Slashdot Mirror
Google Bans Sale of Android Spying App
dbune writes "Google is not letting a handset application that spies on someone's text messages be sold at its Android App Store. The Secret SMS Replicator developed by DLP Mobile to help lovers find out if their partners are cheating on them violates company policy, according to Google. The app works by secretly duplicating incoming text messages and forwarding these to another mobile phone number."
isn't the Android Market supposed to be more open than the App store?
Ok, let's have the comments about how controlling Google is, just like Apple!
This is a good move by Google even if it will resemble Apple's 'app store governance' to some degree. Google needs to protect their customers/product (one and the same).
Fuck Android and iOS.
Use a real mobile OS.
DLP Mobile also tried to sell the app on Apple's iPhone app store but was rejected.
I doubt that. The iPhone walls off SMS messages from apps. Apple can't have rejected it - you can't write it.
Its rather Ironic that a company who's business relies on spying (cough) tracking what other people do should ban an app designed to track what people are doing.
I used something like this on my wife's BlackBerry. Yes, she was cheating on me. I couldn't use the texts as evidence but they did help me catch her in the act.
I don't understand why apple does this. How is Steve Jobs censoring the android market place ?
Something seems very wrong with this, and I will never ever again touch an apple product, let alone purchase one.
Steve Jobs has gone too far this time !
Yea, as long as you only do what they think is ok. :-)
Isn't one of the advantages of Android the ability to install apps from other than the Google app store? So people who really want this thing can still get it, independently of Google's disapproving glare, right?
Genuinely curious about this.
2*3*3*3*3*11*251
If the app is visible as other apps and clearly state the purpose in help texts, requires legitimate agreement with the owner of the phone, then it should be legal.
It's the problem of the owner of the phone if he or she is trusting the person.
There could be many legit uses of the app, for example parents have a right to check the messages of their kids if they want to.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
I mean, how can I jerk off to nudie pics of my son's high school girlfriend unless I can auto-forward all his incoming MMS to myself???
I'm switching to Apple...
I am also entitled to send private investigators to investigate his / her extramarital relations, which includes legally taking pictures from a public place into his / her new partner's windows to prove impropriety. I can use this evidence in court to procure a favourable divorce settlement.
So what, exactly, is the problem with this app, Google? My right to legally investigate my partner is being taken away, possibly illegally, if all apps of this type are removed.
This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
If so--then Google is making it 'hard' to install from a store other than their own. If not, then how does this yield any protection?
...only Outlaws will have Apps!
(with apologies to the NRA)
You can't have a completely open app store/market without allowing this sort of application just like you can't have complete freedom of speach without allowing people to freely distribute and download child pornography. Personally I don't want either.
Enjoy.
It's still just a couple of touches away from being installed from a different location.
It's the equivelent of Blockbuster refusing to rent out adult movies. You can still find adult movies for rent...just not at Blockbuster.
This is why not being tied to a single app store is awesome. Unless you jailbreak an iPhone, you're stuck with "Blockbuster", whereas on an Android phone, you can go to any "video rental place" you want.
Living With a Nerd
Shields Google from liability.
For justice, we must go to Don Corleone
I wonder if the real reason is because someone without a good texting plan would go over the number of messages allowed and get a big bill?
K Man
It's kind of like taking a stance. Just because Staples refuses to sell malware from their stores doesn't mean all stores have to. But is Staples going to ever carry malware? No, because the inherent risk of abuse is too high.
There goes all the fuel behind the "Google's App Store is completely open" argument. And before everyone starts jumping all over me claiming how this is a good thing because this app is malicious..that's just a matter of opinion. I'm sure the first married man who discovers his wife is fucking one of his coworkers thanks to this app will have a vastly different opinion.
This app is obviously malware, so Google removed it. Why is this news?
It doesn't. But on an open platform there's no way of preventing people from installing what they like. They can however refuse to be a party to it and make it so that people have to look elsewhere for it.
What I'd love to see is them add an administrative password feature to certain settings which would allow you to prevent access to certain settings without entering it. By default the Android phones won't install apps from anywhere other than the market. You have to go in and manually enable unknown sources to install other apps.
What irritates me the most is how many apps now request access to my GPS data. I mean, why does Com2Us's Homerun Battle 3D need to know my GPS location? It's a freaking game! Pageonce personal finance or Live Scores? Why do you need to know where I'm at?
