Slashdot Mirror
Infected Androids Run Up Big Texting Bills
Hugh Pickens writes "Computerworld reports that a rogue Android app is hijacking smartphones and running up big texting bills to premium rate numbers before the owner knows it. Chinese hackers grabbed a copy of Steamy Windows, a free program, added a backdoor Trojan horse to the app's code, then placed the reworked app on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it."
"[...] where unsuspecting or careless Android smartphones find it, download it and install it."
I really dislike careless phones. Perhaps reviewers can test and report which are careful.
I'd also like to know how to make my phone less naive about unauthorised app stores.
Perhaps I should take away my phone's download privileges...
Obviously this means we should abdicate (forcibly, if necessary) all control over our computing devices to large corporations with a vested interest in denying us the ability to use them as we see fit.
Android gives you the freedom to get charged a ton of money.
I don't see the point. Turn off the service.
AT&T, Verizon, or Sprint?
There's no -1 for "I don't get it."
I hate when that happens on my iPhone. Oh wait...
Same thing happens to old WinMo phones, RIM and even jailbroken iPhones.
You leave the walled gardens and you assume security risk is on you--of course unless the OS notifies you of SMS charges about to occur--but that's a system/carrier issue.
Mobile security is different from the desktop, and requires collaboration with carriers (which IMO, sucks) if they are going to get this right.
Hmm.
The cynic in me would suspect Google of throwing these stories out there, via proxy, so that people would not stray from their app store.
Realistically though, I don't think I've seen a large surge in non-Google app stores.. although, perhaps in countries / areas where providers haven't paid Google for access, there is a growing trend?
If not within the OS itself, cellphone accounts should come with voluntary (user-adjustable) quotas to mitigate such things. It might be just as useful for parents to control runaway texting teenagers.
"...where unsuspecting or careless Android smartphones find it, download it and install it."
You mean ..' unsuspecting or careless USERS find it'
The phone itself is not reaching out to download it, the user is doing it.
Don't download pirated apps because sometimes they have trojans. Gee, who woulda guessed?
Nice try, Google plant posing as a Chinese hacker house.
FTA:
"... then placed the reworked app on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it."
You can't fix stupid.
So when you download an app, from an unsanctioned store, which has nothing to do with sending SMS' and Android notifies you that this thing has authority to send SMS'...... instead of staying the hell away from it, you install it and complain when it starts doing dodgy things?
I'm old enough to remember when "android" meant something besides a smartphone.
That's why I found this headline a bit disturbing for a few moments. I imagined Rutger Hauer and Darryl Hannah thumbing their Blackberries. And yes, I'm also old enough to remember when "Blackberry" meant something besides a corporate communicator or a designer fruit sold at Whole Foods for $9 for three ounces.
You are welcome on my lawn.
Where an app says I need this, that, and the other, and you say-- no. You don't get that. Install.
on most US carriers you don't need to hack to run up the texting bill just text spam people and they pay for in coming.
More importantly, they had to give the app permission to send texts. Very few apps need that permission.
But they pay the phone company not you, which makes that just a tad pointless.
Lots of apps wanting lots of info. Instead of "install or not" there needs to be an option to "deny access to this feature but install anyways".
The preceding post was not a Slashvertisement.
To be infected you have to go into settings and approve non-market installation, browse to a Chinese site, download their market installer, install it, find the Steamy Windows app, say okay to the permission window where it says it can send text messages that may cost you money, and then open it? I'd say Android is still pretty safe.
The difference is that there is no gain to be made by the sender.
And if receiving texts has a benefit for the sender, then there are usually serious measures in place from the phone company's side to prevent such abuse.
I found the apps in Google Market quite lacking: they are either free and really lame, or very expensive compared to the price of an SMS or phone call.
To this, I'll add that I have to pay big cash in order to keep a Motoblur account and receive updates from Motorola for my Cliq XT aka bug-laden piece of sh*t. Let's say the alarm clock: it has some nasty bugs that are too expensive to fix with an update, and tech support offers to reflash everything and lose all of my data. All I want is a simple alarm clock with no fancy features, but it's so damn expensive/annoying in the end I may use a third party app store.
Luckily, I can write my own alarm clock for Android. Others may choose to risk it with the app store from China...
