Malicious App In Android Market

dumbnose writes to let us know that a fraudulent app that attempts to steal bank information has made it to the Android app store. From the alert: "NOTICE: Users of mobile devices with Android software may have noticed several applications available for download in the Android Marketplace. If you see any applications provided by the user Droid09, please do not download these applications. Android applications provided by Droid09 are fraudulent. Please remove any applications by Droid09 from your mobile device and contact your mobile provider to evaluate whether any other applications or information stored on your mobile device have been compromised." Multiple marketplaces are possible in the open Android ecosystem. Might we see the emergence of a marketplace distinguished by an iPhone-like app vetting process?

Sandboxing IS NOT THE ANSWER!

Holy fuck. These days, whenever the topic of software security arises, some idiot chimes in with "sandboxing" as the cure.

Sandboxing HAS NO EFFECT against what is basically automated social manipulation. You can sandbox your goddamn sandboxes, and that still won't do a damn thing to change the fact that the human user is voluntarily giving away what should be very private data.

Even when sandboxing might be somewhat useful, it often just ends up interfering with normal, legitimate use. So holes are intentionally poked in the sandbox walls, so the sandboxed app can access data or perform actions that are necessary.

So take your sandboxing idea, and fuck right off.

Re:Of course..

[ducomputergeek]

But what happens when you start using market places other than Google's for android phones. That's supposed to be an "advantage" of droid vs. iphone right?