You don't. You just want to sell my information.
... 3....2 ..... 1...
My Android phone has a checkbox in the settings to control whether apps can be installed other than from the marketplace.
If it's configured to allow it, installing is just a matter of launching a package file.
What's significant is that inclusion in the marketplace could be perceived as some kind of minimal Google "blessing", which of course Google doesn't want to be seen to give, in this case.
can connect to That suuports worthwhile. So I get tough. I hope conversations w4ere empire in decline, which allows fact there won't
So Google offers you the choice of whether to install a potentially malicious app (which opens up the possibility that you will accidentally install it, or someone will install it on your phone without your knowledge).
Apple offers you this choice "if you buy one of our phones, then we'll police potentially malicious apps for you, so you don't have to worry about this particular vector of attack" (this choice also walls off access to apps which Apple doesn't like). If you don't want this, then there are less restricted phones out there.
The anti-Apple world says, more or less, that people should not be permitted Choice B but they should be permitted Choice A. The pro-Apple world says that people should be permitted both choices. In both cases, a user is making an informed decision about the capabilities they want on their phone, just at different levels of granularity. Yet, somehow, the anti-Apple world is the one that wraps themselves in the freedom flag.
Is that your point?
It's your microwave, you own the hardware. It has a processor in it and it can run software--but yet you are prevented from running arbitrary code on it just as was intended by our founding fathers.
Doubtful, there are plenty of iPhone security holes that can be exploited. Having world readable SMS access (on permission) was by design for Android. And that is a design consideration I am still comfortable with.
Call me "old fashioned, but they don't sound much like lovers to me!
the superbe application "tasker" can be used to do the same job. Just create a trigger on message reception.
Atari rules... ermm... ruled.
So if I want to keep someone from installing a malicious app like this on my phone can I password protect the phone so that nothing can be installed?
And I don't mean password protect as in locking the phone, requiring it to be it a locked state to protect it. I want it to require a password before installing an app, any app, every single time an app is installed no matter what the state of the phone is.
Something seems to have been awry with /. moderation for some time, and metamoderation doesn't seem to be catching it any more. Maybe the user-base has just got too big, and moderators need to be "appointed" with a bit more discretion. And I guess people like me should stop wasting mod points. :-|
Orphaned posts such as you mention are common now, and flagrant abuses such as this:
by Dishevel (1105119) on Wed Nov 03, '10 12:33 AM (#34101256)
You are an idiot.
are modded as "informative".
Pretty soon, you've got thousands of spam SMS messages from each other at 10 ct/each and you're both to blame.
Most of those are general purpose computers--owned by individual shop owners or whatever. Yet the manufacturer has prevented the owner from running whatever software they want on it. Are those immoral?
How about this? Airbags are designed to be deployed, but yet GM doesn't provide a button for me to deploy it manually. Shouldn't I have that option? maybe right next the rear defrost button?
If your point is that people shouldn't be allowed (or should at least be very ashamed) to purchase intentionally crippled goods because they perceive some safety in the 'crippling'--then this is going to be a long, long conversation with hundreds of counterexamples and you will end up looking stupid.
I'm confused here. What rights does this relate to? The right of a vendor not to sell something? Or the right not to be spied on? The rights of spyware authors to disseminate?
This non-story seems miscategorized.
I noticed this app. . Must be 6 months ago now. I reported it. Seems they finally listened.
"I disagree with you" does not equal "flamebait."
What he said. If you think different, you need to leave and
not return under ANY IP or nickname.
I'm mystified how people cannot see that when you have reached the point in the relationship when you consider hiring an investigator or installing spyware it's long past time to move on.
Sorry for the inflammatory title but I would like people to really read this AC post and think about it
I would have thought the same thing this time last year. I was happily married and felt our relationship was stronger than it had been in years (we had some rocky times that we worked through...even forgave a previous transgression).
She did spend far too much time online playing WOW but it was fine, I understood she needed stress reduction. I started worrying that we weren't spending enough time together... no date nights, seeing films, etc. I blamed the game and tried to find reasons for her to get off the computer and interact with our children and me.