I rarely respond to comments. Also, don't ask for clarifications: a brain and Google are faster, believe me!
Which is easier:
A. Make it impossible to install or execute "rogue" apps on a computer system.
B. Make it impossible to do anything on a phone which will cost money unless the phone owner has authorized it ahead of time with the phone's service provider, and set an upper limit of how much you're willing to pay for it per month (like $5 to spend on texts, apps, etc). Anything above that, the service provider should refuse to do.
B seems like the obvious winner to me. But I suspect the service providers are getting kickbacks from the pay-services so will fight tooth and nail to stop any blocks to accessing those numbers.
Now lets nuke 'em til they cant be nuked nomore! Imaginge a world with 2 billion less gypsys. God save us and lets hope he hears this.
my biggest peeve with the Android security model from day #1 is that this kind of thing is even possible.
every Android application has to be specifically granted a set of permissions on installation, including "able to make phonecalls that cost you money", "able to access the internet", etc. the problem is that the user only ever see this list once, fleetingly, during installation, and as everyone knows, familiarity breeds contempt so after the first couple of apps, most people stop reading the list and just click "yes". even if they read the list, once it's been authorized the application can do anything on its permission list at any time, without user intervention. this opens the gate to applications that can take photos doing so silently while the screen is off, applications that can make phonecalls doing so invisibly and undetectably, applications that can use the internet and use gps phoning home at any time with your exact location, etc. it simply shouldn't be possible.
whenever an application attempts to perform a restricted task, the OS checks that it has been granted the permission to do so and either silently permits the task, or silently disallows it. that's great, but it shouldn't stop there. the first time it's attempted a dialog box should alert the user that "steamy windows is attempting to make a phone call to that can cost you money. do you want to authorize this? yes/no/ [ x ] remember my answer and don't ask me again".
clearly "steamy windows" is going to get a "no and don't let it do it in future response", whereas the user is likely to grant "mywonderSMSclient" indefinite permission.
if there's a reason why this isn't practical, i'd like to know about it.
If you see a lot of spam from a single IP address you block it. If you see rogue cellphone apps texting a number you block it, right? If you can show that a number is used for criminal activity you should be able to reverse the charges and have the number disconnected. It's too bad the phone companies have no interest in that outcome, as it limits their profits. If you could show that the phone company knows that number is criminal then they should be liable for the money.
You buy stuff from trusted sources.
What makes a source trusted? Do they screen apps for inappropriate behavior before putting an app on the store (preempt) or do they just remove inappropriately behaving apps after they are discovered in the field (react)? I don't think trust is a binary state, its a range of levels. A reputable source that preempts may be more trustworthy, a reputable source that merely reacts may be less trustworthy but more convenient.
Am I the only one who imagines infected humanoid robots walking around while constantly poking at their phones?
Heck, what's to stop these androids from crashing into walls if they are constantly staring at their phones.
Comment removed based on user account deletion
I mean, I downloaded a virus scanner the first day I got mine, because I knew there were some viruses in the Android market, and I found one that also did remote location and backup. Plus, it showed up on the popular list in the Market as well. It scans every install, update, and even any out-of-market apps I install. I just thought most people would know better...I guess not.
Not to mention that most people are right--if a live wallpaper program wants to send out text messages--you probably shouldn't let it
I though open-source was infinitely more secure than "Micro$oft Windoze omglolwut!". Funny I haven't heard about any viruses affecting windows phones.
... As long as you hold it in your left hand. ; )
The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.
What does Google have to do with unofficial markets? This is NOT the Android Market place that this is happening on. The PC equivelant would be blaiming EA for virusses found in games on thepiratebay.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
So basically you want some magic situation where people have freedom but no responsibility. How typical. This is NOTHING new, everyone can install software from anywhere on the PC and the stupid have always had problems with this.
We do leave people behind here, if you are to stupid to tell what software is legit and which isn't, then you shouldn't be installing crap.
Freedom for those who can handle the responsibility, lockin for those who can't.
Clearly you can't.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
As in the early days of the internets, when peoples modems were hijacked and set to dial a different phone number that ramped up the phone bill.
I didn't hear anyone calling for limiting what the user could run on their computers then, or which "app store" they should download ther apps from.. The problem and solution lies soly on the phone company to limit this way for criminals to make money.
