Slashdot Mirror
Infected Androids Run Up Big Texting Bills
Hugh Pickens writes "Computerworld reports that a rogue Android app is hijacking smartphones and running up big texting bills to premium rate numbers before the owner knows it. Chinese hackers grabbed a copy of Steamy Windows, a free program, added a backdoor Trojan horse to the app's code, then placed the reworked app on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it."
"[...] where unsuspecting or careless Android smartphones find it, download it and install it."
I really dislike careless phones. Perhaps reviewers can test and report which are careful.
I'd also like to know how to make my phone less naive about unauthorised app stores.
Perhaps I should take away my phone's download privileges...
Obviously this means we should abdicate (forcibly, if necessary) all control over our computing devices to large corporations with a vested interest in denying us the ability to use them as we see fit.
You buy stuff from trusted sources. There are a few trusted ones, and none of them have addresses in China.
The people getting these infected apps knew damn well what they were doing. They had to make at lease one nonstandard setting, download in a nonstandard way, and launch the installation in a nonstandard way. Looking for Porn is my guess. I have very little sympathy.
The point is no one falls into this trap using the Google market or the upcoming Amazon market, or a couple others.
Sig Battery depleted. Reverting to safe mode.
Who do you trust: The phone company, the phone, or the user?
If you trust the phone company, then having a cellphone contract option to limit data/text/etc. usage to some cap can mitigate the worst case bill you'll be surprised with.
If you trust the phone, then OS options to limit what an app can do can mitigate worse case damage done.
In either case, you have to trust the user to make the right choices with respect to cellphone contract or app permissions.
I think my problem is that I don't trust any of the above.
More importantly, they had to give the app permission to send texts. Very few apps need that permission.
"Most people don't give a shit about "openness" or being able to install software from any third-party."
Perhaps not, but that is rapidly changing. Even governments are recommending open source and open standards, and those ideas are making it into the mainstream, because their advantages have become too large and obvious to ignore.
Where are you getting pirated software out of this? They're referring to non-Google markets, like Amazon's Appstore, Archos' Appslib, and others.
upon the advice of my lawyer, i have no sig at this time
The apps weren't pirated since the original App was free. This is one of the catches of freedom. You have the freedom to choose and make it yours, but that freedom can also be the freedom to screw yourself over by malicious people. This is why Android phones by default don't allow you to install non-market apps. You can of course turn that off and install any and everything under the sun that works on Android and that it your choice and freedom but it warns you when trying to do it that you can be taking a risk and be careful what you install. (my phone lists it as "Your phone and personal data are more vulnerable to attack by applications from unknown sources. You agree that you are solely responsible for any damage to your phone or loss of data that may result from using these applications") This is a very good popup (and you have to click OK for it to let you do this) that gives a nice, clear, non-legalese warning. Now if your ignore this clearly spelled out warning and still get screwed over, then its your fault and your problem.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
I though open-source was infinitely more secure than "Micro$oft Windoze omglolwut!". Funny I haven't heard about any viruses affecting windows phones.
That's because there isn't enough marketshare.
Sorry, couldn't resist!