Well, I finally found a record of a hotel visit in a city far from home, which coincidentally was where one of her online buddies was from. (To this day, why she would let me know this person and become somewhat friends...through another FPS game...is beyond me). I think you know the rest of the story
Now, I never violated anyone's trust, never went through her mail, don't read messages over my kids shoulder, etc... I give trust. However, if I hadn't seen this receipt..how long would this have lasted? The guys a loser (financially) and she gave him money. What should I do if she emptied our accounts to help him out? He has admitted cheating on his wife in the past, so what health risk does her cheating create for me (STD)? There are a multitude of reasons I should know about the situation. I deserve a loving relationship and she was getting my security while having some fun on the side. And it wasn't that I wasn't "satisfying" her. People who cheat are looking for something they don't have (emotion, feeling sexy again, needing variety, whatever) and don't think to address the issue with their partner until it is too late.
So please shut up... I'm obviously not as intelligent and insightful to know my relationship was over when it was from my view OK.
Again, I would NEVER had done this to find out messages (who wants to read the sweet nothings anyway..it would be too crushing)...but I can see others who need to know the truth might.
Not the OP, but the replies.
I used to think EXACTLY like that, until I had children of my own. We often tend to think in terms of one-size-fits-all, or "if it works for me it should work for you". This is very likely human nature, so I'm not denigrating anyone. In reality, nothing could be further from the truth. I have three teenage step-daughters. To say the older two have been "challenging", would be the understatement of the century. In a nice suburban home, with decent income, a loving mother and step-father, a good school system, dinner at the table, help with homework, support and encouragement; I've had to deal with drugs, law enforcement, runaways, and a very, VERY serious suicide attempt. I can't even begin to tell the readers of this site the complete and utter hell I've endured in the last few years. I wish this upon no one. Yet through it all, I love them with every fiber of my being.
Unless you are prepared to lock your child in their room until they are 18, there are forces acting on them that are well beyond the parents' control. It's fantasy to think that good parenting will overcome all. I'm a step-father because the biological father passed away. That does more than a little damage to a child, and no amount of therapy (been there), talking (done that), and good parenting (always) can fix it. There can be neuro-chemical imbalances that you just can't sit down with a child and rationally talk away. Problems can often happen faster than you can detect or address. Teenagers, even good ones, are deceitful by nature as they want to explore the world and there place in it...unencumbered by their parents views or morality. Of course, you do everything you can to prepare them for the challenges, pitfalls, and evils of the world; but there will be missteps, and a rare few can have permanent consequences.
The point of my little self-pity party, is that while "spying" on your children may not be for everyone, or even desirable by anyone, it should be tool at a parent's disposal if they deem it necessary. While I don't disagree with Google's decision to pull it from their store, I would have words with anyone who tried to keep me from having that technology when it was available because if their own rose-colored world-view from atop the ivory tower. Had we had the ability to see our daughter's text messages, it might have spared her five days in ICU and another ten in a step-down hospital room. As a parent, I can tell you there is simply no price too great to pay to prevent that...nothing, and I mean NOTHING is off the table.
Having gone though what I have, I've met many parents with similar stories. While you never really know what goes on behind closed doors, most of them do not strike me as the kind of people who let technology babysit their children. They don't seem to be absent in their children's lives. They don't seem to be anything other than loving, conscientious parents who for whatever reason, found themselves dealing with problems no parent ever wants to face; and are looking for any way possible to protect their children.
I'm sorry, but your opinion seems to be wrong.
> - "Given the choice between an open system and a walled garden, I myself would choose the open one"
Then what is the argument? Nobody in Apple-land is arguing that Android shouldn't exist or should be just as locked down as Apple. But most in the anti-Apple camp argue that iPhone's should be just as unprotected as Androids are. Do you see the asymmetry in this argument?
> - "I don't think most consumers understand the
> tradeoffs they're making when they choose a
> walled garden"
This is the one that bothers me the most because it is so condescending. First of all, I really doubt that there is anything you know about these tradeoffs that I don't know, and I chose willingly to buy an iPhone--so it is silly to claim that choosing an iPhone is a choice only an ignorant one would make.
Secondly, I am annoyed to death at how the technical community consistently undervalues ease-of-use and they look down their noses at anybody who doesn't want to either (a) spend a lot of time becoming an expert in the device and maintaining it, or (b) be scared of their device and seek the help of some smug expert.