Technology took away the whole concept of users having to dial a number to get to the internet. The same thing will happen to sms, and eventually phone calls. If I'm not misinformed, 4G is all data packets so there's really no concept of calls or texting in phones anymore either. Phones are, or will be, just another internet device, where you pay a fixed monthly subscription cost and use your credit card if you want to buy something else while "on the internet". The concept of consumers owing someone money, without their given consent, for sending a text to the "wrong number" is in my opinion shady business practise.
Seriously--you never hear any iPhone-fan screaming that Android or the Android marketplace shouldn't exist. Never. If that's what you want, then go for it.
The Android world, though, (by and large) is completely obnoxious towards people who choose an iPhone (I guess CHOICE is only a virtue when someone chooses your way)--to the point of trying to somehow force Apple to do things differently. The Android world looks down on the grandmothers of the world who just want to be able to Facetime easily with their grandchildren. You see, if you aren't l33t enough to run SETI@home on your phone then you don't deserve to have a smartphone, right?
And, most irksome to me personally, the Android world operates under the delusion that technical people don't use iPhones. I think I probably know more about computers than you do--and I use an iPhone because I appreciate good design and I want something that works. I don't care that I can't compile the Linux kernel on it for the same reason that I don't care that I can compile the Linux kernel on my microwave.
Get a life.
Give your grandmother an iPhone because she is ignorant and gullible. If you are not ignorant or technophobic and don't regularly fall for magazine subscription and timeshare scams, buy an Android.
but the REAL flaw is a system where my $50 phone bill can some how rack up $100's in extra charges... no other form of consumer credit is that open-ended. Why I need to make "payments" to other companies with my phone bill is just crazy in the first place.
The simple fact is that the telco has a very, very tiny overhead and benefits from "mistakes" 100x over.
if you have a NEW platform that NEEDS a virus scanner for any reason other than passing along infected documents, it's a design fail.
My opinion is that a device should run managed code like iPhone or heavily sandboxed scripts like a web browser. At minimum an "unsecured" OS like Android should mandate every app install have some kind of valid third-party certificate to sign it.... similar to how SSL works. To guarantee you got the code from a known vendor and that the code they published was not tampered with along the way. Sure, it can be faked, social engineered.. but you force it for every app installed... eventually with Certificates you get into Wire fraud or Mail fraud for misrepresenting yourself to get the certificate and the law can get you.
Oh look...
http://twitter.com/#!/gkeizer
The author of the article is an Apple nut. Who would have guessed?! Certainly not me!
Does anyone else think that it should be possible to install an app but deny it some of the abilities it requests?
At the moment, if an app wants to send text messages, you can either
- install the app and give it permission to send text messages, or
- not install the app.
There's no way to control what it can do. It is a "foot in the door" type effect where if you really want the app, you have to let it do what it wants, even the things you wouldn't approve of, or you can't use the app.
I'd like to be able to see that an app wants to send texts, deny it that permission, but install it anyway and use the other features of the app normally.
See, it's ALWAYS Microsoft's fault !
Non-Linux Penguins ?
Stupid article because all it says is that you can get burnt if you disable the lock against external markets and manually install software from random sites.
Well, using Windows all you need to do is go to your random pirate site and d/l a game,.
HTTP/1.1 400
Really? You think that Blackberry was some kind of rude euphemism BEFORE it was used as the word for a type of fruit? I don't think so. Unless you live on some kind of alternate time-line where 30 years ago happened before 1000 years ago, which then happened before today.
my biggest peeve with the Android security model from day #1 is that this kind of thing is even possible.
every Android application has to be specifically granted a set of permissions on installation, including "able to make phonecalls that cost you money", "able to access the internet", etc. the problem is that the user only ever see this list once, fleetingly, during installation, and as everyone knows, familiarity breeds contempt so after the first couple of apps, most people stop reading the list and just click "yes". even if they read the list, once it's been authorized the application can do anything on its permission list at any time, without user intervention. this opens the gate to applications that can take photos doing so silently while the screen is off, applications that can make phonecalls doing so invisibly and undetectably, applications that can use the internet and use gps phoning home at any time with your exact location, etc. it simply shouldn't be possible.
whenever an application attempts to perform a restricted task, the OS checks that it has been granted the permission to do so and either silently permits the task, or silently disallows it. that's great, but it shouldn't stop there. the first time it's attempted a dialog box should alert the user that "steamy windows is attempting to make a phone call to that can cost you money. do you want to authorize this? yes/no/ [ x ] remember my answer and don't ask me again".
clearly "steamy windows" is going to get a "no and don't let it do it in future response", whereas the user is likely to grant "mywonderSMSclient" indefinite permission.
if there's a reason why this isn't practical, i'd like to know about it.
