rule seems to make sense. So next week they'll just trojan some app that *does* need to send the occasional SMS, and abuse the privilege just the same.

            I am just uncomfortable with any piece of automation that can generate unlimited costs. I wouldn't want a printer with a 10,000 page paper tray, either. Granted in some cases it is unavoidable, but at least minimize the number of trusted parties involved. Carriers naturally tend not to be aggressive enough about he

          • The app in question (steamy window) should not be asking for permission to send texts. If you see that, and it doesn't raise flags...

            Maybe the user naively assumed that it was just sending usage statistics or somesuch to the developers?

            Maybe there should be an intermediate mode between "allow" and "deny": "monitor".

            In "monitor" mode, the app could still send SMS, but each SMS would be subject to the user's approval (... who after the 6th SMS would see that there's something fishy...)

        • A binary rule is not good enough. There is nothing odd or strange about an app sending an SMS here or there

          When you are installing an app whose only purpose is to make it look like your display is fogged up, and it says it needs permission to send SMS messages, that should be a definite clue-by-four that there might be something suspicious going on. And yes, I do ask myself every time I install a free app "why would this app need these privileges?" If it doesn't make sense, I don't install it, period.

        • by msauve ( 701917 )
          Uh, Steamy Window is basically a fancy desktop background. It recently added the ability to email (not SMS text - you can't fit a jpg of an Android desktop in 160 bytes) the image. Yes, it would be odd and strange for such an app to require SMS permissions.

          sending enough to run up a huge bill is clearly a different thing, at least to a human being. That common sense should be built into the system to avoid unwanted surprises.

          Exactly how does the phone know that it's running up a huge texting bill, which wou

          • effectively the phone company claims to "own" the phone, at least the cell firmware.... so why CAN'T your phone know that stuff, in nearly real time? I can understand international charges being difficult, but cell transmission is specifically designed to mimic the circuit-switched networks and have near absolute traceability... heck it wasn't that long ago they charged premium if your call "roamed" to a different tower driving down the highway.

            What needs to happen is that regulations need to change to mak

      • by icebike ( 68054 )

        What makes you so sure a hacker written app would follow those rules?

      • Re:Common Sense (Score:5, Insightful)

        by jayveekay ( 735967 ) on Monday February 28, 2011 @09:28PM (#35344060)

        Who do you trust: The phone company, the phone, or the user?

        If you trust the phone company, then having a cellphone contract option to limit data/text/etc. usage to some cap can mitigate the worst case bill you'll be surprised with.
        If you trust the phone, then OS options to limit what an app can do can mitigate worse case damage done.
        In either case, you have to trust the user to make the right choices with respect to cellphone contract or app permissions.

        I think my problem is that I don't trust any of the above.

        • How could it possibly be in the wireless provider's best interest to provide a method of limiting the amount of money they can make off of a customer???
          • by ekhben ( 628371 )

            Off the top of my head...

            • The bill may be defaulted, in which case the provider is lucky to get much at all, possibly selling the debt to a collection agency, and losing a customer.
            • The bill may be reduced to a payable amount, in which case the provider is lucky to get much at all, and possibly loses a customer.
            • Bad PR, though let's face it, this doesn't mean much to multi-million customer organisations (at least, until it starts happening to tens of thousands of them).
            • Any consumer protection agencies (do t
            • "Bad PR, though let's face it, this doesn't mean much to multi-million customer organisations (at least, until it starts happening to tens of thousands of them)."

              It should. Look how much a math mistake on one person's bill cost Verizon in PR, and how much their handling of one guitar cost an airline in PR and business.

              Even the multimillion-dollar corporations are waking up. Look at how much Microsoft's well-earned reputation has cost them.

            • but the bad PR is on some deadbeat that didn't pay their bill... because their 7 year old signed up for a bunch of texts they saw on KIDS TV. There's no real downside for the telco here. They get a sizable chunk of that $9.99 charge up front, and I doubt they refund to the "content providers" when somebody want's backcharges. There's literally ZERO LOSE for them! Default doesn't matter because if the bill goes over 60 days while you dispute it starts hitting your credit report, so the higher income folks m

              • by ekhben ( 628371 )

                I think we're talking about very different circumstances. TFA doesn't disclose amounts, but I would expect at least a thousand times larger as a starting point for a bill racked up in that way, and being careless with my phone and leaving it unlocked and in reach of a child is a different level of personal responsibility to having malware take over my phone.

                If it were my child, and $10, sure, I'd pay it.

    • But that's how it is. When you install an app, it tells you which services the application has access to. Sending text messages, internet communication, making phone calls etc.

      The apps don't have access to the underlying OS. The problem stems from people who don't read the permissions, or ignore them.

    • by mjwx ( 966435 )

      Android apps should operate within a jail that limits anomalous behavior like this - that is, the OS itself should have a form of common sense, and they should make it easy to install useful apps without giving them enough access to overwrite that part of the OS.

      First off, you have to try pretty hard to overwrite parts of the OS. You need to have "rooted" your phone to do that. The simplest and least destructive way is via the bootloader which requires human intervention.

      Secondly, Android already has this kind of security measure in place. The user in question downloaded pirate software and accepted the "services that cost you money" permission. Android is a very security conscious OS but nothing can trump user stupidity.