It is perfectly reasonable for those people to make a simple, blunt choice that limits the danger they can accidentally get themselves.
I will give you a free lesson:
1. There is no such thing as "impossible to break"
2. Not impossible != Easy
---
Also, take a moment to reflect on your argument at this point, which is that Apple App control isn't successful at curbing viruses/malware/buggy apps while at the same time complaining that they make it hard to run the apps you want.
I've been using SMS Backup for months now. Install it (free), configure it and let it copy your text messages to a gmail account. Only it isn't caled s3cr3t SMS Backup so it's perfectly alright to use (and has better purposes than spying).
JeR
but then nobody has said Google's app store is completely open.
Android , otoh, is.
Apparently Apple has so completely brainwashed you that you can not conceive of a device that has more then one place to get apps.
It's like thinking that if you buy a Dell computer, you can only install Dell apps.
The Kruger Dunning explains most post on
More than happy for you to point to any security hole that lets you run a process in the background that intercepts SMS messages. Let alone lets you retransmits them without the users knowledge.
You can't. Your claim is nonsense.
I never claimed there was a specific exploit for capturing and resending SMS on iPhone. But there are plenty of other exploits that are as big, or a bigger security concern, including unencrypted access to the file system containing user data.
As I said, access to SMS on permission was by design with Android. The only concerning thing about this episode, was that apparently the app could hide by not showing an icon, not showing up in the downloaded applications list, and possibly hiding in the process menu.
That might be a security concern on Android. It's not on iPhone. iPhone Apps only have access to their own private data directory.
And it's quite funny you should point the insecurity finger at the iPhone, when the app in question can only work on the Android, not the iPhone, due to fundamental security mistakes on Android. And the very same day there are reports of huge numbers of security vulnerabilities on Android.
http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel
Face it, Android is far more susceptible to malware than the iPhone.
iPhone Apps only have access to their own private data directory.
Doesn't matter. I'm talking about the ability to read the contents of supposedly encrypted iPhone data that is allowed to be unencrypted inflight by iOS using another computer.
when the app in question can only work on the Android... due to fundamental security mistakes on Android
The "app in question" works by design on Android. There is currently no confirmed data there were "security mistakes" in Android that allowed this behavior. The only question is to what extent the app was able to cloak itself and if that should be prevented.
huge numbers of security vulnerabilities on Android.
There weren't a "huge" number. There were 88. People who have used the tool that claimed these vulnerablities, and its categorization system, have said the actual number of real vulnerabilities are probably half that number, and less than half of those remaining are probably legitimately "serious."
When that tool was released for Linux originally, there were thousands of identified potential bugs. The actual ones were quickly quashed by the community. The fact that Android source is open, means many of these "bugs" will be quickly quashed also. In fact, the targeted build of Android wasn't the stock Google one, it was a customized HTC one. It remains to be seen how many of the actual serious bugs are present in the standard Android build.
Finally, since iOS source code isn't available for community review and testing like Linux and Android are, there are likely as many or more bugs in iOS. There have been plenty already inadvertently identified serious iOS bugs by enthusiasts and security researchers. The only mobile OS that has a solid claim to superior security is Blackberry. Apple has demonstrated their inadequacies, Android looks to have some inadequacies that will be quickly addressed.
Face it, Android is far more susceptible to malware than the iPhone.
That absolutely remains to be proven, and until today there was little evidence to support that assertion. The evidence released today is highly preliminary.
Doesn't matter. I'm talking about the ability to read the contents of supposedly encrypted iPhone data that is allowed to be unencrypted inflight by iOS using another computer.
You mean the flaw that was fixed in Oct 2009? A year ago. It'd help if you were specific.
Coverity themselves say 359 bugs, with 88 of them being high-risk security flaws. And that's just in the kernel. Yes, that's a huge number. With iPhone, a single security flaw (such as the one you mentioned) is big news on slashdot.
There's absolutely no evidence for OSS being an advantage in fixing bugs. Just an RMS catechism declaring it must be so.
What matters is what code actually ships on devices. That is what is exploited, and that is yet another weakness of Android phones. They rely on manufacturers issuing updates to privide fixes and patch security defects. And they are poor at that. Manufacturers are even shipping new devices with ancient Android versions. Again, advantage iPhone - Apple issues a security fix, and it's quickly available to all, and generally installed automatically. The power of tight integration.