Now, only if there were a mobile OS that was already set up that way? What would we call it?
Oh, I know: iOS
..if you consider that handing control over to the corp might drive down virus related support costs, and the overall cost of the service you are paying for. If 33% of the people who have phones on your network incur expensive support costs, guess who is paying for it?
If it raises reliability of the network as a whole, and lowers operating costs, it might be a good idea to consider. Everything is a trade off.
HA! I just wasted some of your bandwidth with a frivolous sig!
Oh look...
http://twitter.com/#!/gkeizer
The author of the article is an Apple nut. Who would have guessed?! Certainly not me!
All that proves is that a fandroid wouldn't tell you the truth if it slammed his religious feelings.
It is sort of like the preacher who reads Jesus as saying God is greater than he was or that there were things his father knew but he didn't and then with a straight face insists Jesus is part of a Trinity where they are all equal. He would loose his control and future income from dominating you if you knew the truth.
Comment removed based on user account deletion
NO IT ISN'T ...
"Computerworld reports that a rogue Android app is hijacking smartphones and running up big texting bills to premium rate numbers before the owner knows it. Chinese hackers grabbed a copy of Steamy Windows, a free program, added a backdoor Trojan horse to the app's code, then placed the reworked app on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it."
"Me: 1) Degree in Biotechnology and Computer Science. (Did your troll factory offer dual majors, or just the standard "how to be an obnoxious twat on the internet" syllabus?)" - by Americano (920576) on Friday February 18, @02:27PM (#35247076)
First of all, Kevin B. Pease = AMERICANO from Merrimack New Hampshire - kbpease@hotmail.com - YOU DID NOT GET A DOUBLE MAJOR!
http://www.linkedin.com/in/kbpease
PERTINENT EXCERPT:
Kevin Pease's Education
Worcester Polytechnic Institute
B.S., Biotechnology
1993 Ã" 1998
Minor: Computer Science
---
LMAO - it took you 6 YEARS to get a CSC MINOR? Rotflmao... and then you lied here, trying to say you have a DOUBLE/DUAL MAJOR? There is a big difference between a major and a minor in terms of credit hours/courses taken, liar. You're a scumbag liar, and everyone knows it now Americano.
And frankly, open "standards" - the ability to say "I need to be able to play my songs & videos, open my books, and view & edit my documents on whatever device I buy," is the only part of "open" that most individuals care about (and even that... it's often not viewed as a terribly urgent need.) by Americano (920576) on Tuesday March 01, @01:30AM (#35345360)
Or is this not proof of how you "program", by asking others to do your work for you, or, how you steal code from books and claim it as yours?
Kevin B. Pease steals the code of others from books:
http://www.justskins.com/forums/looking-for-inspiration-cascading-16594.html [justskins.com]
PERTINENT QUOTE EXCERPT:
"Hi Garry, I think I have a script that will do exactly what you want, based on and I hope, improved...) a program in Lincoln Stein's "CGI.pm" book. The most notable change from his version is that I wrote in"
---
Kevin B. Pease has others do his work for him:
http://webcache.googleusercontent.com/search?q=cache:iH45r7p9xV8J:www.gossamer-threads.com/lists/modperl/modperl/89045+kbpease&cd=21&hl=en&ct=clnk&gl=us&source= www.google.com
---
Small wonder you like Open SORES.
Open SORES lets you "play programmer" by stealing the work of others and claiming its yours and how you ask others how to do the job for you.
You are anything but a programmer. You're just another open SORES wannabe script kiddie.
No, friend, I think that before the Blackberry was a handheld device or designer fruit at Whole Foods the size of a golf ball it was the small sweet fruit I could pick from the bushes in the fields near Pullman, Michigan.
