Slashdot Mirror
More Malware-Infected Apps Found In Android Market
Trailrunner7 writes "For the third time in the last few months, Google has had to remove a slew of malware-infected apps from the Android Market and suspend some publishers. Ten Android apps in the Official Android Market are known to be infected, but many more could be victims of the Plankton Trojan. Researcher Xuxian Jiang claims that early variants of the Trojan have evaded detection for as long as two months."
you post a list of the infected applications in the freakin summary, so when TFA gets slashdotted, we know what the hell they were?
I'm just saying...
Sooner or later Google will need to do some sort of Quality Control on their store, or they'll just keep making the Marketplace look even less trustworthy and push people to the Amazon store.
...but there's something to be said for iOS being a "closed" platform with a (mostly) strict approval process. There's a lot of controversy about apps getting blocked from the iTunes App Store, but so far there haven't been any significant outbreaks of malware/trojans like the Android platform has had. Caveat: I actively develop for both platforms, so I have no "stake" in either side. Just making a point about the open vs. closed issue in related to PII leakage risks. Let the flaming begin!
Did you send this from an Android phone? It appears that a trojan is stealing some of the words out of your sentences and sending them to a server somewhere.
Why do you not link to the original article?!
You wouldn't install Schkype from Mr Hong on your PC and you should not do that on the phone either!
turns up Sophos' analysis of this "Plankton" malware.
The sample of the EULA associated with the malware app (yes, malware EULAs) lists "Angry Bird Cheater" by name, so there's one of the candidates. Also, quoting the article:
So, "Choopcheec" seems to be a common codeword for the apps. Whatever that is.
Welcome to the Panopticon. Used to be a prison, now it's your home.
In case you're wondering, that's "Author too stupid;didn't read"
When I saw that the author apparently didn't know the difference between 'affect' and 'effect' I gave up.
IMNSHO, If you can't get that right, you don't deserve to be read.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Your comment is indicative of the kind of arrogance that makes people hate so many technically proficient people. Do you even realize how arrogant you are to call people "morons" because they don't happen to have the kind of technical understanding and knowledge that we have? I'm sorry, but it's YOUR ARROGANCE that marks you as the real moron. People have different skills and knowledge. Yours (and mine) happens to be in a technical field, among others, presumably. But you have areas where you don't know anything, too. Everybody does. Just because people don't value YOUR subject area above all others doesn't mean they're morons who are "dumb users." Just as a person who doesn't want to be an auto mechanic isn't a moron when he simply wants his car to work without him futzing with it. You really need to climb down from the high horse and realize that people aren't necessarily morons just because they don't know everything about IT that we know.
I can take a shit in a box, and mark it guaranteed, but then all you'll have is a guaranteed box of shit.
You (and your friends) can't be allowed to stamp your box.
Google would be the obvious choice, though, since they have the biggest investment to lose if this all goes to hell.
Well, you know, I don't especially need a phone. That's for talking to people, and what's the fun in that?
Now, getting into a Wikipedia edit war while driving down the road and eating a Sonic burger... That's fun!
Seriously, though. My HTC isn't a phone, it's a portable computer with telephony capability that I occasionally use.
In other words, you're talking about solving the wrong problem. You want phones that are immune to malware, and as you point out, they're still thick on the ground. I want an ultraportable computer that doesn't get hacked, trojaned, or otherwise attack me without provocation. That's a bit harder.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Well then there are no complaints to be had because the technical people that actually want alternate stores, can jailbreak and use Cydia.
What about non-technical people who want alternate stores?
Why should people have to jailbreak their phone?
Why should jailbreaking be a violation of the EULA?
Why should we have to put up with Apple imposing any barriers whatsoever to using a non-Apple store?
As I see it, there are still lots of complaints about the status quo. The fact that I can hack my way to a semblance of what I want, by violating my EULA, and defeating Apple's software to get it to do what I want isn't a solution.
I want the law on my side.
But then you have to worry about who guards the guardians?
XML is a known as a key material required to create SMD: Software of Mass Destruction
The Android Market in general is pretty broken because of the lack of even a rudimentary review process. The other day I was looking at the new releases in the Sports Games category and there were about 5 or 6 pirated ebooks of Harry Potter, the Twilight Series and several others. Needles to say, this is not only illegal, it's in the wrong category. This has been a problem in the market since its inception and Google still has yet to do anything about it. If they are unwilling to have someone at least look over the titles and categories that an app is placed in before allowing it on the market, in order to cut back on massive copyright and trademark violations and make browsing the store by category possible, why do we think they'll take any preemptive strike against malware? Google doesn't even give Android developers a convenient way to contact them. It seems to me that they wanted the Android Market to be a set it and forget it kinda thing. Will the negatively publicity form the malware for them to change that stance? I doubt it.
Thousands of engineers labored for years to build the hardware and low-level software so that you can prance about writing your Ruby code or whatever the fuck you do that makes you think that you are some sort of tech genius. Those engineers put a lot of effort into making sure that you didn't have to be a semiconductor physics expert in order to use computers and that you weren't going to accidentally set the thing on fire with the wrong set of keystrokes. Compared to those engineers and relative to their turf, you are a moron.
There is value in abstraction. There are a hundred things that you rely on everyday that required some skilled profession to baby-proof and they were happy to do it, because that's what engineers do--and they don't look down their noses at those users as though they are some sort of inferior lifeform.
Not that a closed store stops crap from happening, mind you. Lessens, perhaps, but not stops.
Maybe Google could require an ESRB -style disclosure on what permissions are needed for what (I say ESRB because game developers are required to submit a listing of content that may be offensive/suggestive/etc. with their application for a rating), with real penalties for screwing around. The disclosure could go with the app in the market, putting it up front in a more obvious way that, hey, this Angry Birds level unlocker app requires the ability to make phone calls for ____ reason. Yes, the malware developer could make up reasons and, if they're in, say, China, probably get away without a lawsuit or anything, it should be a red flag to even the least-savvy user. It'd help if it had a timer that prevented you from just rubber-stamping the install buttons without looking in the way that Firefox/etc. have for extension installs.
1. There are alternatives, you can buy an Android phone.
2. If IOS devices made it easy to use another store, then non-technical users would be at more risk. They would get an email that said, "Hey try out this fun app" which would take them to the non-curated store, they would blindly click-through all warnings from the OS and voila, you've got a mobile experience every bit as toxic and unusable as the Windows PC experience--and you've just destroyed Apple's value proposition and their $100B market cap.
What it really boils down to is that most of Apple's critics (a) don't care at all about non-technical users and (b) really want Apple to fail anyway so are happy to argue for Apple to adopt flexibility that would lead to financial disaster for them. Apple fundamentally disagrees on both points so you aren't going to sway them.
But you have other options, see #1.
Alternatively:
1) Install Amazon Appstore, and use it exclusively
This means that the default should be a closed store. It doesn't mean that the phone should not allow additional channels for application installation - they just shouldn't be easily discovered by casual users (e.g. it can be something like about:config in Firefox).