Again, an assertion in the RMS catechism, believed without question by freetards, without any apparent appetite for evidence. There was a report a while back that showed that, rather then the RMS "with many eyes, all bugs are shallow" theory, most OSS source had never been audited by a single eye. I'll take professional software engineers doing their job against a bunch of amateurs doing what they fancy any day.
That would be the closed source Blackberry.
There was plenty of evidence, even before todays Android fiasco. You are making hay out of an iOS exploit, fixed a year ago that allowed you to read the contents of the flash disk. With Android, you can just pull the SD card out of the device, and read it on your PC directly. That'll never be fixed. Access to data on the internal drive? Whoops
http://www.gaj-it.com/22202/android-security-attacked-hacking-tool-released-which-exploits-google-android-security/
This is why not being tied to a single app store is awesome. Unless you jailbreak an iPhone, you're stuck with "Blockbuster", whereas on an Android phone, you can go to any "video rental place" you want.
Of course, you're then more exposed to the possibility of being mugged walking out of the video store, or standing next to a guy in loose trackpants with his hands in his pockets while you're making your selection...
You mean the flaw that was fixed in Oct 2009? A year ago. It'd help if you were specific.
Over the past year, I've read about at least 5 what I would consider very concerning iPhone/iOS bugs. Some were recently fixed, others were waiting for a response from the notoriously uncommunicative Apple PR system. I'm not in the mood to spend hours trying to track down all these articles for a quick conversation on Slashdot. I didn't keep track of the articles because they weren't relevant to my life more than reminding me to be wary of Apple products.
Coverity themselves say 359 bugs, with 88 of them being high-risk security flaws. And that's just in the kernel. Yes, that's a huge number. With iPhone, a single security flaw (such as the one you mentioned) is big news on slashdot.
And people in that thread who have used Coverity said their bug count and rating system is notoriously duplicative and generous. One person said the actual serious bugs will probably turn out to be less than 22. It isn't a huge number for a complex OS. And again we have no idea how many serious bugs Coverity or any other tool would identify in iOS because it is closed source.
There's absolutely no evidence for OSS being an advantage in fixing bugs.
That is absolutely untrue. As I said before, Coverity was a research project originally unleashed on the Linux kernel. It identified thousands of bugs initially. The actual bugs WERE quickly fixed by the community.
They rely on manufacturers issuing updates to privide fixes and patch security defects. And they are poor at that...Again, advantage iPhone - Apple issues a security fix, and it's quickly available to all, and generally installed automatically. The power of tight integration.
All manufacturers are poor at this, including Apple. iOS4 is not backward compatible to the original iPhone/iPod touch, and there are some remaining bugs on the original iPhone that likely won't be fixed. This situation reflects poorly on HTC, it does not yet reflect poorly on Android, but it may in the future after more indepth research.
Again, an assertion in the RMS catechism, believed without question by freetards...I'll take professional software engineers doing their job against a bunch of amateurs doing what they fancy any day.
Absolutely untrue again. For one blatantly obvious example, when code is freely available, it can be sent through automated review and exploit tools such as Coverity that find potential flaws. You seem terribly misinformed or ideological. Much of the important bits of Linux are written by software engineers on the job, or in their free time, or by extremely experienced "amateurs" that by every measure match or rival "professional" counterparts.
That would be the closed source Blackberry.
But it isn't because Blackberry is closed source. I have no doubt the Blackberry OS would be incrementally better with public review of their code. However, BB source code has been reviewed by several government agencies, including likely the NSA when it was being considered for use by the President. There is extensive non-code documentation they have had to submit to large companies spelling out how the OS operates and why it is secure, before it was considered for implementation. Again this isn't ideal, but it is good evidence. Finally, I am sure there have been some BB exploits found, but I can't remember reading about any recently. So if publicized exploits are the ultimate judge for you, BB takes it.
With Android, you can just pull the SD card out of the device, and read it on your PC directly. That'll never be fixed. Access to data on the internal drive? Whoops
Again that is by design and I wouldn't have it any other way. If an app on Android needs to keep its data secure, the developer knows it must come over the air encrypted, and stay in volatile memory, or only be written to flash while encrypted. It doesn't matter that you can take the SD card out, there is nothing to read in that case.