And the "rude euphemism" is a raspberry, not a blackberry, but since I assume English is not your first language I won't hold that against you.
You are welcome on my lawn.
I almost forgot why this would be considered news. Then i remembered the iTunes store is strictly regulated and something like this is less likely there.
Also - buzzwords in this article: Hijacking,Hackers,Chinese,App.
Amazing how the media (even social) never misses a chance for including the middle two.
Hivemind harvest in progress..
I don't have any malware on my iphone.
"Me: 1) Degree in Biotechnology and Computer Science. (Did your troll factory offer dual majors, or just the standard "how to be an obnoxious twat on the internet" syllabus?)" - by Americano (920576) on Friday February 18, @02:27PM (#35247076)
First of all, Kevin B. Pease = AMERICANO from Merrimack New Hampshire - kbpease@hotmail.com - YOU DID NOT GET A DOUBLE MAJOR!
http://www.linkedin.com/in/kbpease
PERTINENT EXCERPT:
Kevin Pease's Education
Worcester Polytechnic Institute
B.S., Biotechnology
1993 Ã" 1998
Minor: Computer Science
---
LMAO - it took you 6 YEARS to get a CSC MINOR? Rotflmao... and you LIED ABOU IT HERE, AS SHOWN ABOVE?? Have you no shame???!
Really? Smartphones can be careful or careless? Their owners may have that attribute, but I doubt behavioral attributes based on cognition can be applied to even the smartest smart phones.
Without debating the merits of closed versus open, this is really an attempt to blame the user for the infection and not the application security model or the inherent insecurity of third party application marketplaces, IMHO, to avoid the inevitable comparison with Apple's closed model and not put the blame on Android where at least some of the blame belongs.
From the article:
"The latest Trojan horse for Google’s Android operating system has been seen posing in Chinese third-party app stores as legitimate programs such as Wallpaper apps."
Is it just me or do these things invariably trace back to wallpaper apps? People* must be real suckers for these things. And here I am, writing *productivity* apps ... *smacks forehead*
"Good news, everyone!"
Actually, English IS my first language - mainly because I'm English, from England. I didn't know what 'Whole Foods' was, but now assume it's a posh food shop in the US. I, stupidly, assumed that a blackberry fruit was the same the world over, but you've obviously got some weird, probably GM, version over the pond. So, my bad for not realising that, but as for the euphemism - 'Blackberry' has also been used before over here. I'm aware what a Raspberry is of course - probably what you were blowing at me when you replied to my post ;-P
I've found people are far too trusting of dubious sites. Occasionally I'll clean someone's virus infested computer, and the majority of them have Limewire installed. Apparently they have no problem trusting software that's main purpose in life is downloading illegal songs. The same also goes for politics and people blindly trusting those who claim to have similar beliefs.
You appear to be arguing that the majority of the population should buy iphones if they want a smart phone. Or maybe you have more faith in your fellow humanity than i do.
That's what I was thinking as well. Even as a tech, I expect there to be poorly written apps that claim to need more permissions than they actually need. I don't expect average users to be any more prudent or knowledgeable.
Wait, they sell blackberries the size of golf balls now? That's rather disturbing.
Seriously, bear with me a second... Non-technical in-the-box thinking hippies can have their walled-off iphone and probably not get into a lot of trouble. Techies like me can have our iphone, jailbreak it, and with cydia install some additional stuff to placate us; we can ssh into our phone, etc... If I pickup some malware, that's fine, it probably came from a 3rdparty source via Cydia and I have myself to blame and I'm probably not going to end up being some "Man shoots own foot" media sensation...
If you let any old weenor with an android install any old random shit on it by just tapping 'accept' on some dialog that he or she doesn't really understand (err, Windows, anyone?), then of course you're going to wind up with stories like this.
"Herp derp I have an iPhone because I want something that works"
And the ability to change your own battery is too much of an imposition for you is it? Better to leave that in the hands of Uncle Steve now, after all, HE knows what he's doing.
Not to mention those scary memory card slots that other phones have. I mean, how are you to know what to put into those without Uncle Steve to tell you - an SD card, or a woodchip?
Get a life yourself, you Jobs-gobbling moron.
All together now: "Cellular, modular, screws are pentalobular..."