      Now I do agree that Service Providers

      • How hard is it really? If I sign up for a $50 plan... why would I ever use $500 or even $200 without needing special arrangements? My $500 credit card doesn't let me charge $500 at 10 different places.. OK it can be done, but it's the BANK'S money so they don't let that happen. Telcos spent like a nickel in costs and get several dollars in fees... there's just no "lose" to allowing this crap.

    • Android apps should operate within a jail that limits anomalous behavior like this - that is, the OS itself should have a form of common sense, and they should make it easy to install useful apps without giving them enough access to overwrite that part of the OS.

      This is exactly what Android does. Every app is isolated, and no app has enough access to "overwrite that part of the OS".

      Android apps have to declare the permissions they request, users are informed what permissions are requested at install time, a

    • by Lehk228 ( 705449 )
      My blackberry already asks me permission for specific actions and typed of data for apps. People rip on RIM for being old fashioned and slow to innovate and yet they are the only company with sane security and privacy management settings
  • by Mark19960 ( 539856 ) <{moc.gnillibyrtnuocwol} {ta} {kraM}> on Monday February 28, 2011 @09:21PM (#35344010) Journal

    "...where unsuspecting or careless Android smartphones find it, download it and install it."

    You mean ..' unsuspecting or careless USERS find it'
    The phone itself is not reaching out to download it, the user is doing it.

    • by mjwx ( 966435 )

      You mean ..' stupid and careless USERS find it'

      There, fixed that for you.

      He was downloading a pirated .apk from China, what did he expect.

  • by PopeRatzo ( 965947 ) * on Monday February 28, 2011 @09:46PM (#35344156) Journal

    Infected Androids Run Up Big Texting Bills

    I'm old enough to remember when "android" meant something besides a smartphone.

    That's why I found this headline a bit disturbing for a few moments. I imagined Rutger Hauer and Darryl Hannah thumbing their Blackberries. And yes, I'm also old enough to remember when "Blackberry" meant something besides a corporate communicator or a designer fruit sold at Whole Foods for $9 for three ounces.

  • on most US carriers you don't need to hack to run up the texting bill just text spam people and they pay for in coming.

    • But they pay the phone company not you, which makes that just a tad pointless.

    • The difference is that there is no gain to be made by the sender.

      And if receiving texts has a benefit for the sender, then there are usually serious measures in place from the phone company's side to prevent such abuse.

  • by pecosdave ( 536896 ) on Monday February 28, 2011 @10:17PM (#35344358) Homepage Journal

    Lots of apps wanting lots of info. Instead of "install or not" there needs to be an option to "deny access to this feature but install anyways".

    • That's my thought, or more likely, require my attention to access that feature, or something less wordy. Some functions can be abused in this fashion, but are actually useful from time to time.

  • a rogue Android app is hijacking smartphones and running up big texting bills to premium rate numbers before the owner knows it.

    Which is easier:

    A. Make it impossible to install or execute "rogue" apps on a computer system.
    B. Make it impossible to do anything on a phone which will cost money unless the phone owner has authorized it ahead of time with the phone's service provider, and set an upper limit of how much you're willing to pay for it per month (like $5 to spend on texts, apps, etc). Anything

    • by Lehk228 ( 705449 )
      Easier would be to make those premium text numbers illegal to enforce, by that I mean the phone company must refund any that are contested for any reason or no reason, without limit.
  • If you see a lot of spam from a single IP address you block it. If you see rogue cellphone apps texting a number you block it, right? If you can show that a number is used for criminal activity you should be able to reverse the charges and have the number disconnected. It's too bad the phone companies have no interest in that outcome, as it limits their profits. If you could show that the phone company knows that number is criminal then they should be liable for the money.
    • Also, as in most other crime, the easiest way to get a lead to the criminal is by following the money / tracking who benefits from the crime.

      Having a fraudulent app spam your premium number isn't proof of your wrongdoing, but it certainly is grounds for investigation, and proper policing should have a decent chance of identifying who/if was getting paid from this money and turn a virtual crime into real jail time.

  • Comment removed based on user account deletion
    • but the REAL flaw is a system where my $50 phone bill can some how rack up $100's in extra charges... no other form of consumer credit is that open-ended. Why I need to make "payments" to other companies with my phone bill is just crazy in the first place.

      The simple fact is that the telco has a very, very tiny overhead and benefits from "mistakes" 100x over.

  • ... As long as you hold it in your left hand. ; )
  • See, it's ALWAYS Microsoft's fault !
  • by nblender ( 741424 ) on Tuesday March 01, 2011 @11:52AM (#35348398)
    Seriously, bear with me a second... Non-technical in-the-box thinking hippies can have their walled-off iphone and probably not get into a lot of trouble. Techies like me can have our iphone, jailbreak it, and with cydia install some additional stuff to placate us; we can ssh into our phone, etc... If I pickup some malware, that's fine, it probably came from a 3rdparty source via Cydia and I have myself to blame and I'm probably not going to end up being some "Man shoots own foot" media sensation...

    If you let any old weenor with an android install any old random shit on it by just tapping 'accept' on some dialog that he or she doesn't really understand (err, Windows, anyone?), then of course you're going to wind up with stories like this.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...