You're absolutely right. I demand that in the interests of political correctness, and stories relating to Chinese hackers have the words Chinese and hacker removed. Who cares if people are less informed because we are dropping pertinent information. Really, who cares. It's not like this is some sort of racial snub. I suppose it's only a matter of time before this happens to other 3rd party app markets.
http://www.smbc-comics.com/?id=1801
I know more about computers than you do. I design them for a living. Talking down to me about replacing batteries or SD cards doesn't make me look foolish--it makes you look foolish. I don't need a replaceable battery, and I kinda like that my phone doesn't have some cheap battery cover that pops off when it's dropped--but mostly I just don't care. An SD card would be nice, frankly. If there was something otherwise identical to an iPhone which had an SD card slot, I'd probably buy it instead--but there isn't; so (for me) it's still the best phone.
If you need a replaceable battery, then don't buy an iPhone. It really is that simple. My desire to own an iPhone doesn't imply any judgment about the choices you make--just like the existence of my religion isn't an attack on your religion.
Tribalism has appeared across humanity in a number of different forms, but none of them has been as stupid as this obsession with smartphone manufacturers.
I'll use the old burgler alarm problem. Normally, you have some sensor output. It takes on values in one distribution when there is an intruder present, and another distribution when there isn't one. Normally, these probability distributions have some overlap. So one sets a decision threshold such that the cost of a missed detect times the probability of a missed detect equals the cost of a false alarm times the probability of a false alarm. This almost always results in lowest total system costs, and once you get that equality going, it's the best you can do -- you've hit the max dynamic range in this system. (yes, I know I'm misusing that word a little)
The only thing you can to to improve this, is have a better sensor that gives distributions that have less (or no) overlap. That's what I call increasing the dynamic range of a system in this context. There are a lot of ways that work -- in the above case, you might add another type of sensor, and do decisions based on joint probabilities, or signal process the original sensor better -- any of a number of things.
In the case of computer software, there are numerous examples of trying to increase the dynamic range that I consider utter failures. On example is adding a garbage collector to a language to "free" the coder from having to do good design, or even really understand what he's coding. As a result, his program goes off on "demented errands of its own" at random, making it more or less impossible to do things with real time deadlines and reliably meet them -- all we did there was move the threshold, we didn't really improve dynamic range.
Drag drop gui programming with objects comes to mind as another thing of this sort. Yes, you can now leverage code you don't understand, making it possible for monkeys to code. The trouble with that of course is that you enable monkeys to code, and get code written by well, monkeys. While it can be done right, and I know a few devs who do, the main apps that crash on my windows box are all .NET monkey code stuff that you get stuck with when you buy a mass spectrometer, an arbitrary waveform generator, stuff like that (and I'm a linux guy, so I run those windows in virtual box so my whole world doesn't crash when that pure crap does).
The upshot is that true dynamic range improvement is really hard to do. Remember Microsoft's "information at your fingertips" and that new file system Vista was supposed to have that'd find all your photos and organize them for you? Remember the slashdot thread about how interesting that would be when mom looked in here photos and saw your pron? Seemed like a neat idea at the time! But that was so dumb even they figured out it would be a bad idea -- their heart was in the right place, trying to make it easier, but the unintended consequences not so nice; -- and sometimes those are second order (see monkey coding).
True innovation has as a defining characteristic that it improves dynamic range -- the freedom vs responsibility tradeoff. Most things called innovation don't satisfy this, but I'd rather consider that a misuse of language -- like the hacker misuse (without distinguishing it from cracker).
An obvious example that gets the word innovation misused more than most is that handy device many carry around these days -- which is called innovative, even though Dick Tracy cartoons had it at the time of my birth, and all the "innovation" was simply refinement, and most not done by the popular fruit themed company at all, but by chip manufacturers and FOSS coders to tell the truth. We knew back in the '70s that computers were going to get portable and even be able to handle multimedia in our shop -- this isn't innovation, it's mere refinement.
Now, get off my lawn. If it were actually innovative, I'd buy one.
Why guess when you can know? Measure!
Pay no attention to him, he's just doing typical "remember when" old-fart reminiscing or trying and failing miserably at humo(u)r.
American blackberries aren't any bigger than UK blackberries.
(-1, Raw and Uncut is the only way to read)